From raymond at PROLOCATION.NET Thu May 1 00:05:23 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:54 2006 Subject: Version 4.15-13 for RedHat Linux - OK In-Reply-To: Message-ID: Hi! > > Only the file perms of the created file are not right: > > -rwxr-xr-x 1 root root 959 Apr 30 22:00 MailScanner > > > > Should be 644 instead... > /etc/sysconfig/* files are usually executable so they can be sourced in > shell scripts. All the ones RedHat is shipping are 644. None of them are having +x Bye, Raymond. From Q.G.Campbell at NEWCASTLE.AC.UK Thu May 1 08:08:39 2003 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:17:54 2006 Subject: SpamAssassin rules - intermittent failures being observed Message-ID: <52E50E4D595DDE4D861117A1FB62E79D22164C@bond.ncl.ac.uk> This site makes heavy use of local rules to tune the behaviour of SA for our environment. I am running MS 4.10-1 and SA 2.43 under RH 7.3. I have begun to notice occasional failures by SA to apply some of it own rules as well as some local rules to messages as they pass through MailScanner + SpamAssassin. The problem appears to be intermittent. The rules that are sometimes missed seem to be the same ones each time. In all cases the rules _are_ correctly applied when a mailbox copy of the messages is run through "spamassassin -t". Running "spamassassin --lint" indicates that the rules are OK and using the "-D" option shows that the correct hierarchy of directories are being searched. Has anybody else experienced behaviour of this kind? Can any SpamAssassin user confirm that a "body" pattern test applies to the headers of the message as well as the body at their site? It certainly does here although the 2.43 writeup implies that the "body" pattern test should only apply to the message body, not the message headers. This anomaly effects the scoring of messages and means that "meta" tests may need to be introduced where the same/similar pattern is used in both a "header" and a "body" rule. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From joan.bryan at KCL.AC.UK Thu May 1 09:26:00 2003 From: joan.bryan at KCL.AC.UK (Joan Bryan) Date: Thu Jan 12 21:17:54 2006 Subject: Too many open files In-Reply-To: <5.2.1.1.2.20030430194920.0274be90@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030430194920.0274be90@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB001175145@pascal.priv.bmrb.co.uk> <5C0296D26910694BB9A9BBFC577E7AB001175145@pascal.priv.bmrb.co.uk> Message-ID: <200305010823.h418N1cV029268@angelo.kcl.ac.uk> Message-ID: Priority: NORMAL X-Mailer: Execmail for Win32 5.1.1 Build (10) MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" On Wed, 30 Apr 2003 19:51:08 +0100 Julian Field wrote: > At 19:34 30/04/2003, you wrote: > >I upgraded MailScanner from 3.21 to 4.19 with Sun solaris 2.7. All goes > >well in lite traffic. > > > >I had a similar problem with some other software on Solaris 2.6 which I > >fixed by adding... > >ulimit -n unlimited > >to that the script that kicks off that process. > > > >You could add that to the init script or check_MailScanner script I > >guess. > > If you are running Solaris, then add this to /etc/system and then reboot: > > * rlim_fd_max = system-wide file descriptors limit > * rlim_fd_cur = per-user file descriptors limit > * Default values are 256 per user and 1024 globally, which is > * far too small for MailScanner, which can use 1000 on its own. > set rlim_fd_max=16384 > set rlim_fd_cur=8192 > I did exactly this in solaris 8, but it had no effect on the number of files that could be opened per mailscanner process (still restricted to 125 per batch), so I shall be trying Kevin's suggestion ... > BTW Make sure you get that change exactly right, or your machine won't boot > :-) > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support ---------------------- Joan Bryan Unix Systems Administrator Information Systems Telephone: +44 (0) 20 7848 2671 mailto:joan.bryan@kcl.ac.uk From mailscanner at ecs.soton.ac.uk Thu May 1 10:02:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:54 2006 Subject: Version 4.15-13 for RedHat Linux - OK In-Reply-To: References: Message-ID: <5.2.1.1.2.20030501100158.027e0950@imap.ecs.soton.ac.uk> At 00:05 01/05/2003, you wrote: >Hi! > > > > Only the file perms of the created file are not right: > > > -rwxr-xr-x 1 root root 959 Apr 30 22:00 MailScanner > > > > > > Should be 644 instead... > > > /etc/sysconfig/* files are usually executable so they can be sourced in > > shell scripts. > >All the ones RedHat is shipping are 644. None of them are having +x Fixed. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Declan.Grady at NUVOTEM.COM Thu May 1 11:02:23 2003 From: Declan.Grady at NUVOTEM.COM (Declan Grady) Date: Thu Jan 12 21:17:54 2006 Subject: Flawless upgrade from version 3 Message-ID: <1051783343.1167.5.camel@declan> Hi list, I just upgraded from 3.xx to 4.14-9, and it was effortless. (well, almost... I did start changing the config files in my old directory /usr/local/MailScanner/etc, before I realised !) Congratulations to Julian on a continued job well done. A Happy MailScanner user for the last year. Declan From mailscanner at ecs.soton.ac.uk Thu May 1 10:57:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:54 2006 Subject: KavDaemonClient (Was Re: F-Secure 4.50 not supported) In-Reply-To: <1051730525.18171.245.camel@nerijus> References: <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <006f01c2f886$495839a0$8801020a@brianmay> <006f01c2f886$495839a0$8801020a@brianmay> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428223600.028269b0@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030430164257.04156bc0@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> Message-ID: <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> I have running 24263 ? S 0:00 /opt/AVP/kavdaemon(Logger) 24264 ? S 0:00 /opt/AVP/kavdaemon -I2 -Y I started up this pair using /opt/AVP/EtcScripts/init.d/kavdaemon.rh start Using the AvpDaemonClient in "Sample1" I can scan for viruses with just a command line of AvpDaemonClient . So that you can download and run my copy, I have tar-ed up the whole /opt/AVP directory (except the licence key file) and put it at http://www.ecs.soton.ac.uk/~jkf/WorkingKav.tgz I would be interested to see whether this setup works for you. At 20:22 30/04/2003, you wrote: >Hello, > >if I replace the last line of kavdaemonclient-wrapper by > >dir=`pwd` >exec ${PackageDir}/$Scanner $ScanOptions ${dir} > >MailScanner finds virus and sends me notification that infected part was >not delivered: > >"Any infected parts of the message (eicar.co infected: >EICAR-Test-File) >have not been delivered." > >The message received by recipient is: > >Warning: This message has had one or more attachments removed >Warning: (eicar.co infected: EICAR-Test-File ). >Warning: Please read the "VirusWarning.txt" attachment(s) for more >information. > >But, instead of VirusWarning.txt there is still eicar.co attached. >What could be wrong? >I use mailscanner-4.14-9 rpm with only the following changes: > >--- MailScanner.conf.orig Fri Apr 4 13:45:49 2003 >+++ MailScanner.conf Mon Apr 28 19:21:58 2003 >@@ -39,7 +39,7 @@ > # performance if you increase this figure. > # > # As a rough guide, try 5 children per CPU. >-Max Children = 5 >+Max Children = 2 > > # User to run as (not normally used for sendmail) > #Run As User = mail >@@ -197,7 +197,7 @@ > # space-separated list of virus scanners. For example: > # Virus Scanners = sophos f-prot mcafee > # >-Virus Scanners = none >+Virus Scanners = kavdaemonclient > > # The maximum length of time the commercial virus scanner is allowed to >run > # for 1 batch of messages (in seconds). >@@ -209,7 +209,7 @@ > # replacement of infected attachments with "VirusWarning.txt" text > # attachments. > # This can also be the filename of a ruleset. >-Deliver Disinfected Files = yes >+Deliver Disinfected Files = no -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From nerijus at USERS.SOURCEFORGE.NET Thu May 1 13:18:52 2003 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:17:54 2006 Subject: KavDaemonClient (Was Re: F-Secure 4.50 not supported) In-Reply-To: <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> References: <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <006f01c2f886$495839a0$8801020a@brianmay> <006f01c2f886$495839a0$8801020a@brianmay> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428223600.028269b0@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030430164257.04156bc0@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> Message-ID: <1051791532.5191.36.camel@nerijus> Kt, 2003-05-01 12:57, Julian Field wrote: > Using the AvpDaemonClient in "Sample1" I can scan for viruses with just a > command line of > AvpDaemonClient . > > So that you can download and run my copy, I have tar-ed up the whole > /opt/AVP directory (except the licence key file) and put it at > http://www.ecs.soton.ac.uk/~jkf/WorkingKav.tgz > > I would be interested to see whether this setup works for you. I found why it works for you and not for me. Earlier I compiled sample clients by just running Makefile.def. Now I compiled by running configure first, and AvpDaemonClient from Sample1 started to find viruses. It has one problem though - it sends files for scanning one by one (I see it from /var/log/kavscan.rpt), while other clients just send directory. But I think we can live with that for now. Please apply the following diff: --- kavdaemonclient-wrapper.orig Fri Apr 4 13:45:50 2003 +++ kavdaemonclient-wrapper Thu May 1 15:15:18 2003 @@ -2,8 +2,8 @@ # kavdaemonclient-wrapper -- invoke Kaspersky Daemon client for use with # mailscanner -# It uses AvpDaemonClient from /opt/AVP/DaemonClients/Sample -# or AvpTeamDream from /opt/AVP/DaemonClients/Sample2 +# It uses AvpDaemonClient from /opt/AVP/DaemonClients/Sample1 +# You should compile it by running ./configure in /opt/AVP/DaemonClients. # # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2001 Julian Field @@ -39,7 +39,6 @@ PackageDir=/usr/local/bin Scanner=AvpDaemonClient -#Scanner=AvpTeamDream ScanOptions="" But the same problem remains - instead of VirusWarning.txt there is still eicar.co attached. Is it a known problem and is it fixed in newest betas? Regards, Nerijus From dot at DOTAT.AT Thu May 1 13:11:44 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:17:54 2006 Subject: Version 4.15-13 for RedHat Linux - OK In-Reply-To: References: Message-ID: Christopher Hicks wrote: > >/etc/sysconfig/* files are usually executable so they can be sourced in >shell scripts. Sourcing a script using the . command doesn't require the script to be executable. Running the script in a different process does. Tony. -- f.a.n.finch http://dotat.at/ SHANNON: VARIABLE 4 BECOMING NORTHWEST 5 TO 7. SHOWERS. MAINLY GOOD. From dot at DOTAT.AT Thu May 1 13:21:13 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:17:54 2006 Subject: Beta 4.15-12 In-Reply-To: References: <1051734437.1262.62.camel@dbeauchemin.si.usherbrooke.ca> <5.2.1.1.2.20030430213548.023b2290@imap.ecs.soton.ac.uk> Message-ID: Mariano Absatz wrote: >This should apply nicely to 4.15-13 and work with any version of Perl5... > >*** SA.pm.old Wed Apr 30 17:34:05 2003 >--- SA.pm Wed Apr 30 17:46:51 2003 >*************** >*** 92,98 **** > # for finding the SpamAssassin libraries > # Use unshift rather than push so that their given location is > # always searched *first* and not last in the include path. >! unshift @INC, "$val/lib/perl5/site_perl/$PERL_VERSION"; > } > # Now we have the path built, try to find the SpamAssassin modules > MailScanner::Log::DieLog("SpamAssassin installation could not be found") >--- 92,99 ---- > # for finding the SpamAssassin libraries > # Use unshift rather than push so that their given location is > # always searched *first* and not last in the include path. >! my $perl_vers =3D $PERL_VERSION < 5.006 ? $PERL_VERSION : sprintf("%vd",$PERL_VERSION); >! unshift @INC, "$val/lib/perl5/site_perl/$perl_vers"; > } > # Now we have the path built, try to find the SpamAssassin modules > MailScanner::Log::DieLog("SpamAssassin installation could not be found") Yes, that looks like about the best that can be done. It's very irritating that it's so incompatible. Tony. -- f.a.n.finch http://dotat.at/ FITZROY SOLE: VARIABLE 4 IN SOLE AT FIRST, OTHERWISE CYCLONIC BECOMING WESTERLY 6 TO GALE 8, OCCASIONALLY SEVERE GALE 9, DECREASING 5 IN WEST. RAIN OR SHOWERS. MODERATE OR GOOD. From mailscanner at ecs.soton.ac.uk Thu May 1 13:57:13 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:54 2006 Subject: KavDaemonClient (Was Re: F-Secure 4.50 not supported) In-Reply-To: <1051791532.5191.36.camel@nerijus> References: <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <006f01c2f886$495839a0$8801020a@brianmay> <006f01c2f886$495839a0$8801020a@brianmay> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428223600.028269b0@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030430164257.04156bc0@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030501135609.04650cb0@imap.ecs.soton.ac.uk> At 13:18 01/05/2003, you wrote: >Kt, 2003-05-01 12:57, Julian Field wrote: > > > Using the AvpDaemonClient in "Sample1" I can scan for viruses with just a > > command line of > > AvpDaemonClient . > > > > So that you can download and run my copy, I have tar-ed up the whole > > /opt/AVP directory (except the licence key file) and put it at > > http://www.ecs.soton.ac.uk/~jkf/WorkingKav.tgz > > > > I would be interested to see whether this setup works for you. > >I found why it works for you and not for me. Earlier I compiled sample >clients by just running Makefile.def. Now I compiled by running >configure first, and AvpDaemonClient from Sample1 started to find >viruses. It has one problem though - it sends files for scanning one by >one (I see it from /var/log/kavscan.rpt), while other clients just send >directory. But I think we can live with that for now. > >Please apply the following diff: > >--- kavdaemonclient-wrapper.orig Fri Apr 4 13:45:50 2003 >+++ kavdaemonclient-wrapper Thu May 1 15:15:18 2003 >@@ -2,8 +2,8 @@ > > # kavdaemonclient-wrapper -- invoke Kaspersky Daemon client for use >with > # mailscanner >-# It uses AvpDaemonClient from /opt/AVP/DaemonClients/Sample >-# or AvpTeamDream from /opt/AVP/DaemonClients/Sample2 >+# It uses AvpDaemonClient from /opt/AVP/DaemonClients/Sample1 >+# You should compile it by running ./configure in >/opt/AVP/DaemonClients. > # > # MailScanner - SMTP E-Mail Virus Scanner > # Copyright (C) 2001 Julian Field >@@ -39,7 +39,6 @@ > > PackageDir=/usr/local/bin > Scanner=AvpDaemonClient >-#Scanner=AvpTeamDream > > ScanOptions="" > >But the same problem remains - instead of VirusWarning.txt there is >still eicar.co attached. Is it a known problem and is it fixed in newest >betas? I have just tested it with a message containing eicar.com and eicar.zip (which in turn contains a second copy of eicar.com) and it successfully spotted and removed both attachments. Please give the latest beta a go with 1 or 2 messages and check you agree. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From michele at BLACKNIGHTSOLUTIONS.COM Thu May 1 15:22:03 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:54 2006 Subject: Inline Signature Query In-Reply-To: <1051797860.5190.54.camel@nerijus> References: <5.2.0.9.2.20030501135609.04650cb0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <006f01c2f886$495839a0$8801020a@brianmay> <006f01c2f886$495839a0$8801020a@brianmay> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428223600.028269b0@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030430164257.04156bc0@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030501135609.04650cb0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.0.20030501161718.02beb990@blacknightsolutions.com> We would like to be able to add a small signature to emails from certain domains. The only way I can see for doing that is by setting the option to sign clean messages to 'yes' and add a rulefile. It doesn't work and complains about the syntax of the signature. Any ideas appreciated. Thanks, Michele Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! From Kevin.Spicer at BMRB.CO.UK Thu May 1 15:38:37 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:17:54 2006 Subject: Inline Signature Query Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF55E@pascal.priv.bmrb.co.uk> > > We would like to be able to add a small signature to emails > from certain > domains. The only way I can see for doing that is by setting > the option to > sign clean messages to 'yes' and add a rulefile. > It doesn't work and complains about the syntax of the signature. > Any ideas appreciated. > Thats the way we do it, would you mind posting an example of how you're trying to do it so we can see what might be wrong with your syntax. (extract from MailScanner.conf & the rules file) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mbowman at UDCOM.COM Thu May 1 15:47:46 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:17:54 2006 Subject: Putting the scorew/ tagged subject Message-ID: Hello, Not sure if this has been addressed before, but I was wondering is it possible to put the spamassassin score in the subject line of tagged e-mail? e.g. {SPAM? email score=4.1}... Also what is the correct syntax for a threshold ruleset Required SpamAssassin Score = /etc/MailScanner/rules/threshold.rules To: *@udcom.com 4 FromTo: default 5 ? Thanks Matthew K Bowman Sys Admin, UDCom From nathan at TCPNETWORKS.NET Thu May 1 16:22:03 2003 From: nathan at TCPNETWORKS.NET (Nathan Johanson) Date: Thu Jan 12 21:17:54 2006 Subject: Qmail Support Revisited? Message-ID: Just curious if Qmail support is on the list of future enhancements? We're may move some of our mail services to Qmail and don't want to lose our beloved MailScanner. We may be willing to pay for the implementation if I can get the powers that be to loosen the purse strings. Not an immediate need, just curious what the word is now. Sincerely, Nathan Johanson Email: nathan@tcpnetworks.net From mailscanner at ecs.soton.ac.uk Thu May 1 16:55:13 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Qmail Support Revisited? In-Reply-To: Message-ID: <5.2.0.9.2.20030501165407.03169df0@imap.ecs.soton.ac.uk> At 16:22 01/05/2003, you wrote: >Just curious if Qmail support is on the list of future enhancements? It's possible, but I still hate qmail. >We're may move some of our mail services to Qmail and don't want to lose >our beloved MailScanner. We may be willing to pay for the implementation >if I can get the powers that be to loosen the purse strings. Not an >immediate need, just curious what the word is now. Try asking Mariano if he fancies doing it for some money, he and a colleague implemented the ZMailer support and so he knows exactly what needs to be done. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 1 16:53:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Putting the scorew/ tagged subject In-Reply-To: Message-ID: <5.2.0.9.2.20030501165236.049698e0@imap.ecs.soton.ac.uk> At 15:47 01/05/2003, you wrote: >Hello, > >Not sure if this has been addressed before, but I was wondering is it >possible to put the spamassassin score in the subject line of tagged >e-mail? > >e.g. > >{SPAM? email score=4.1}... No it isn't I'm afraid. But the "SpamScore" header lets you indicate the spam score in a way that can be filtered automatically by email applications. >Also what is the correct syntax for a threshold ruleset > >Required SpamAssassin Score = /etc/MailScanner/rules/threshold.rules > >To: *@udcom.com 4 >FromTo: default 5 Exactly right. Though you might want to use "FromOrTo:" instead of just "FromTo:" as it is a bit more self-explanatory (but both will work just fine). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From michele at BLACKNIGHTSOLUTIONS.COM Thu May 1 17:08:14 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:55 2006 Subject: Inline Signature Query In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF55E@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.0.20030501172550.03ca5470@blacknightsolutions.com> At 15.38 01/05/2003 +0100, you wrote: >Thats the way we do it, would you mind posting an example of how you're >trying to do it so we can see what might be wrong with your >syntax. (extract from MailScanner.conf & the rules file) I finally got it working - there was a typo in my config! (not the first time or the last) However I am getting this error in the maillog: May 1 17:00:30 camelot MailScanner[28403]: Could not open inline file /opt/MailScanner/etc/reports/en/inline.sig.txt, No such file or directory There is no reference anywhere to that file in the MailScanner.conf - so what is it trying to do? Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ##### Test signature ##### From mailscanner at ecs.soton.ac.uk Thu May 1 17:13:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Inline Signature Query In-Reply-To: <5.2.0.9.0.20030501172550.03ca5470@blacknightsolutions.com> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF55E@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030501171116.0427a938@imap.ecs.soton.ac.uk> At 17:08 01/05/2003, you wrote: >At 15.38 01/05/2003 +0100, you wrote: >>Thats the way we do it, would you mind posting an example of how you're >>trying to do it so we can see what might be wrong with your >>syntax. (extract from MailScanner.conf & the rules file) > >I finally got it working - there was a typo in my config! (not the first >time or the last) > >However I am getting this error in the maillog: >May 1 17:00:30 camelot MailScanner[28403]: Could not open inline file >/opt/MailScanner/etc/reports/en/inline.sig.txt, No such file or directory > >There is no reference anywhere to that file in the MailScanner.conf - so >what is it trying to do? You've hit a little bug I only discovered a few days ago. You possibly don't have a "default" value set in the rules file. Make sure you have a default value of the type FromOrTo: default filename-goes-here You may be able to leave the "filename-goes-here" completely blank, but you do need a "default" line. The inbuilt default default values have the wrong paths in them in some systems. This is fixed in the next release. But it's still always a very good idea to set the default value yourself anyway, as you would have to dig in the code to see what default value is used if you don't set one. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jfalgout at CO.JEFFERSON.CO.US Thu May 1 17:06:48 2003 From: jfalgout at CO.JEFFERSON.CO.US (Jeff Falgout) Date: Thu Jan 12 21:17:55 2006 Subject: OT (Kind of) Opinions on AV Software Message-ID: We are in the process of implementing commercial AV under MailScanner processing 15,000 - 50,000 messages a day on RedHat 8.0/Sendmail gateway. Sophos seems to be used widely on the list. My question is: has the cost of Sophos (2200 users) and the tedious licensing been justified by it's performance and tech support. I've seen Command recommended on the list. The cost for their product is on the other end of the spectrum and the licensing is a breeze. Does it compare to Sophos? are the updates automated with MailScanner as they are with Sophos? Feel free to reply to me off list. Regards Jeff Falgout Systems Administrator Jefferson County, CO jfalgoutATco.jefferson.co.us From raymond at PROLOCATION.NET Thu May 1 17:21:14 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:55 2006 Subject: OT (Kind of) Opinions on AV Software In-Reply-To: Message-ID: Hi! > Sophos seems to be used widely on the list. My question is: has the > cost of Sophos (2200 users) and the tedious licensing been justified by it's > performance and tech support. Sophos isnt exactly a performance monster, i would try f-prot instead. Also better pricing schemes. Bye, Raymond. From michele at BLACKNIGHTSOLUTIONS.COM Thu May 1 17:45:35 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:55 2006 Subject: OT: Ooops! In-Reply-To: <5.2.0.9.0.20030501172550.03ca5470@blacknightsolutions.com> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF55E@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.0.20030501184440.03fbbfe8@blacknightsolutions.com> Apologies for the last mail with the read receipt request - force of habit! Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. Blacknight Solutions accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From michele at BLACKNIGHTSOLUTIONS.COM Thu May 1 17:43:18 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:55 2006 Subject: Inline Signature Query In-Reply-To: <5.2.0.9.2.20030501171116.0427a938@imap.ecs.soton.ac.uk> References: <5.2.0.9.0.20030501172550.03ca5470@blacknightsolutions.com> <5C0296D26910694BB9A9BBFC577E7AB0EBF55E@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.0.20030501182557.02b25610@blacknightsolutions.com> At 17.13 01/05/2003 +0100, you wrote: I got the following error: May 1 17:25:57 camelot MailScanner[30836]: Syntax error in line 1 of ruleset /etc/MailScanner/reports/sig.html.rules May 1 17:25:57 camelot MailScanner[30836]: Aborting due to syntax errors in /etc/MailScanner/reports/sig.html.rules. The files contained: FromOrTo: default From: *@blacknight-solutions.com /etc/MailScanner/reports/blacknight.sig.html From: *@blacknightsolutions.com /etc/MailScanner/reports/blacknight.sig.html From: *@blacknightsolutions.ie /etc/MailScanner/reports/blacknight.sig.html From: *@blacknight-solutions.ie /etc/MailScanner/reports/blacknight.sig.html So... I applied a small bit of logic and created a dummy file Including a reference to the file (which is 0 bytes - completely empty and of no use to anybody) solved the problem FromOrTo: default /etc/MailScanner/reports/dummyfilename >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. Blacknight Solutions accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Thu May 1 18:31:24 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Inline Signature Query In-Reply-To: <5.2.0.9.0.20030501182557.02b25610@blacknightsolutions.com> References: <5.2.0.9.2.20030501171116.0427a938@imap.ecs.soton.ac.uk> <5.2.0.9.0.20030501172550.03ca5470@blacknightsolutions.com> <5C0296D26910694BB9A9BBFC577E7AB0EBF55E@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.2.20030501183040.026413e0@imap.ecs.soton.ac.uk> You may be able to provide "/dev/null" as the filename, but I can't remember for certain. If you can, it will have the same effect as supplying a 0-length file. Use whichever you like. At 17:43 01/05/2003, you wrote: >At 17.13 01/05/2003 +0100, you wrote: > > >I got the following error: > >May 1 17:25:57 camelot MailScanner[30836]: Syntax error in line 1 of >ruleset /etc/MailScanner/reports/sig.html.rules >May 1 17:25:57 camelot MailScanner[30836]: Aborting due to syntax errors >in /etc/MailScanner/reports/sig.html.rules. > >The files contained: >FromOrTo: default >From: >*@blacknight-solutions.com /etc/MailScanner/reports/blacknight.sig.html >From: *@blacknightsolutions.com /etc/MailScanner/reports/blacknight.sig.html >From: *@blacknightsolutions.ie /etc/MailScanner/reports/blacknight.sig.html >From: *@blacknight-solutions.ie /etc/MailScanner/reports/blacknight.sig.html > >So... I applied a small bit of logic and created a dummy file > >Including a reference to the file (which is 0 bytes - completely empty and >of no use to anybody) solved the problem >FromOrTo: default /etc/MailScanner/reports/dummyfilename > > >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > >Mr. Michele Neylon >Blacknight Solutions - affordable linux hosting >http://www.blacknightsolutions.com/ >Shell accounts now available!!! > > >######################################################### >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. Blacknight Solutions >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Thu May 1 18:33:13 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:55 2006 Subject: OT: Ooops! In-Reply-To: <5.2.0.9.0.20030501184440.03fbbfe8@blacknightsolutions.com> Message-ID: Hi! Could you add a rule to cut your signature and advertising crap to lets say 1 line ? Thanks. > Mr. Michele Neylon > Blacknight Solutions - affordable linux hosting > http://www.blacknightsolutions.com/ > Shell accounts now available!!! > > > ######################################################### > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. Blacknight Solutions > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. > From kevins at BMRB.CO.UK Thu May 1 18:40:44 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:55 2006 Subject: Inline Signature Query In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175178@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175178@pascal.priv.bmrb.co.uk> Message-ID: <1051810847.4170.4.camel@bach.kevinspicer.co.uk> So... I applied a small bit of logic and created a dummy file Including a reference to the file (which is 0 bytes - completely empty and of no use to anybody) solved the problem FromOrTo: default /etc/MailScanner/reports/dummyfilename I think you're doing this so that mails that are not from your domain get an empty file appended to them (== no sig)? I noticed (if that was your entire ruleset that you posted) that you are using the same sig file for each domain. Would it not be easier to use a ruleset for 'Sign Clean Messages' and then just specify the files (rather than a ruleset) for 'Inline HTML Signature' and 'Inline Text Signature'? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From steinkel at PA.NET Thu May 1 22:15:45 2003 From: steinkel at PA.NET (Leland J. Steinke) Date: Thu Jan 12 21:17:55 2006 Subject: MS, postfix, and MIME attachments Message-ID: <3EB18E81.1020909@pa.net> Our test box is stock RH9.0, postfix 2.0.9, and MS 4.15-13. We have been testing a one postfix config, rather than the MS-proposed two postfix config. With BOTH configs we get errors of the form: May 1 17:08:29 testbox MailScanner[6651]: Cannot open /var/spool/postfix.in/deferred/1/10D0843B19, No such file or directory The errors would appear to come from PFDiskStore.pm. Is anybody else getting errors like these? I just got my testing done to localize the errors and need to attend to family business, so I cannot investigate further. Thanks, Leland From mailscanner at ecs.soton.ac.uk Fri May 2 00:20:17 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: MS, postfix, and MIME attachments In-Reply-To: <3EB18E81.1020909@pa.net> Message-ID: <5.2.1.1.2.20030502001842.026511b8@imap.ecs.soton.ac.uk> At 22:15 01/05/2003, you wrote: >Our test box is stock RH9.0, postfix 2.0.9, and MS 4.15-13. > >We have been testing a one postfix config, rather than the MS-proposed two >postfix config. With BOTH configs we get errors of the form: > >May 1 17:08:29 testbox MailScanner[6651]: Cannot open >/var/spool/postfix.in/deferred/1/10D0843B19, No such file or directory What do these commands produce? ls -al /var/spool/postfix.in/deferred ls -al /var/spool/postfix.in/deferred/1 >The errors would appear to come from PFDiskStore.pm. Is anybody else getting >errors like these? I just got my testing done to localize the errors and need >to attend to family business, so I cannot investigate further. Any similar reports from anyone? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From danieltan at shopnsave.com.sg Fri May 2 05:06:40 2003 From: danieltan at shopnsave.com.sg (Daniel Tan) Date: Thu Jan 12 21:17:55 2006 Subject: defunct mailscanner References: Message-ID: <02ac01c31060$3d7b4720$3900a8c0@Daniel> removed sa checks then restart mailscanner and it works...removed rpm spamassassin and reinstalled the latest version in .tar.gz format...enabled sa and it works again...thanks... ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Tuesday, April 29, 2003 7:06 PM Subject: Re: defunct mailscanner Hi! > how come when i do a top on my server..i can see mailscanner > beside it.... > another qn....do i need to specify this > ( -ODeliveryMode=queueonly -OQueueDirectory= > /var/spool/mqueue.in) in the latest version of mailscanner in > /etc/rc.d/init.d/sendmail? Most likely due to misconfigurations. I had this for example when i enabled spamassassin and sa wasnt working like it should. Do you have sa installed, and enabled in mailscanner ? If so, please disable it and see if its running afterwards. Bye, Raymond. From apostolus at BLUEYONDER.CO.UK Fri May 2 09:46:52 2003 From: apostolus at BLUEYONDER.CO.UK (apostolus) Date: Thu Jan 12 21:17:55 2006 Subject: MailScanner, f-prot and spamassassin and Sendmail {scanned by martin dominic} Message-ID: Hi group.. new user here.. have a bit of a problem that I've been trying to work out for a coule of weeks now without any joy. I have mailscanner up and running reasonably well but for some reason it seems not to be scanning everything with spamassassin.. 1 in 50 emails might be being scanned for spam and that's about it I have fetchamil collecting/polling with mda being sendmail.. it was procmail with recipies etc but i changed the mda line in fetchmailrc when i installed MailScanner.. (/usr/sbin/sendmail -d apostolus) the problem seems to be that not all incoming mail is checked for spam.. i'm sure my anti virus checking is okay as every time i send out the eicar text attachments they are always detected and MailScanner always sends out the appropriate emails and quarentines the dodgy files.. some spam is detected on one user account but there are another 4 user accounts that don't seem to be checked at all.. one of them gets over 250 spam emails per day... the sort of stuff you would want your kids to see.. as i've really been round the houses with this one, i'd really appreciate some help.. i have suse 7.3, sendmail 8.11, perl 5.6.0 may thanks apost From mailscanner at ecs.soton.ac.uk Fri May 2 12:25:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: MailScanner, f-prot and spamassassin and Sendmail {scanned by martin dominic} In-Reply-To: Message-ID: <5.2.0.9.2.20030502122346.05130eb0@imap.ecs.soton.ac.uk> At 09:46 02/05/2003, you wrote: >Hi group.. new user here.. > >have a bit of a problem that I've been trying to work out for a coule of >weeks now without any joy. > >I have mailscanner up and running reasonably well but for some reason it >seems not to be scanning everything with spamassassin.. 1 in 50 emails >might be being scanned for spam and that's about it > >I have fetchamil collecting/polling with mda being sendmail.. it was >procmail with recipies etc but i changed the mda line in fetchmailrc when i >installed MailScanner.. (/usr/sbin/sendmail -d apostolus) Set up your fetchmail configuration so that it delivers by talking SMTP to "localhost" rather than calling sendmail directly. Are you test spam messages particularly big? There is a "Max SpamAssassin Size" setting in the MailScanner.conf (default is 90k). Also you might want to set "Always Include Spam Report" to yes while you are testing, so you can always see what happened. >the problem seems to be that not all incoming mail is checked for spam.. >i'm sure my anti virus checking is okay as every time i send out the eicar >text attachments they are always detected and MailScanner always sends out >the appropriate emails and quarentines the dodgy files.. some spam is >detected on one user account but there are another 4 user accounts that >don't seem to be checked at all.. one of them gets over 250 spam emails per >day... the sort of stuff you would want your kids to see.. > >as i've really been round the houses with this one, i'd really appreciate >some help.. > >i have suse 7.3, sendmail 8.11, perl 5.6.0 > >may thanks >apost -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From paul.hamilton at sme-ecom.co.uk Fri May 2 13:28:47 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:55 2006 Subject: Filename Rules and double extensions Message-ID: <000001c310a6$61adc6e0$fc32000a@4> Hi all, Can anyone advise, whether this is this possible? We have a user that as part of their company name includes .com They understandably are getting a fair amount of Microsoft office documents quarantined by Mailscanner as the senders of the documents and images are saving them as e.g. customersname.com.doc or customersname.com.ppt etc... Is there any way that we can specify in filename rules the actual filename to be accepted. We appreciate accepting all .com.xxx's would be dangerous but is there someway we could allow customername.com.xxx Many thanks in advance Paul H From jase at SENSIS.COM Fri May 2 13:37:23 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:55 2006 Subject: Archive Mail, Exim and Locking Bug? (was RE: [ MAILSCANNER] Locki ng failing?) Message-ID: Hi Julian. Just wanted to let you know that the modified patch I posted last Friday seems to be working well. I have had this in production now for about 4 days now. Jason > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Friday, April 25, 2003 1:59 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Archive Mail, Exim and Locking > Bug? (was RE: > [ MAILSCANNER] Locki ng failing?) > > > If you can get this thoroughly tested before 1st May, then it > can go in the > new stable release. Otherwise it will have to wait a month or > so. I can put > it out as an "unstable" release though, so don't worry too much. > > The next release will probably be on the first Friday (or possibly the > weekend) after 1st May. I like releasing at awkward times, it > means a few > people test it before Monday morning, which gives me a chance > to fix any > cock-ups. > > At 18:16 25/04/2003, you wrote: > >"Desai, Jason" wrote: > > > > > >Thanks Tony. I had just narrowed it down to losing the > lock when copying > > >the -D file. If you want me to test any patches just let me know. > > > >I'm testing this at the moment. > > > >--- EximDiskStore.pm 27 Mar 2003 17:28:47 -0000 1.7 > >+++ EximDiskStore.pm 25 Apr 2003 16:33:27 -0000 1.8 > >@@ -358,14 +358,22 @@ > > > > > > # Copy a dfile and hfile to a directory > >+# This has to be done in a subprocess in order to avoid > breaking POSIX locks. > > sub CopyToDir { > > my($this,$dir) = @_; > >+ my $pid = fork; > >+ MailScanner::Log::DieLog("fork: $!") if not defined $pid; > >+ if ($pid) { > >+ waitpid $pid, 0; > >+ return; > >+ } > > my $hpath = $this->{hpath}; > > my $dpath = $this->{dpath}; > > my $hfile = basename($hpath); > > my $dfile = basename($dpath); > > copy($hpath, "$dir/$hfile"); > > copy($dpath, "$dir/$dfile"); > >+ exit; > > } > > > > > >@@ -415,8 +423,18 @@ > > if (MailScanner::Config::Value('storeentireasdfqf')) { > > $this->CopyToDir($targetdir); > > } else { > >+ # Do this in a subprocess in order to avoid breaking > POSIX locks. > >+ my $pid = fork; > >+ MailScanner::Log::DieLog("fork: $!") if not defined $pid; > >+ if ($pid) { > >+ waitpid $pid, 0; > >+ return; > >+ } > > my $target = new IO::File "$targetdir/$targetfile", "w"; > >+ MailScanner::Log::DieLog("writing to > $targetdir/$targetfile: $!") > >+ if not defined $target; > > $this->WriteEntireMessage($message, $target); > >+ return; > > } > > > > return 1; > >@@ -447,9 +465,9 @@ > > > > my $pipe = new IO::Pipe; > > my $pid; > >- > >+ > > if (not defined $pipe or not defined ($pid = fork)) { > >- MailScanner::Log::WarnLog("Cannot build message from > $this->{dpath} " . > >+ MailScanner::Log::DieLog("Cannot build message from > $this->{dpath} " . > > "and > $message->{headerspath}, %s", $!); > > } elsif ($pid) { # Parent > > $pipe->reader(); > > > > > >Tony. > >-- > >f.a.n.finch http://dotat.at/ > >MALIN HEBRIDES: EAST OR SOUTHEAST 5 OR 6. RAIN AT TIMES. > MODERATE OR GOOD. > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From mbowman at UDCOM.COM Fri May 2 13:39:41 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:17:55 2006 Subject: Filename Rules and double extensions Message-ID: Sorry forgot to e-mail the list too. ----- Forwarded by Matthew K Bowman/udc on 05/02/2003 08:44 AM ----- Matthew K Bowman 05/02/2003 08:39 AM To: paul.hamilton@sme-ecom.co.uk cc: Subject: Re: Filename Rules and double extensions Hi Paul You can setup Filename Rulesets per domains. Here is an example from my setup In MailScanner.conf Filename rules = /etc/MailScanner/rules/filename.rules.rules In filename.rules.rules FromOrTo: domain.tld /etc/MailScanner/rules/domain.tld.rules In /etc/MailScanner/rules/domain.tld.rules allow \.com$ (effectively replace deny with allow) Save then reload MailScanner HTH Regards, -- Matthew K Bowman Systems Administrator, Universal Digital Communications. Paul Hamilton Sent by: MailScanner mailing list 05/02/2003 08:28 AM Please respond to paul.hamilton To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Filename Rules and double extensions Hi all, Can anyone advise, whether this is this possible? We have a user that as part of their company name includes .com They understandably are getting a fair amount of Microsoft office documents quarantined by Mailscanner as the senders of the documents and images are saving them as e.g. customersname.com.doc or customersname.com.ppt etc... Is there any way that we can specify in filename rules the actual filename to be accepted. We appreciate accepting all .com.xxx's would be dangerous but is there someway we could allow customername.com.xxx Many thanks in advance Paul H From mailscanner at ecs.soton.ac.uk Fri May 2 13:46:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Filename Rules and double extensions In-Reply-To: <000001c310a6$61adc6e0$fc32000a@4> Message-ID: <5.2.0.9.2.20030502134137.050be660@imap.ecs.soton.ac.uk> At 13:28 02/05/2003, you wrote: >Hi all, > >Can anyone advise, whether this is this possible? > >We have a user that as part of their company name >includes .com > >They understandably are getting a fair amount of Microsoft office >documents quarantined by Mailscanner as the senders of the documents >and images are saving them as e.g. customersname.com.doc or >customersname.com.ppt etc... > >Is there any way that we can specify in filename rules the actual >filename to be accepted. We appreciate accepting all .com.xxx's would >be dangerous but is there someway we could allow customername.com.xxx Is all the mail in question coming from or to one particular customername.com? If so, you can start by setting the "Filename Rules" to be a ruleset, so these special rules only applied to that one customer, and didn't apply to anyone else's mail. You could then use a rule that looked like Allow customername\.com - - That would allow all filenames which contained "customername.com" anywhere in the filename, which might be enough. If you just want to allow "customername.com.xxx" where "xxx" is "doc" or "ppt" or something like that, then you could do allow customername\.com\..{3,4} - - This would allow the "xxx" to be 3 or 4 characters long, which you really need to do as not all Windows filename extensions are 3 characters long (e.g. "html" is 4). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 13:47:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Archive Mail, Exim and Locking Bug? (was RE: [ MAILSCANNER] Locki ng failing?) In-Reply-To: Message-ID: <5.2.0.9.2.20030502134639.05093320@imap.ecs.soton.ac.uk> Brilliant. Thanks a lot for letting me know. At 13:37 02/05/2003, you wrote: >Hi Julian. Just wanted to let you know that the modified patch I posted >last Friday seems to be working well. I have had this in production now for >about 4 days now. > >Jason > > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: Friday, April 25, 2003 1:59 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] Archive Mail, Exim and Locking > > Bug? (was RE: > > [ MAILSCANNER] Locki ng failing?) > > > > > > If you can get this thoroughly tested before 1st May, then it > > can go in the > > new stable release. Otherwise it will have to wait a month or > > so. I can put > > it out as an "unstable" release though, so don't worry too much. > > > > The next release will probably be on the first Friday (or possibly the > > weekend) after 1st May. I like releasing at awkward times, it > > means a few > > people test it before Monday morning, which gives me a chance > > to fix any > > cock-ups. > > > > At 18:16 25/04/2003, you wrote: > > >"Desai, Jason" wrote: > > > > > > > >Thanks Tony. I had just narrowed it down to losing the > > lock when copying > > > >the -D file. If you want me to test any patches just let me know. > > > > > >I'm testing this at the moment. > > > > > >--- EximDiskStore.pm 27 Mar 2003 17:28:47 -0000 1.7 > > >+++ EximDiskStore.pm 25 Apr 2003 16:33:27 -0000 1.8 > > >@@ -358,14 +358,22 @@ > > > > > > > > > # Copy a dfile and hfile to a directory > > >+# This has to be done in a subprocess in order to avoid > > breaking POSIX locks. > > > sub CopyToDir { > > > my($this,$dir) = @_; > > >+ my $pid = fork; > > >+ MailScanner::Log::DieLog("fork: $!") if not defined $pid; > > >+ if ($pid) { > > >+ waitpid $pid, 0; > > >+ return; > > >+ } > > > my $hpath = $this->{hpath}; > > > my $dpath = $this->{dpath}; > > > my $hfile = basename($hpath); > > > my $dfile = basename($dpath); > > > copy($hpath, "$dir/$hfile"); > > > copy($dpath, "$dir/$dfile"); > > >+ exit; > > > } > > > > > > > > >@@ -415,8 +423,18 @@ > > > if (MailScanner::Config::Value('storeentireasdfqf')) { > > > $this->CopyToDir($targetdir); > > > } else { > > >+ # Do this in a subprocess in order to avoid breaking > > POSIX locks. > > >+ my $pid = fork; > > >+ MailScanner::Log::DieLog("fork: $!") if not defined $pid; > > >+ if ($pid) { > > >+ waitpid $pid, 0; > > >+ return; > > >+ } > > > my $target = new IO::File "$targetdir/$targetfile", "w"; > > >+ MailScanner::Log::DieLog("writing to > > $targetdir/$targetfile: $!") > > >+ if not defined $target; > > > $this->WriteEntireMessage($message, $target); > > >+ return; > > > } > > > > > > return 1; > > >@@ -447,9 +465,9 @@ > > > > > > my $pipe = new IO::Pipe; > > > my $pid; > > >- > > >+ > > > if (not defined $pipe or not defined ($pid = fork)) { > > >- MailScanner::Log::WarnLog("Cannot build message from > > $this->{dpath} " . > > >+ MailScanner::Log::DieLog("Cannot build message from > > $this->{dpath} " . > > > "and > > $message->{headerspath}, %s", $!); > > > } elsif ($pid) { # Parent > > > $pipe->reader(); > > > > > > > > >Tony. > > >-- > > >f.a.n.finch http://dotat.at/ > > >MALIN HEBRIDES: EAST OR SOUTHEAST 5 OR 6. RAIN AT TIMES. > > MODERATE OR GOOD. > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From nerijus at USERS.SOURCEFORGE.NET Fri May 2 14:34:54 2003 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:17:55 2006 Subject: KavDaemonClient (Was Re: F-Secure 4.50 not supported) In-Reply-To: <1051797860.5190.54.camel@nerijus> References: <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <006f01c2f886$495839a0$8801020a@brianmay> <006f01c2f886$495839a0$8801020a@brianmay> <5.2.0.9.2.20030428173535.02cc5058@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428184237.02303c80@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030428223600.028269b0@imap.ecs.soton.ac.uk> <1051570427.18171.100.camel@nerijus> <5.2.1.1.2.20030429183541.03e27c68@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030430164257.04156bc0@imap.ecs.soton.ac.uk> <1051719625.18172.226.camel@nerijus> <5.2.1.1.2.20030501105049.041e3d00@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030501135609.04650cb0@imap.ecs.soton.ac.uk> <1051797860.5190.54.camel@nerijus> Message-ID: <1051882494.20819.131.camel@nerijus> Kt, 2003-05-01 17:04, Nerijus Baliunas wrote: > It works with eicar.co.rar, but eicar.co, attached as a text file (maybe > that is a problem?): > is still attached in a message received by user, although the message > text says "This message has had one or more attachments removed". If I use kaspersky instead of kavdaemonclient it works OK. I found some differences in messages sent by MailScanner to virus sender and admin: *kavdaemonclient*: 1. Any infected parts of the message (eicar.co infected: EICAR-Test-File) have not been delivered. Report: Found viruses: eicar.co infected: EICAR-Test-File to admin - Report: Found viruses: ./h42DLqx01617/eicar.co infected: EICAR-Test-File 2. Any infected parts of the message (eicar.co.rar) have not been delivered. Report: eicar.co.rar/eicar.co infected: EICAR-Test-File to admin - Report: ./h42DN8x01661/eicar.co.rar/eicar.co infected: EICAR-Test-File *kaspersky*: 3. Any infected parts of the message (eicar.co) have not been delivered. Report: eicar.co infected: EICAR-Test-File to admin - Report: /var/spool/MailScanner/incoming/1265/h42CiiT01291/eicar.co infected: EICAR-Test-File In messages 2 and 3 there was VirusWarning.txt attached, message 1 had still eicar.co attached. There are some differences in all 3 messages, and there is a TAB between 'eicar.co' and 'infected:' in kavdaemonclient messages. In the 1st (bad) case there is "Found viruses:" after "Report:". Regards, Nerijus From miguel.montoya at CALIDAD.TELETULUA.COM.CO Fri May 2 14:03:15 2003 From: miguel.montoya at CALIDAD.TELETULUA.COM.CO (Miguel Fernando Montoya Martinez) Date: Thu Jan 12 21:17:55 2006 Subject: Mailscanner Defunct Message-ID: Hello, i am running mailscanner on linux server but the proccess say "mailsccaner defunct" Atentamente, _________________________________________ Ing. MIGUEL FERNANDO MONTOYA MARTINEZ Jefe de Servicios Telem?ticos Miguel.Montoya@teletulua.com.co TELETULUA S.A. E.S.P. Calle 28 No. 25-61 Tulu?, (Valle del Cauca), Colombia Tel: 57+2+2242033 (235) Fax: 57+2+2242984 MSN mimontoy Registro linux 159945 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030502/695489d9/attachment.html From raymond at PROLOCATION.NET Fri May 2 14:53:43 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:55 2006 Subject: Mailscanner Defunct In-Reply-To: Message-ID: Hi! > Hello, i am running mailscanner on linux server but the proccess say "mailsccaner defunct" Please supply some more information about your configuration. What mailer, what os, what extra's ect ect ect Please dont expect us to be mindreaders. thanks, Raymond. From paul.hamilton at sme-ecom.co.uk Fri May 2 15:20:12 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:55 2006 Subject: Filename Rules and double extensions In-Reply-To: <017d01c310a9$8db06150$fd32000a@4> Message-ID: <000001c310b5$f22bfd40$fc32000a@4> You could then use a rule that looked like Allow customername\.com - - That would allow all filenames which contained "customername.com" anywhere in the filename, which might be enough. If you just want to allow "customername.com.xxx" where "xxx" is "doc" or "ppt" or something like that, then you could do allow customername\.com\..{3,4} - - This would allow the "xxx" to be 3 or 4 characters long, which you really need to do as not all Windows filename extensions are 3 characters long (e.g. "html" is 4). Would it also work if we named the specific file endings? i.e. allow customername.com.doc allow customername.com.xls etc........ Just feel this ties it down a bit tighter. Are we right in thinking that these attachments will still be scanned for known viruses by MS? Regards Paul H -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Fri May 2 15:17:55 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:17:55 2006 Subject: Domain report In-Reply-To: Message-ID: <000d01c310b5$a0472d10$6f01a8c0@AlanRoss.local> Is it possible to extract spam report by domain name if the mail server is handling mail for more than one domain? -Sanjay From mailscanner at ecs.soton.ac.uk Fri May 2 15:13:20 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: ANNOUNCE: Version 4.20 released Message-ID: <5.2.0.9.2.20030502150850.050a5e28@imap.ecs.soton.ac.uk> I have just released the new version 4.20. The major new features for this release are support for Postfix and ZMailer. However, as usual, there are far more improvements and fixes than that. Download as usual from www.mailscanner.info. The ChangeLog is as follows: * New Features and Improvements * - Postfix support. - ZMailer support. - "Archive Mail" feature can now append directly to "mbox"-format files (they must exist so it can tell you don't mean directories!), as well as save to directories or forward to email addresses. - f-prot-wrapper improved to handle ram disks better. - mcafee-autoupdate replaced with version from Tony Finch. - ClamAV autoupdate script improved to report when no updates were needed. - Improved old NOD32 versions parser. - Sophos.install script improved to create links for Perl-SAVI module. - RPM init.d scripts improved to handle sendmail, Postfix and Exim systems. - In MailScanner.conf and rulesets, "_" characters embedded in numbers are allowed but ignored. - Addition of "Advanced SpamAssassin Settings", one of which is required when using Postfix. - Changed default SpamAssassin timeout to 40 seconds to work around problem of SpamAssassin's own internal DNS RBL timeout being 30 seconds. - Check to ensure home dir is writable now gives guidance for Postfix users. - Updated BSD installation instructions. - Increased the Minimum Code Status of a bunch of the scanners which haven't had any reported problems for a long time. - Updated spam.assassin.prefs.conf removing keywords which are no longer valid or have no effect on MailScanner. - Added Czech translation. - New improved SQL logging code in CustomConfig.pm (upgrading will not over-write your existing CustomConfig.pm if you have modified it at all). - Now all distributions come compressed. * Fixes * - Fix to problem caused when adding text onto the end of a multi-line Subject: header to mark that a message has been scanned. - Fixed problem where SpamAssassin score between 0 and 1 would not produce a "SpamScore" header. - Fixed bug in configuration compiler affecting empty default values for 'Archive Mail' rulesets. - Fixed bug where default rule in "Language Strings" rule was not read properly. - Fixed bug in ClamAV parser when including scanner name on the front of the virus reports. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jaearick at COLBY.EDU Fri May 2 15:40:50 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:17:55 2006 Subject: MS hangs, unkillable process Message-ID: Julian, This has bitten me twice this week. Nothing has changed recently on my mail server, honest. Setup: Sun E220R, Solaris 8, MS 4.14-9, SA 2.53, sophos 3.68, sophossavi. I rotate my syslogs at midnight. Before I stop syslogd, I stop MailScanner in my cron job. Then I shuffle the syslog files around, restart syslogd, then restart MailScanner. MailScanner doesn't restart. The next morning, I find one unkillable MS process sitting there. "kill -9" won't nuke it and I have to reboot to get things going again. And or course, I have 2K to 3K of backlog from the nighttime that MS has to munch thru, work that can take a couple of hours. Any ideas, other than maybe install the 4.15 beta? Do you think that sophossavi might be the problem (my last big change, about a month ago)? ----------------------------------- Jeff A. Earickson, Ph.D Senior UNIX Sysadmin and Email Guru Information Technology Services Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 phone: 207-872-3659 (fax = 3076) ----------------------------------- Helen of Pi: the face that launched slightly more than 3 ships. From raymond at PROLOCATION.NET Fri May 2 15:45:16 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:55 2006 Subject: MS hangs, unkillable process In-Reply-To: Message-ID: Hi! > and I have to reboot to get things going again. And or course, I > have 2K to 3K of backlog from the nighttime that MS has to munch > thru, work that can take a couple of hours. Any ideas, other than > maybe install the 4.15 beta? Do you think that sophossavi might > be the problem (my last big change, about a month ago)? You could give 4.20 a try :) Bye, Raymond. From raymond at PROLOCATION.NET Fri May 2 15:48:10 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:55 2006 Subject: ANNOUNCE: Version 4.20 released In-Reply-To: <5.2.0.9.2.20030502150850.050a5e28@imap.ecs.soton.ac.uk> Message-ID: Hi Julian, > * New Features and Improvements * You might want to change the version number on the site: 2/5/2003 Released version 2.40. Most important improvements for this release are support for Postfix and ZMailer systems. Lots of other improvements and a few fixes, see the ChangeLog for more detailed information. 2.40 -> 4.20 :) Bye, Raymond. From steinkel at PA.NET Fri May 2 15:49:47 2003 From: steinkel at PA.NET (Leland J. Steinke) Date: Thu Jan 12 21:17:55 2006 Subject: MS, postfix, and MIME attachments References: <5.2.1.1.2.20030502001842.026511b8@imap.ecs.soton.ac.uk> Message-ID: <3EB2858B.5020901@pa.net> Julian Field wrote: > At 22:15 01/05/2003, you wrote: > >> Our test box is stock RH9.0, postfix 2.0.9, and MS 4.15-13. >> >> We have been testing a one postfix config, rather than the MS-proposed >> two >> postfix config. With BOTH configs we get errors of the form: >> >> May 1 17:08:29 testbox MailScanner[6651]: Cannot open >> /var/spool/postfix.in/deferred/1/10D0843B19, No such file or directory > > > What do these commands produce? > ls -al /var/spool/postfix.in/deferred > ls -al /var/spool/postfix.in/deferred/1 when I inserted the appropriate "ls" statements into MailScanner, I found that they are empty after HandleSpam is called. Our spam actions on the test box were "store, deliver". When I removed the "store" action, the messages flowed. I will continue investigating in and around CopyEntireMessage. Leland From mailscanner at LISTS.COM.AR Fri May 2 15:52:44 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:17:55 2006 Subject: ANNOUNCE: Version 4.20 released In-Reply-To: References: <5.2.0.9.2.20030502150850.050a5e28@imap.ecs.soton.ac.uk> Message-ID: <3EB25C0C.5637.22B90C5A@localhost> And maybe also adding the small zmailer.shtml I sent you in http://www.sng.ecs.soton.ac.uk/mailscanner/install/ Or you'd rather want me to put it in the faq? El 2 May 2003 a las 16:48, Raymond Dijkxhoorn escribi?: > Hi Julian, > > > * New Features and Improvements * > > You might want to change the version number on the site: > > 2/5/2003 Released version 2.40. Most important improvements for this > release are support for Postfix and ZMailer systems. Lots of other > improvements and a few fixes, see the ChangeLog for more detailed > information. > > 2.40 -> 4.20 :) > > Bye, > Raymond. -- Mariano Absatz El Baby ---------------------------------------------------------- It's hard to be humble when you're perfect. From mailscanner at ecs.soton.ac.uk Fri May 2 16:15:20 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: ANNOUNCE: Version 4.20 released In-Reply-To: References: <5.2.0.9.2.20030502150850.050a5e28@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030502161517.051fafd8@imap.ecs.soton.ac.uk> Fixed. At 15:48 02/05/2003, you wrote: >Hi Julian, > > > * New Features and Improvements * > >You might want to change the version number on the site: > >2/5/2003 Released version 2.40. Most important improvements for this >release are support for Postfix and ZMailer systems. Lots of other >improvements and a few fixes, see the ChangeLog for more detailed >information. > >2.40 -> 4.20 :) > >Bye, >Raymond. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 16:15:44 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: ANNOUNCE: Version 4.20 released In-Reply-To: <3EB25C0C.5637.22B90C5A@localhost> References: <5.2.0.9.2.20030502150850.050a5e28@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030502161523.051d2218@imap.ecs.soton.ac.uk> I had linked it in and everything, I just forgot to post the updated pages to the web site :-( Fixed now :-) At 15:52 02/05/2003, you wrote: >And maybe also adding the small zmailer.shtml I sent you in >http://www.sng.ecs.soton.ac.uk/mailscanner/install/ > >Or you'd rather want me to put it in the faq? > >El 2 May 2003 a las 16:48, Raymond Dijkxhoorn escribi?: > > > Hi Julian, > > > > > * New Features and Improvements * > > > > You might want to change the version number on the site: > > > > 2/5/2003 Released version 2.40. Most important improvements for this > > release are support for Postfix and ZMailer systems. Lots of other > > improvements and a few fixes, see the ChangeLog for more detailed > > information. > > > > 2.40 -> 4.20 :) > > > > Bye, > > Raymond. > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >It's hard to be humble when you're perfect. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Fri May 2 16:17:30 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:55 2006 Subject: ANNOUNCE: Version 4.20 released In-Reply-To: <5.2.0.9.2.20030502150850.050a5e28@imap.ecs.soton.ac.uk> Message-ID: Hi Julian, > I have just released the new version 4.20. > - ClamAV autoupdate script improved to report when no updates were needed. > - Fixed bug in ClamAV parser when including scanner name on the front of > the virus reports. Thanks. Seems to work just fine, both. I installed 4.20-1 and all seems to run just fine. Large upgrade this time, a lot of improvements/features, congrats. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Fri May 2 16:34:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Domain report In-Reply-To: <000d01c310b5$a0472d10$6f01a8c0@AlanRoss.local> References: Message-ID: <5.2.0.9.2.20030502163340.05200fa0@imap.ecs.soton.ac.uk> At 15:17 02/05/2003, you wrote: >Is it possible to extract spam report by domain name if the mail server is >handling mail for more than one domain? Take a look in the maillog, assuming you have "Log Spam = yes" set in your MailScanner.conf. If that doesn't provide enough information, take a look at the SQL Logging code in CustomConfig.pm to see if you understand enough of it to be able to modify and add to it :) If you need more help, get back to me. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 16:42:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: MS hangs, unkillable process In-Reply-To: Message-ID: <5.2.0.9.2.20030502163711.051bac58@imap.ecs.soton.ac.uk> At 15:40 02/05/2003, you wrote: >Julian, > > This has bitten me twice this week. Nothing has changed recently >on my mail server, honest. Setup: Sun E220R, Solaris 8, MS 4.14-9, >SA 2.53, sophos 3.68, sophossavi. I rotate my syslogs at midnight. >Before I stop syslogd, I stop MailScanner in my cron job. Then >I shuffle the syslog files around, restart syslogd, then restart >MailScanner. There is no reason to restart MailScanner in that situation. All you need to do is rotate all your syslogs, "kill -HUP" your syslogd and that's it. There is no reason to stop it at all. If you actually stop syslogd, you run the risk of losing logs for the time this process takes to do. See /usr/lib/newsyslog. > MailScanner doesn't restart. The next morning, I find >one unkillable MS process sitting there. "kill -9" won't nuke it >and I have to reboot to get things going again. And or course, I >have 2K to 3K of backlog from the nighttime that MS has to munch >thru, work that can take a couple of hours. Any ideas, other than >maybe install the 4.15 beta? Do you think that sophossavi might >be the problem (my last big change, about a month ago)? It should still log something if it fails to talk to the sophossavi Perl module. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 16:36:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: Filename Rules and double extensions In-Reply-To: <000001c310b5$f22bfd40$fc32000a@4> References: <017d01c310a9$8db06150$fd32000a@4> Message-ID: <5.2.0.9.2.20030502163501.044c6858@imap.ecs.soton.ac.uk> At 15:20 02/05/2003, you wrote: >You could then use a rule that looked like >Allow customername\.com - - >That would allow all filenames which contained "customername.com" anywhere >in the filename, which might be enough. If you just want to allow >"customername.com.xxx" where "xxx" is "doc" or "ppt" or something like >that, then you could do >allow customername\.com\..{3,4} - - >This would allow the "xxx" to be 3 or 4 characters long, which you really >need to do as not all Windows filename extensions are 3 characters long >(e.g. "html" is 4). > >Would it also work if we named the specific file endings? i.e. >allow customername.com.doc >allow customername.com.xls >etc........ >Just feel this ties it down a bit tighter. Remember to put a '\' in front of each '.' as it is actually a regular expression, and a '.' on its own means "any character". And remember to add the 2 '-' signs on the end of the line so that there are 4 fields on each line, which should be separated by tab characters and not just spaces. >Are we right in thinking that these attachments will still be scanned for >known viruses by MS? Yes, indeed. It only affects the filename matching. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 17:14:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: MS, postfix, and MIME attachments In-Reply-To: <3EB2858B.5020901@pa.net> References: <5.2.1.1.2.20030502001842.026511b8@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030502164256.04f73650@imap.ecs.soton.ac.uk> At 15:49 02/05/2003, you wrote: >Julian Field wrote: >>At 22:15 01/05/2003, you wrote: >> >>>Our test box is stock RH9.0, postfix 2.0.9, and MS 4.15-13. >>> >>>We have been testing a one postfix config, rather than the MS-proposed >>>two >>>postfix config. With BOTH configs we get errors of the form: >>> >>>May 1 17:08:29 testbox MailScanner[6651]: Cannot open >>>/var/spool/postfix.in/deferred/1/10D0843B19, No such file or directory >> >> >>What do these commands produce? >> ls -al /var/spool/postfix.in/deferred >> ls -al /var/spool/postfix.in/deferred/1 > >when I inserted the appropriate "ls" statements into MailScanner, I found that >they are empty after HandleSpam is called. They can't both be empty, as ".../deferred" contains ".../deferred/1" :-) What is the output of the 2 "ls -al" commands? > Our spam actions on the test box >were "store, deliver". When I removed the "store" action, the messages >flowed. > >I will continue investigating in and around CopyEntireMessage. Fixed in 4.20-2. Mariano --- You might want to check the CopyEntireMessage function in your ZMailer code. I think it suffers the same problem. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From brad at LTINETWORKS.COM Fri May 2 17:26:01 2003 From: brad at LTINETWORKS.COM (Brad White) Date: Thu Jan 12 21:17:55 2006 Subject: f-prot autoupdate Message-ID: <561AAE0556C2594B815E391DDF5F0CC52B44C6@exchange.lscom.net> I've noticed a problem with the f-prot autoupdate script. For some reason this script often takes forever to download the updates. I must have poor connectivity to the f-prot servers. When the autoupdate script is fired off and waiting, and waiting, and waiting...MailScanner stops processing mail. Mail just piles up in /var/spool/mqueue.in. As soon as I kill the autoupdate script mail starts being processed again. Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030502/ce36582a/attachment.html From Kevin at MICA.NET Fri May 2 17:38:48 2003 From: Kevin at MICA.NET (Kevin Hanser) Date: Thu Jan 12 21:17:55 2006 Subject: Mailscanner / Spamassassin working, but not adding headers Message-ID: <8B699873CEBA3543926B467E76808232034652@sol.hq.mica.net> Oh yea, it's running great actually... We just configured it to quarantine spam instead of deliver it, and it's definitely collecting spam in the quarantine. It's weird, because before when it was set to deliver, the subject line of the message was being changed (to include {Spam?}), indicating that it was going thru MS... Just the headers aren't being added. Really strange... However, since the client decided they wanted to quarantine rather than deliver, it isn't affecting the operation of their spam filtering... It's just a weird problem now that I'm curious about :) k -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: Wednesday, April 30, 2003 14:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner / Spamassassin working, but not adding headers Hi! > Already got both of those set to yes, actually... That's the weird > thing. Everything seems to be working fine, just the extra headers > aren't there... Are you sure your mail is even passing MS ? Not a plain sendmail running that empty's the queue ? Bye, Raymond. From jase at SENSIS.COM Fri May 2 17:57:45 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:55 2006 Subject: MS hangs, unkillable process Message-ID: I've found (at least with syslog-ng on Debian) that I need to restart MailScanner when I rotate my syslogs. Otherwise MailScanner does not log again until it restarts. Jason > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Friday, May 02, 2003 11:43 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] MS hangs, unkillable process > > > At 15:40 02/05/2003, you wrote: > >Julian, > > > > This has bitten me twice this week. Nothing has changed recently > >on my mail server, honest. Setup: Sun E220R, Solaris 8, MS 4.14-9, > >SA 2.53, sophos 3.68, sophossavi. I rotate my syslogs at midnight. > >Before I stop syslogd, I stop MailScanner in my cron job. Then > >I shuffle the syslog files around, restart syslogd, then restart > >MailScanner. > > There is no reason to restart MailScanner in that situation. > All you need to do is rotate all your syslogs, "kill -HUP" > your syslogd and > that's it. There is no reason to stop it at all. > If you actually stop syslogd, you run the risk of losing logs > for the time > this process takes to do. > > See /usr/lib/newsyslog. > > > MailScanner doesn't restart. The next morning, I find > >one unkillable MS process sitting there. "kill -9" won't nuke it > >and I have to reboot to get things going again. And or course, I > >have 2K to 3K of backlog from the nighttime that MS has to munch > >thru, work that can take a couple of hours. Any ideas, other than > >maybe install the 4.15 beta? Do you think that sophossavi might > >be the problem (my last big change, about a month ago)? > > It should still log something if it fails to talk to the > sophossavi Perl > module. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From mailscanner at ecs.soton.ac.uk Fri May 2 17:55:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: f-prot autoupdate In-Reply-To: <561AAE0556C2594B815E391DDF5F0CC52B44C6@exchange.lscom.net> Message-ID: <5.2.1.1.2.20030502175257.022cddd0@imap.ecs.soton.ac.uk> At 17:26 02/05/2003, you wrote: >Ive noticed a problem with the f-prot autoupdate script. For some reason >this script often takes forever to download the updates. I must have poor >connectivity to the f-prot servers. When the autoupdate script is fired >off and waiting, and waiting, and waiting&MailScanner stops processing >mail. Mail just piles up in /var/spool/mqueue.in. As soon as I kill the >autoupdate script mail starts being processed again. To start with, it contacts http://updates.f-prot.com. If that fails or times out, it drops back to trying ftp://ftp.f-prot.com/pub/. Try contacting them by hand and see what happens. You can always scatter "print" statements throughout the important bits of the script to see exactly where it gets stuck. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 18:00:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: MS hangs, unkillable process In-Reply-To: Message-ID: <5.2.1.1.2.20030502180014.022fee68@imap.ecs.soton.ac.uk> At 17:57 02/05/2003, you wrote: >I've found (at least with syslog-ng on Debian) that I need to restart >MailScanner when I rotate my syslogs. Otherwise MailScanner does not log >again until it restarts. Is that also true when you just "kill -HUP" the syslogd instead of restarting it? >Jason > > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: Friday, May 02, 2003 11:43 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] MS hangs, unkillable process > > > > > > At 15:40 02/05/2003, you wrote: > > >Julian, > > > > > > This has bitten me twice this week. Nothing has changed recently > > >on my mail server, honest. Setup: Sun E220R, Solaris 8, MS 4.14-9, > > >SA 2.53, sophos 3.68, sophossavi. I rotate my syslogs at midnight. > > >Before I stop syslogd, I stop MailScanner in my cron job. Then > > >I shuffle the syslog files around, restart syslogd, then restart > > >MailScanner. > > > > There is no reason to restart MailScanner in that situation. > > All you need to do is rotate all your syslogs, "kill -HUP" > > your syslogd and > > that's it. There is no reason to stop it at all. > > If you actually stop syslogd, you run the risk of losing logs > > for the time > > this process takes to do. > > > > See /usr/lib/newsyslog. > > > > > MailScanner doesn't restart. The next morning, I find > > >one unkillable MS process sitting there. "kill -9" won't nuke it > > >and I have to reboot to get things going again. And or course, I > > >have 2K to 3K of backlog from the nighttime that MS has to munch > > >thru, work that can take a couple of hours. Any ideas, other than > > >maybe install the 4.15 beta? Do you think that sophossavi might > > >be the problem (my last big change, about a month ago)? > > > > It should still log something if it fails to talk to the > > sophossavi Perl > > module. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From brad at LTINETWORKS.COM Fri May 2 18:03:06 2003 From: brad at LTINETWORKS.COM (Brad White) Date: Thu Jan 12 21:17:55 2006 Subject: f-prot autoupdate Message-ID: <561AAE0556C2594B815E391DDF5F0CC52B44C8@exchange.lscom.net> It gets stuck connecting to the ftp site. If I try by hand I connect, but it sometimes takes hours(I'm not kidding) to get the login prompt. Are there any US based f-prot mirror servers? I have the same problem if I go to f-prot's web site and try to download definition files from there. Brad -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Friday, May 02, 2003 9:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: f-prot autoupdate At 17:26 02/05/2003, you wrote: >Ive noticed a problem with the f-prot autoupdate script. For some reason >this script often takes forever to download the updates. I must have poor >connectivity to the f-prot servers. When the autoupdate script is fired >off and waiting, and waiting, and waiting&MailScanner stops processing >mail. Mail just piles up in /var/spool/mqueue.in. As soon as I kill the >autoupdate script mail starts being processed again. To start with, it contacts http://updates.f-prot.com. If that fails or times out, it drops back to trying ftp://ftp.f-prot.com/pub/. Try contacting them by hand and see what happens. You can always scatter "print" statements throughout the important bits of the script to see exactly where it gets stuck. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From jase at SENSIS.COM Fri May 2 18:03:31 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:55 2006 Subject: MS hangs, unkillable process Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Friday, May 02, 2003 1:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] MS hangs, unkillable process > > > At 17:57 02/05/2003, you wrote: > >I've found (at least with syslog-ng on Debian) that I need to restart > >MailScanner when I rotate my syslogs. Otherwise MailScanner > does not log > >again until it restarts. > > Is that also true when you just "kill -HUP" the syslogd instead of > restarting it? Yes. (I just checked right now to make sure). Jason From kevins at BMRB.CO.UK Fri May 2 18:29:47 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:55 2006 Subject: f-prot autoupdate In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117519E@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117519E@pascal.priv.bmrb.co.uk> Message-ID: <1051896587.4169.11.camel@bach.kevinspicer.co.uk> You could always use something like fmirror to mirror the update files onto your machine & then get the update script to pick them up from there. On Fri, 2003-05-02 at 18:03, Brad White wrote: It gets stuck connecting to the ftp site. If I try by hand I connect, but it sometimes takes hours(I'm not kidding) to get the login prompt. Are there any US based f-prot mirror servers? I have the same problem if I go to f-prot's web site and try to download definition files from there. Brad -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Friday, May 02, 2003 9:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: f-prot autoupdate At 17:26 02/05/2003, you wrote: >Ive noticed a problem with the f-prot autoupdate script. For some reason >this script often takes forever to download the updates. I must have poor >connectivity to the f-prot servers. When the autoupdate script is fired >off and waiting, and waiting, and waiting&MailScanner stops processing >mail. Mail just piles up in /var/spool/mqueue.in. As soon as I kill the >autoupdate script mail starts being processed again. To start with, it contacts http://updates.f-prot.com. If that fails or times out, it drops back to trying ftp://ftp.f-prot.com/pub/. Try contacting them by hand and see what happens. You can always scatter "print" statements throughout the important bits of the script to see exactly where it gets stuck. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Fri May 2 18:38:45 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:55 2006 Subject: Mailscanner / Spamassassin working, but not adding headers In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117519A@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117519A@pascal.priv.bmrb.co.uk> Message-ID: <1051897126.4169.20.camel@bach.kevinspicer.co.uk> .... , the subject line of the message was being changed (to include {Spam?}), indicating that it was going thru MS... Just the headers aren't being added. Really strange... However, since the client decided they wanted to quarantine rather than deliver, it isn't affecting the operation of their spam filtering... It's just a weird problem now that I'm curious about :) I'm probably completely off-base here but I just thought I'd throw in this experience of mine on the off-chance it might be relevant. I use either Outlook or Evolution to connect to our exchange (2000) server (depending on whether I'm on my Windows or Linux box). I got very worried one day when I noticed from within Evolution that my mail wasn't getting any headers added by MailScanner. Checking the same messages on my Windows box using Outlook the headers were there! It turned out that when Exchange is acting as an IMAP server it rewrites the mail it supplies to IMAP clients. Unfortunately there doesn't seem to be a way to prevent this (doubly annoying because it thwarted my attempt to use public folders to feed messages back to SpamAssassin). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From paul.hamilton at sme-ecom.co.uk Fri May 2 19:01:04 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:55 2006 Subject: X-Headers - Spamassassin Message-ID: <000101c310d4$ceb53880$fc32000a@4> Hi All, Can anybody advise us where within Spamassassins config we could change the output within the X-Headers. We would like to change 'Spamassassin' Thanks in advance Paul H From mailscanner at ecs.soton.ac.uk Fri May 2 19:13:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:55 2006 Subject: X-Headers - Spamassassin In-Reply-To: <000101c310d4$ceb53880$fc32000a@4> Message-ID: <5.2.1.1.2.20030502191240.04241b10@imap.ecs.soton.ac.uk> At 19:01 02/05/2003, you wrote: >Can anybody advise us where within Spamassassins config we could change the >output within the X-Headers. >We would like to change 'Spamassassin' It's hard-wired at the moment. It's in the code at line 368 of Message.pm (which is in /usr/lib/MailScanner/MailScanner or /opt/MailScanner/lib/MailScanner). You are welcome to change it there. I guess I should move it to the languages.conf file... -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Kevin at MICA.NET Fri May 2 19:51:45 2003 From: Kevin at MICA.NET (Kevin Hanser) Date: Thu Jan 12 21:17:55 2006 Subject: Mailscanner / Spamassassin working, but not adding headers Message-ID: <8B699873CEBA3543926B467E76808232034657@sol.hq.mica.net> I think I just found the problem! It looks like the customer's firewall was proxying the smtp, and stripping off these "unknown" headers :) So, I re-configged the firewall.. Thx k -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: Friday, May 02, 2003 13:39 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner / Spamassassin working, but not adding headers .... , the subject line of the message was being changed (to include {Spam?}), indicating that it was going thru MS... Just the headers aren't being added. Really strange... However, since the client decided they wanted to quarantine rather than deliver, it isn't affecting the operation of their spam filtering... It's just a weird problem now that I'm curious about :) I'm probably completely off-base here but I just thought I'd throw in this experience of mine on the off-chance it might be relevant. I use either Outlook or Evolution to connect to our exchange (2000) server (depending on whether I'm on my Windows or Linux box). I got very worried one day when I noticed from within Evolution that my mail wasn't getting any headers added by MailScanner. Checking the same messages on my Windows box using Outlook the headers were there! It turned out that when Exchange is acting as an IMAP server it rewrites the mail it supplies to IMAP clients. Unfortunately there doesn't seem to be a way to prevent this (doubly annoying because it thwarted my attempt to use public folders to feed messages back to SpamAssassin). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From brose at MED.WAYNE.EDU Fri May 2 19:52:48 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:55 2006 Subject: Version 4.20 rule file bug? Message-ID: I updated my test box first from 4.19 and Mailscanner won't start. The logs have MailScanner[10515]: MailScanner E-Mail Virus Scanner version 4.20-2 starting... MailScanner[10515]: Syntax error in line 20 of ruleset /opt/MailScanner/etc/rules/spam.actions.rules MailScanner[10515]: Syntax error in line 21 of ruleset /opt/MailScanner/etc/rules/spam.actions.rules MailScanner[10515]: Aborting due to syntax errors in /opt/MailScanner/etc/rules/spam.actions.rules. The rules in question are To: jdoe@x.y.z delete forward spamtroll@x.y.z To: x.y.z deliver forward spamtroll@x.y.z FromTo: default deliver This was fine in 4.19. Is it a bug? From mike at CAMAROSS.NET Fri May 2 19:57:01 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:17:55 2006 Subject: Anyone know why this happens? In-Reply-To: Message-ID: <002701c310dc$9d5aa9c0$a91cbdcf@home.middlefinger.net> May 2 13:57:48 genesis sendmail[27561]: h42IoYo27561: collect: premature EOM: Error 0 May 2 13:57:48 genesis sendmail[27561]: h42IoYo27561: collect: unexpected close on connection from mxsmta01.inithost.com, sender=: Error 0 Is this due to a DNS timeout or something? Mike From mailscanner at LISTS.COM.AR Fri May 2 20:04:00 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:17:55 2006 Subject: MS, postfix, and MIME attachments In-Reply-To: <5.2.0.9.2.20030502164256.04f73650@imap.ecs.soton.ac.uk> References: <3EB2858B.5020901@pa.net> Message-ID: <3EB296F0.642.239F19FB@localhost> El 2 May 2003 a las 17:14, Julian Field escribi?: > > > >I will continue investigating in and around CopyEntireMessage. > > Fixed in 4.20-2. > > Mariano --- You might want to check the CopyEntireMessage function in your > ZMailer code. I think it suffers the same problem. Indeed... since in this case, apparently Postfix code inherited our ZMailer mistakes :-) I won't have time to test this until Monday, but this patch (which simply copies your code) should do, since it is calling already working functions... *** ZMDiskStore.pm.old Tue Apr 22 16:32:32 2003 --- ZMDiskStore.pm Fri May 2 15:48:20 2003 *************** *** 321,331 **** my $this = shift; my($message, $targetdir, $targetfile) = @_; ! my $hdfile = $this->{hdpath}; ! #system($global::cp . " \"$hdfile\" \"$targetdir/$$this{tname}\""); ! rename("$hdfile", "$targetdir/$$this{hdname}"); ! #my $hdoutpath=MailScanner::Sendmail::HDOutFileName($targetdir/$$this{tname}); } --- 321,345 ---- my $this = shift; my($message, $targetdir, $targetfile) = @_; ! #my $hdfile = $this->{hdpath}; ! #rename("$hdfile", "$targetdir/$$this{hdname}"); ! # BBY we were moving instead of copying... now we copy(cat) ! # BBY Julian's higher level solution that is much clearer ! # BBY and storeentireasdfqf means "include envelope" which ! # BBY is quite reasonable ! ! #print STDERR "Copying to $targetdir $targetfile\n"; ! if (MailScanner::Config::Value('storeentireasdfqf')) { ! #print STDERR "Copying to dir $targetdir\n"; ! $this->CopyToDir($targetdir); ! } else { ! #print STDERR "Copying to file $targetdir/$targetfile\n"; ! my $target = new IO::File "$targetdir/$targetfile", "w"; ! MailScanner::Log::WarnLog("writing to $targetdir/$targetfile: $!") ! if not defined $target; ! $this->WriteEntireMessage($message, $target); ! } } -- Mariano Absatz El Baby ---------------------------------------------------------- Bisexuality immediately doubles your chances for a date on Saturday night. -- Woody Allen From isp-list at TULSACONNECT.COM Fri May 2 20:16:22 2003 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:17:55 2006 Subject: SpamAssassin score below 7? Message-ID: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> Anyone doing a SpamAssassin score threshold below 7? Have any problems with false positives? ------------------------------------- Mike Bacher / mike@sparklogic.com Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ ------------------------------------- From brose at MED.WAYNE.EDU Fri May 2 20:16:08 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:55 2006 Subject: Version 4.20 rule file bug? Message-ID: OK see the problem. MailScanner 4.20-2 wants a after the last action. -----Original Message----- From: Rose, Bobby Sent: Friday, May 02, 2003 2:53 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Version 4.20 rule file bug? I updated my test box first from 4.19 and Mailscanner won't start. The logs have MailScanner[10515]: MailScanner E-Mail Virus Scanner version 4.20-2 starting... MailScanner[10515]: Syntax error in line 20 of ruleset /opt/MailScanner/etc/rules/spam.actions.rules MailScanner[10515]: Syntax error in line 21 of ruleset /opt/MailScanner/etc/rules/spam.actions.rules MailScanner[10515]: Aborting due to syntax errors in /opt/MailScanner/etc/rules/spam.actions.rules. The rules in question are To: jdoe@x.y.z delete forward spamtroll@x.y.z To: x.y.z deliver forward spamtroll@x.y.z FromTo: default deliver This was fine in 4.19. Is it a bug? From mike at CAMAROSS.NET Fri May 2 20:17:11 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:17:55 2006 Subject: SpamAssassin score below 7? In-Reply-To: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> Message-ID: <002801c310df$6e5aed30$a91cbdcf@home.middlefinger.net> For certain users, I have a SA score of like 3.8 For the general population, I run 6.2 and haven't run into any problems. Some spam still slips through with the funky broken up html code <--uck --> crap. My high score is less than 7 as well. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of ISP List Sent: Friday, May 02, 2003 2:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: SpamAssassin score below 7? Anyone doing a SpamAssassin score threshold below 7? Have any problems with false positives? ------------------------------------- Mike Bacher / mike@sparklogic.com Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ ------------------------------------- From Steve at swaney.com Fri May 2 20:35:17 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:17:55 2006 Subject: SpamAssassin score below 7? Message-ID: <1051904117.1335.62.camel@speedy> I'm also using 3.8 with good results. Very, very few messsages over 3.8 are not spam and the few that were I've whitelisted. BTW I'm setting Hish Spam = 10 and also getting very good results Steve Swaney Steve@Swaney.com | -----Original Message----- | From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of | ISP List | Sent: Friday, May 02, 2003 2:16 PM | To: MAILSCANNER@JISCMAIL.AC.UK | Subject: SpamAssassin score below 7? | | | Anyone doing a SpamAssassin score threshold below 7? Have any problems with | false positives? | | ------------------------------------- | Mike Bacher / mike@sparklogic.com | Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ | ------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030502/a2dfc062/attachment.html From mbowman at UDCOM.COM Fri May 2 20:32:05 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:17:55 2006 Subject: SpamAssassin score below 7? Message-ID: I use 4 for spam and 20 for high score spam. Over the last few weeks our spam count has risen slightly so I'm looking at changing some of the scoring in local.cf and also advising clients to have their spam actions include 'striphtml'. Does anyone whitelist @microsoft.com ? I got an e-mail forged from that domain with a score of 9.1 LOL Regards, Matthew Bowman www.udcom.com Stephen Swaney Sent by: MailScanner mailing list 05/02/2003 03:35 PM Please respond to Steve To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: SpamAssassin score below 7? I'm also using 3.8 with good results. Very, very few messsages over 3.8 are not spam and the few that were I've whitelisted. BTW I'm setting Hish Spam = 10 and also getting very good results Steve Swaney Steve@Swaney.com | -----Original Message----- | From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of | ISP List | Sent: Friday, May 02, 2003 2:16 PM | To: MAILSCANNER@JISCMAIL.AC.UK | Subject: SpamAssassin score below 7? | | | Anyone doing a SpamAssassin score threshold below 7? Have any problems with | false positives? | | ------------------------------------- | Mike Bacher / mike@sparklogic.com | Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ | ------------------------------------- From thomas_duvally at BROWN.EDU Fri May 2 20:41:50 2003 From: thomas_duvally at BROWN.EDU (Thomas DuVally) Date: Thu Jan 12 21:17:55 2006 Subject: Outlook Express and headers Message-ID: <1051904509.24998.19.camel@croithine> Hi all, I'm sure it's pretty well understood by now how bad OE is as a client, but in a largish institution we are stuck with it. That said, here is what I am facing: Since OE has NO reasonable ability to filter on message headers, I have been asked to look into solutions to modify how mail gets tagged for spam. Right now we tag in the headers with the report and the "s"'s, but do not modify the subject line. Users can then filter to their hearts content... unless they have OE. The proposal to modify the subject line has been rejected and the request to modify the body has been put forth. Preferable at the end. I am not asking that this be a feature is MS. I don't think Julian should waste his time to modify perfectly good code just becuase Micro$oft wants to cr@p on it's users.... (rage subsiding now) As you can tell I'm NOT fond of this idea, but does anyone have any input into how I can go about this? Or at least a REALLY good arguement against it? Otherwise I have to figure this out. -- TJ Du Vally From nathan at TCPNETWORKS.NET Fri May 2 20:53:19 2003 From: nathan at TCPNETWORKS.NET (Nathan Johanson) Date: Thu Jan 12 21:17:55 2006 Subject: Qmail Support Revisited? Message-ID: Just curious... Why do you hate Qmail? I wouldn't have considered it, but everyone I talk to keeps singing it's praises. I value your input, so maybe you can help offset the lovey-dovey stuff I hear from local IT guys and other colleagues. Nathan -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Thursday, May 01, 2003 8:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Qmail Support Revisited? At 16:22 01/05/2003, you wrote: >Just curious if Qmail support is on the list of future enhancements? It's possible, but I still hate qmail. >We're may move some of our mail services to Qmail and don't want to lose >our beloved MailScanner. We may be willing to pay for the implementation >if I can get the powers that be to loosen the purse strings. Not an >immediate need, just curious what the word is now. Try asking Mariano if he fancies doing it for some money, he and a colleague implemented the ZMailer support and so he knows exactly what needs to be done. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dwinkler at ALGORITHMICS.COM Fri May 2 21:05:53 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:17:55 2006 Subject: SpamAssassin score below 7? Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6F4D@tormail1.algorithmics.com> I've got mine set at 5 for the Spam Score but all we do is change subject line. The biggest problem is mailing lists which users have subscribed to They read like spam anyways. Next biggest problem is vendors, customers, personal contacts who are blacklisted. Whitelisting takes care of most of it. -----Original Message----- From: ISP List [mailto:isp-list@tulsaconnect.com] Sent: Friday, May 02, 2003 3:16 PM To: MAILSCANNER@jiscmail.ac.uk Subject: SpamAssassin score below 7? Anyone doing a SpamAssassin score threshold below 7? Have any problems with false positives? ------------------------------------- Mike Bacher / mike@sparklogic.com Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ ------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030502/31f09ea7/attachment.html From brian at UNEARTHED.ORG Fri May 2 21:03:39 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:17:55 2006 Subject: Postfix... Message-ID: <001501c310e6$87c960b0$bc01020a@brianmay> I'm switching from sendmailto postfix on a machine... and when I have a single postfix deamon running... everything works fine... then I follow the postfix- mailscanner setup at mailscanner.info and everything is great, except for local delivery of mail.. mail to root/postfix and virtual users is fine... but it outwrite rejects mail to local users.. (me, as I'm the only one) has anyone else had this? Brian From brose at MED.WAYNE.EDU Fri May 2 21:31:27 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:55 2006 Subject: MailScanner 4.20 and Savi Message-ID: I switched over to Savi now and I noticed that everytime the virus scan is ran, SophosSavi always reports 1 infection even when none was truely found. Also when spam checks is set to no, it still logs that spam checks are starting. Is it really running a spam check? -=B -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030502/7f2ce678/attachment.html From Steve at swaney.com Fri May 2 21:55:31 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:17:56 2006 Subject: Postfix delivery problem Message-ID: <1051908931.1332.68.camel@speedy> Just upgraded to 4.20 and incoming mail is being accepted and scanned but just sits in /var/spool/mqueue. Doesn't ger deliverd to user's mailboxes. Was woring and I double checked the configuration. I did get error messages about Kickmessage not being able to write to /var/spool/public/qmgr but the stopped when I created the directory /var/spool/public - owned by postfix. RedhAt 9 MailScanner 4.2 SpamAssassin 2.53 Any pointers welcome - Thanks, Steve Steve Swaney Steve@Swaney.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030502/335f5646/attachment.html From mailscanner at ecs.soton.ac.uk Fri May 2 21:52:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Anyone know why this happens? In-Reply-To: <002701c310dc$9d5aa9c0$a91cbdcf@home.middlefinger.net> References: Message-ID: <5.2.1.1.2.20030502215023.0241aba0@imap.ecs.soton.ac.uk> At 19:57 02/05/2003, you wrote: >May 2 13:57:48 genesis sendmail[27561]: h42IoYo27561: collect: premature EOM: >Error 0 >May 2 13:57:48 genesis sendmail[27561]: h42IoYo27561: collect: unexpected >close >on connection from mxsmta01.inithost.com, sender=: Error 0 > >Is this due to a DNS timeout or something? Usually it means that the SMTP client on the far end never got as far as sending a recipient or a message after it send a "MAIL from:" instruction. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 21:49:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Version 4.20 rule file bug? In-Reply-To: Message-ID: <5.2.1.1.2.20030502214743.041fc308@imap.ecs.soton.ac.uk> Do you mean a space at the end of each line? Sounds like something I need to fix this weekend.... At 20:16 02/05/2003, you wrote: >OK see the problem. MailScanner 4.20-2 wants a after the last >action. > >-----Original Message----- >From: Rose, Bobby >Sent: Friday, May 02, 2003 2:53 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Version 4.20 rule file bug? > > >I updated my test box first from 4.19 and Mailscanner won't start. The >logs have > >MailScanner[10515]: MailScanner E-Mail Virus Scanner version 4.20-2 >starting... >MailScanner[10515]: Syntax error in line 20 of ruleset >/opt/MailScanner/etc/rules/spam.actions.rules >MailScanner[10515]: Syntax error in line 21 of ruleset >/opt/MailScanner/etc/rules/spam.actions.rules >MailScanner[10515]: Aborting due to syntax errors in >/opt/MailScanner/etc/rules/spam.actions.rules. > >The rules in question are > >To: jdoe@x.y.z delete forward spamtroll@x.y.z >To: x.y.z deliver forward spamtroll@x.y.z >FromTo: default deliver > >This was fine in 4.19. Is it a bug? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 21:54:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: MS, postfix, and MIME attachments In-Reply-To: <3EB296F0.642.239F19FB@localhost> References: <5.2.0.9.2.20030502164256.04f73650@imap.ecs.soton.ac.uk> <3EB2858B.5020901@pa.net> Message-ID: <5.2.1.1.2.20030502215308.04248bd0@imap.ecs.soton.ac.uk> As I haven't got a ZMailer system to test it on, can you drop me a line (off-list) once you've tested it? Thanks! At 20:04 02/05/2003, you wrote: >El 2 May 2003 a las 17:14, Julian Field escribi?: > > > > > > >I will continue investigating in and around CopyEntireMessage. > > > > Fixed in 4.20-2. > > > > Mariano --- You might want to check the CopyEntireMessage function in your > > ZMailer code. I think it suffers the same problem. > >Indeed... since in this case, apparently Postfix code inherited our ZMailer >mistakes :-) > >I won't have time to test this until Monday, but this patch (which simply >copies your code) should do, since it is calling already working functions... > >*** ZMDiskStore.pm.old Tue Apr 22 16:32:32 2003 >--- ZMDiskStore.pm Fri May 2 15:48:20 2003 >*************** >*** 321,331 **** > my $this = shift; > my($message, $targetdir, $targetfile) = @_; > >! my $hdfile = $this->{hdpath}; > >! #system($global::cp . " \"$hdfile\" \"$targetdir/$$this{tname}\""); >! rename("$hdfile", "$targetdir/$$this{hdname}"); >! #my >$hdoutpath=MailScanner::Sendmail::HDOutFileName($targetdir/$$this{tname}); > } > > >--- 321,345 ---- > my $this = shift; > my($message, $targetdir, $targetfile) = @_; > >! #my $hdfile = $this->{hdpath}; >! #rename("$hdfile", "$targetdir/$$this{hdname}"); > >! # BBY we were moving instead of copying... now we copy(cat) >! # BBY Julian's higher level solution that is much clearer >! # BBY and storeentireasdfqf means "include envelope" which >! # BBY is quite reasonable >! >! #print STDERR "Copying to $targetdir $targetfile\n"; >! if (MailScanner::Config::Value('storeentireasdfqf')) { >! #print STDERR "Copying to dir $targetdir\n"; >! $this->CopyToDir($targetdir); >! } else { >! #print STDERR "Copying to file $targetdir/$targetfile\n"; >! my $target = new IO::File "$targetdir/$targetfile", "w"; >! MailScanner::Log::WarnLog("writing to $targetdir/$targetfile: $!") >! if not defined $target; >! $this->WriteEntireMessage($message, $target); >! } > } > > > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >Bisexuality immediately doubles your chances for >a date on Saturday night. > -- Woody Allen -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 22:05:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Postfix delivery problem In-Reply-To: <1051908931.1332.68.camel@speedy> Message-ID: <5.2.1.1.2.20030502220317.04256e38@imap.ecs.soton.ac.uk> If you are using Postfix, you should set Outgoing Queue Dir = /var/spool/postfix/incoming At 21:55 02/05/2003, you wrote: >Just upgraded to 4.20 and incoming mail is being accepted and scanned but >just sits in /var/spool/mqueue. Doesn't ger deliverd to user's mailboxes. >Was woring and I double checked the configuration. > >I did get error messages about Kickmessage not being able to write to >/var/spool/public/qmgr but the stopped when I created the directory >/var/spool/public - owned by postfix. > >RedhAt 9 >MailScanner 4.2 >SpamAssassin 2.53 > >Any pointers welcome - Thanks, > >Steve > >Steve Swaney >Steve@Swaney.com -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 22:01:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Qmail Support Revisited? In-Reply-To: Message-ID: <5.2.1.1.2.20030502215854.04247248@imap.ecs.soton.ac.uk> This may no longer be true, of course, be my reasons have always been a) enabling any useful feature involved patching the source, b) a message could only have 1 recipient. Bit of a problem with a site that uses mailing lists. At 20:53 02/05/2003, you wrote: >Just curious... Why do you hate Qmail? >I wouldn't have considered it, but everyone I talk to keeps singing it's >praises. >I value your input, so maybe you can help offset the lovey-dovey stuff I >hear from local IT guys and other colleagues. > >Nathan > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Thursday, May 01, 2003 8:55 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Qmail Support Revisited? > > >At 16:22 01/05/2003, you wrote: > >Just curious if Qmail support is on the list of future enhancements? > >It's possible, but I still hate qmail. > > >We're may move some of our mail services to Qmail and don't want to >lose > >our beloved MailScanner. We may be willing to pay for the >implementation > >if I can get the powers that be to loosen the purse strings. Not an > >immediate need, just curious what the word is now. > >Try asking Mariano if he fancies doing it for some money, he and a >colleague implemented the ZMailer support and so he knows exactly what >needs to be done. >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From brose at MED.WAYNE.EDU Fri May 2 22:14:13 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:56 2006 Subject: Version 4.20 rule file bug? Message-ID: Yeah. I think it's looking for the actionaction -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Friday, May 02, 2003 4:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Version 4.20 rule file bug? Do you mean a space at the end of each line? Sounds like something I need to fix this weekend.... At 20:16 02/05/2003, you wrote: >OK see the problem. MailScanner 4.20-2 wants a after the last >action. > >-----Original Message----- >From: Rose, Bobby >Sent: Friday, May 02, 2003 2:53 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Version 4.20 rule file bug? > > >I updated my test box first from 4.19 and Mailscanner won't start. The >logs have > >MailScanner[10515]: MailScanner E-Mail Virus Scanner version 4.20-2 >starting... >MailScanner[10515]: Syntax error in line 20 of ruleset >/opt/MailScanner/etc/rules/spam.actions.rules >MailScanner[10515]: Syntax error in line 21 of ruleset >/opt/MailScanner/etc/rules/spam.actions.rules >MailScanner[10515]: Aborting due to syntax errors in >/opt/MailScanner/etc/rules/spam.actions.rules. > >The rules in question are > >To: jdoe@x.y.z delete forward spamtroll@x.y.z >To: x.y.z deliver forward spamtroll@x.y.z >FromTo: default deliver > >This was fine in 4.19. Is it a bug? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Steve at swaney.com Fri May 2 22:20:42 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:17:56 2006 Subject: Postfix delivery problem In-Reply-To: <5.2.1.1.2.20030502220317.04256e38@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030502220317.04256e38@imap.ecs.soton.ac.uk> Message-ID: <1051910442.1337.73.camel@speedy> All fixed. Sorry for the bother and obviously I can't read the documentation. Steve On Fri, 2003-05-02 at 17:05, Julian Field wrote: > If you are using Postfix, you should set > Outgoing Queue Dir = /var/spool/postfix/incoming > > At 21:55 02/05/2003, you wrote: > >Just upgraded to 4.20 and incoming mail is being accepted and scanned but > >just sits in /var/spool/mqueue. Doesn't ger deliverd to user's mailboxes. > >Was woring and I double checked the configuration. > > > >I did get error messages about Kickmessage not being able to write to > >/var/spool/public/qmgr but the stopped when I created the directory > >/var/spool/public - owned by postfix. > > > >RedhAt 9 > >MailScanner 4.2 > >SpamAssassin 2.53 > > > >Any pointers welcome - Thanks, > > > >Steve > > > >Steve Swaney > >Steve@Swaney.com > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030502/b160a785/attachment.html From mailscanner at ecs.soton.ac.uk Fri May 2 22:52:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Version 4.20 rule file bug? In-Reply-To: Message-ID: <5.2.1.1.2.20030502225057.027f0fe0@imap.ecs.soton.ac.uk> Can you try this patch please? It seems to work for me: --- Config.pm 2003-04-28 21:29:42.000000000 +0100 +++ Config.pm.new 2003-05-02 22:49:34.000000000 +0100 @@ -1124,9 +1124,13 @@ $rule = undef; $value = undef; #print STDERR "Line is \"$_\"\n"; - if (/^(\S+)\s+(\S+)(\s+(\S+))?$/) { + #if (/^(\S+)\s+(\S+)(\s+(\S+))?$/) { + # ($direction, $rule, $value) = ($1, $2, $4); + if (/^(\S+)\s+(\S+)(\s+(.*))?$/) { ($direction, $rule, $value) = ($1, $2, $4); + #print STDERR "Dir = $direction, Rule = $rule, Value = $value\n"; } else { + #print STDERR "value is \"$_\"\n"; MailScanner::Log::WarnLog('Syntax error in line %d of ruleset %s', $linecounter, $rulesfilename); $errors = 1; At 22:14 02/05/2003, you wrote: >Yeah. I think it's looking for the actionaction > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Friday, May 02, 2003 4:50 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Version 4.20 rule file bug? > > >Do you mean a space at the end of each line? >Sounds like something I need to fix this weekend.... > >At 20:16 02/05/2003, you wrote: > >OK see the problem. MailScanner 4.20-2 wants a after the last > >action. > > > >-----Original Message----- > >From: Rose, Bobby > >Sent: Friday, May 02, 2003 2:53 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Version 4.20 rule file bug? > > > > > >I updated my test box first from 4.19 and Mailscanner won't start. The > > >logs have > > > >MailScanner[10515]: MailScanner E-Mail Virus Scanner version 4.20-2 > >starting... > >MailScanner[10515]: Syntax error in line 20 of ruleset > >/opt/MailScanner/etc/rules/spam.actions.rules > >MailScanner[10515]: Syntax error in line 21 of ruleset > >/opt/MailScanner/etc/rules/spam.actions.rules > >MailScanner[10515]: Aborting due to syntax errors in > >/opt/MailScanner/etc/rules/spam.actions.rules. > > > >The rules in question are > > > >To: jdoe@x.y.z delete forward spamtroll@x.y.z > >To: x.y.z deliver forward spamtroll@x.y.z > >FromTo: default deliver > > > >This was fine in 4.19. Is it a bug? > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz MailScanner thanks >transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 2 23:20:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: MailScanner 4.20 and Savi In-Reply-To: Message-ID: <5.2.1.1.2.20030502231529.04253db0@imap.ecs.soton.ac.uk> At 21:31 02/05/2003, you wrote: >I switched over to Savi now and I noticed that everytime the virus scan is >ran, SophosSavi always reports 1 infection even when none was truely found. Curious, mine doesn't do that: May 2 23:15:09 tinker MailScanner[483]: Commencing scanning by sophossavi... May 2 23:15:10 tinker MailScanner[483]: Completed scanning by sophossavi May 2 23:15:10 tinker MailScanner[483]: About to deliver 1 messages May 2 23:15:10 tinker MailScanner[483]: Uninfected: Delivered 1 messages >Also when spam checks is set to no, it still logs that spam checks are >starting. Is it really running a spam check? It prints that message if "Log Spam = yes". As the spam checking switch can be a ruleset, it is difficult to say that the spam checks will never happen for any message. so it prints it at the start of *potentially* doing any spam checks. If you aren't checking for spam, set "Log Spam = no" and it won't bother you any more. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From email at ace.net.au Sat May 3 05:36:04 2003 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:17:56 2006 Subject: SpamAssassin score below 7? In-Reply-To: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> References: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> Message-ID: <200305031406040582.30AB9424@smtp1.ace.net.au> I have this: Required SpamAssassin Score = 4 High SpamAssassin Score = 7 I archive and forward "Required" to spam@ mailbox. I delete and forward "High" to deleted@ mailbox. So nothing with 4 or higher gets to the client. I also redirect any undetected spam to the spam@ mailbox. I check both of these then run a spam-learn script on the spam@ mailbox. I am about 100% happy with it, though a few of the single line type spams that refer to a smut website still get through. I also try to block the high volume spams at the mail server level to reduce the traffic and load impact on the server. Yesterday was typical, I got about 2800 real mails, about 3000 spam of which about 2400 were blocked by Sendmail. I get no complaints. Now that SpamAssassin 2.53 is working so well, I am thinking of slowly deleting my whitelist and just letting MS/SA handle it all. I am a VERY happy camper now, apart from the hours I spend verifying the effectiveness of the system though I could probably just about leave it on it's own now. Peter *********** REPLY SEPARATOR *********** On 2/05/2003 at 2:16 PM ISP List wrote: >Anyone doing a SpamAssassin score threshold below 7? Have any problems >with false positives? > >------------------------------------- >Mike Bacher / mike@sparklogic.com >Use OptiGold ISP? Check out OptiSkin! >http://www.sparklogic.com/optiskin/ >------------------------------------- From donovan at HUFFDATASYSTEMS.COM Sat May 3 08:01:52 2003 From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS) Date: Thu Jan 12 21:17:56 2006 Subject: SpamAssassin score below 7? References: <830753182358D411978800D0B78EE86601032D6F@NTS-A?> Message-ID: <00fd01c31141$fb527f20$75c65a42@x27> Mine is currently set at the default score of 5 and only a little spam gets thru and almost no legitimate e-mails get tagged/scored as SPAM. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ ----- Original Message ----- From: "Daniel Kleinsinger" To: Sent: Friday, May 02, 2003 6:36 PM Subject: Re: SpamAssassin score below 7? > Is there a recommended default spam score? I rememeber seeing 9 recommended > instead of 5 somewhere so that's what mine is set to, but casually looking > through ham most of seems to have a negative score. Does anyone who > monitors pretty closely have a record for highest scoring ham? My > preference is to keep it rather conservative as to minimize any chance of an > fp, but I have a feeling I'm letting a considerable amount of spam through > without reason. Thanks for any input. > > Daniel > > -----Original Message----- > From: ISP List [mailto:isp-list@TULSACONNECT.COM] > Sent: Friday, May 02, 2003 12:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin score below 7? > > > Anyone doing a SpamAssassin score threshold below 7? Have any problems with > false positives? > > ------------------------------------- > Mike Bacher / mike@sparklogic.com > Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ > ------------------------------------- From donovan at HUFFDATASYSTEMS.COM Sat May 3 08:05:49 2003 From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? Message-ID: <010601c31142$6e10bbd0$75c65a42@x27> I have noticed that the spam that does get thru is found in OSIRUSOFT, but I do not currently use it. Who is using it and how well is it working? Wondering about how accuratly it is marking SPAM. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ From apostolus at BLUEYONDER.CO.UK Sat May 3 08:21:10 2003 From: apostolus at BLUEYONDER.CO.UK (apostolus) Date: Thu Jan 12 21:17:56 2006 Subject: MailScanner, f-prot and spamassassin and Sendmail {scanned by martin dominic} In-Reply-To: <5.2.0.9.2.20030502122346.05130eb0@imap.ecs.soton.ac.uk> Message-ID: Thanks Julian.. everything now works ok.. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: 02 May 2003 12:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner, f-prot and spamassassin and Sendmail {scanned by martin dominic} At 09:46 02/05/2003, you wrote: >Hi group.. new user here.. > >have a bit of a problem that I've been trying to work out for a coule of >weeks now without any joy. > >I have mailscanner up and running reasonably well but for some reason it >seems not to be scanning everything with spamassassin.. 1 in 50 emails >might be being scanned for spam and that's about it > >I have fetchamil collecting/polling with mda being sendmail.. it was >procmail with recipies etc but i changed the mda line in fetchmailrc when i >installed MailScanner.. (/usr/sbin/sendmail -d apostolus) Set up your fetchmail configuration so that it delivers by talking SMTP to "localhost" rather than calling sendmail directly. Are you test spam messages particularly big? There is a "Max SpamAssassin Size" setting in the MailScanner.conf (default is 90k). Also you might want to set "Always Include Spam Report" to yes while you are testing, so you can always see what happened. >the problem seems to be that not all incoming mail is checked for spam.. >i'm sure my anti virus checking is okay as every time i send out the eicar >text attachments they are always detected and MailScanner always sends out >the appropriate emails and quarentines the dodgy files.. some spam is >detected on one user account but there are another 4 user accounts that >don't seem to be checked at all.. one of them gets over 250 spam emails per >day... the sort of stuff you would want your kids to see.. > >as i've really been round the houses with this one, i'd really appreciate >some help.. > >i have suse 7.3, sendmail 8.11, perl 5.6.0 > >may thanks >apost -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From David.While at UCE.AC.UK Sat May 3 09:57:53 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? Message-ID: If you look at my stats at http://www.boys-brigade.org.uk/mrtg you will see the results for each of the trap types - spamassassin, osirusoft, spamcop etc. They are below the graphs in the middle. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 Donovan Huff | HUFF DATA SYSTEMS To: MAILSCANNER@JISCMAIL.AC.UK Subject: Use OSIRUSOFT yes or no? Sent by: MailScanner mailing list 03/05/2003 08:05 Please respond to MailScanner mailing list I have noticed that the spam that does get thru is found in OSIRUSOFT, but I do not currently use it. Who is using it and how well is it working? Wondering about how accuratly it is marking SPAM. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ From raymond at PROLOCATION.NET Sat May 3 10:08:34 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:56 2006 Subject: f-prot autoupdate In-Reply-To: <561AAE0556C2594B815E391DDF5F0CC52B44C8@exchange.lscom.net> Message-ID: Hi! > It gets stuck connecting to the ftp site. If I try by hand I connect, > but it sometimes takes hours(I'm not kidding) to get the login prompt. > Are there any US based f-prot mirror servers? I have the same problem > if I go to f-prot's web site and try to download definition files from > there. I have a mirror running that you could try... ftp://ftp.quicknet.nl/pub/Antivirus/ftp.f-prot.com you could try that one. bye, Raymond. From so-mlist-alias at all-about-shift.com Sat May 3 10:17:54 2003 From: so-mlist-alias at all-about-shift.com (Soeren Gerlach) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? Message-ID: <200305031117.54442.so-mlist-alias@all-about-shift.com> As a matter of fact O. does not mark spam. It is a meta list of several RBLs together and they just provide a special DNS based service where you can get an answer for the question: "Is it likely that from the IP where a MTA just tries to connect right now to my MTA does Spam come from?". So it's not spam analysis just a kind of "good IP/bad IP" markup. And it can be quite easily applied to most MTAs. I'm currently using a combination of three RBLs relays.osirusoft.com/reject : list.dsbl.org/reject : sbl.spamhaus.org/reject with very good results: More than 60% of potential spam gets already blocked at the MTA without any user complaints - until now ,-)) - that someone cannot deliver mail via the RBL-secured MTA. cheers, Soeren > I have noticed that the spam that does get thru is found in OSIRUSOFT, > but I do not currently use it. Who is using it and how well is it > working? Wondering about how accuratly it is marking SPAM. > > > Regards, > > Donovan Huff > Owner/Operator > HUFF DATA SYSTEMS > donovan@huffdatasystems.com > http://www.huffdatasystems.com/ > (361) 781-0631 > > ------------------------------------------------------ > Web Hosting Starting at $5.00/mo > http://www.huffdatasystems.com/ > ------------------------------------------------------ > Internet Access Just About Anywhere > http://UnlimitedCheapInternet.com/ > ------------------------------------------------------ From so-mlist-alias at all-about-shift.com Sat May 3 10:18:26 2003 From: so-mlist-alias at all-about-shift.com (Soeren Gerlach) Date: Thu Jan 12 21:17:56 2006 Subject: "Block encrypted message" option Message-ID: <200305031118.26991.so-mlist-alias@all-about-shift.com> I've never tried it, but what happens exactly if I set this option to "yes" and will get an encrypted message? Will the message be droppen, returned to sender and/or commented by MailScanner? Thanks, Soeren From raymond at PROLOCATION.NET Sat May 3 10:32:44 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? In-Reply-To: <010601c31142$6e10bbd0$75c65a42@x27> Message-ID: Hi! > I have noticed that the spam that does get thru is found in OSIRUSOFT, > but I do not currently use it. Who is using it and how well is it > working? Wondering about how accuratly it is marking SPAM. Working fine on my end, didnt see much false positives either there. The sometimes (in the past) did weird things but lately its looking like a nice list. Bye, Raymond. From DanielK at AVALONPUB.COM Sat May 3 00:36:51 2003 From: DanielK at AVALONPUB.COM (Daniel Kleinsinger) Date: Thu Jan 12 21:17:56 2006 Subject: SpamAssassin score below 7? Message-ID: <830753182358D411978800D0B78EE86601032D6F@NTS-A?> Is there a recommended default spam score? I rememeber seeing 9 recommended instead of 5 somewhere so that's what mine is set to, but casually looking through ham most of seems to have a negative score. Does anyone who monitors pretty closely have a record for highest scoring ham? My preference is to keep it rather conservative as to minimize any chance of an fp, but I have a feeling I'm letting a considerable amount of spam through without reason. Thanks for any input. Daniel -----Original Message----- From: ISP List [mailto:isp-list@TULSACONNECT.COM] Sent: Friday, May 02, 2003 12:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: SpamAssassin score below 7? Anyone doing a SpamAssassin score threshold below 7? Have any problems with false positives? ------------------------------------- Mike Bacher / mike@sparklogic.com Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ ------------------------------------- From so-mlist-alias at all-about-shift.com Sat May 3 10:47:15 2003 From: so-mlist-alias at all-about-shift.com (Soeren Gerlach) Date: Thu Jan 12 21:17:56 2006 Subject: "Mark Infected Messages" option Message-ID: <200305031147.15903.so-mlist-alias@all-about-shift.com> Please help me to find out when the above option applies: -------------------------------- # Add the "Inline HTML Warning" or "Inline Text Warning" to the top of # messages that have had attachments removed from them? # This can also be the filename of a ruleset. Mark Infected Messages = yes --------------------------------- When attachments have been removed shouldn't the mail be called "disinfected" and marked as such? Thanks Soeren From mailscanner at ecs.soton.ac.uk Sat May 3 11:03:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: "Mark Infected Messages" option In-Reply-To: <200305031147.15903.so-mlist-alias@all-about-shift.com> Message-ID: <5.2.1.1.2.20030503110235.02681b48@imap.ecs.soton.ac.uk> At 10:47 03/05/2003, you wrote: >Please help me to find out when the above option applies: > >-------------------------------- ># Add the "Inline HTML Warning" or "Inline Text Warning" to the top of ># messages that have had attachments removed from them? ># This can also be the filename of a ruleset. >Mark Infected Messages = yes >--------------------------------- > >When attachments have been removed shouldn't the mail be called >"disinfected" and marked as such? I prefer the term "cleaned" rather than "disinfected" as the two don't quite mean the same thing. Yes, agreed, if I started again I would probably call the option "Mark Cleaned Messages" but I can't really change it now to the very large installed user-base. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 3 10:36:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: "Block encrypted message" option In-Reply-To: <200305031118.26991.so-mlist-alias@all-about-shift.com> Message-ID: <5.2.1.1.2.20030503103522.00b03628@imap.ecs.soton.ac.uk> At 10:18 03/05/2003, you wrote: >I've never tried it, but what happens exactly if I set this option to "yes" >and will get an encrypted message? Will the message be droppen, returned to >sender and/or commented by MailScanner? The message will be treated pretty much the same as if it had a virus infection that applied to the whole message. The simplest thing to do is set it to be a ruleset for just your address, and try sending an encrypted message to yourself through it. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From brose at MED.WAYNE.EDU Sat May 3 11:09:40 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:56 2006 Subject: Version 4.20 rule file bug? Message-ID: Yes that took care of it here also. Thanks. -=B -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Friday, May 02, 2003 5:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Version 4.20 rule file bug? Can you try this patch please? It seems to work for me: --- Config.pm 2003-04-28 21:29:42.000000000 +0100 +++ Config.pm.new 2003-05-02 22:49:34.000000000 +0100 @@ -1124,9 +1124,13 @@ $rule = undef; $value = undef; #print STDERR "Line is \"$_\"\n"; - if (/^(\S+)\s+(\S+)(\s+(\S+))?$/) { + #if (/^(\S+)\s+(\S+)(\s+(\S+))?$/) { + # ($direction, $rule, $value) = ($1, $2, $4); + if (/^(\S+)\s+(\S+)(\s+(.*))?$/) { ($direction, $rule, $value) = ($1, $2, $4); + #print STDERR "Dir = $direction, Rule = $rule, Value = $value\n"; } else { + #print STDERR "value is \"$_\"\n"; MailScanner::Log::WarnLog('Syntax error in line %d of ruleset %s', $linecounter, $rulesfilename); $errors = 1; At 22:14 02/05/2003, you wrote: >Yeah. I think it's looking for the actionaction > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Friday, May 02, 2003 4:50 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Version 4.20 rule file bug? > > >Do you mean a space at the end of each line? >Sounds like something I need to fix this weekend.... > >At 20:16 02/05/2003, you wrote: > >OK see the problem. MailScanner 4.20-2 wants a after the > >last action. > > > >-----Original Message----- > >From: Rose, Bobby > >Sent: Friday, May 02, 2003 2:53 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Version 4.20 rule file bug? > > > > > >I updated my test box first from 4.19 and Mailscanner won't start. > >The > > >logs have > > > >MailScanner[10515]: MailScanner E-Mail Virus Scanner version 4.20-2 > >starting... > >MailScanner[10515]: Syntax error in line 20 of ruleset > >/opt/MailScanner/etc/rules/spam.actions.rules > >MailScanner[10515]: Syntax error in line 21 of ruleset > >/opt/MailScanner/etc/rules/spam.actions.rules > >MailScanner[10515]: Aborting due to syntax errors in > >/opt/MailScanner/etc/rules/spam.actions.rules. > > > >The rules in question are > > > >To: jdoe@x.y.z delete forward spamtroll@x.y.z > >To: x.y.z deliver forward spamtroll@x.y.z > >FromTo: default deliver > > > >This was fine in 4.19. Is it a bug? > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz MailScanner thanks >transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 3 11:13:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: X-Headers - Spamassassin In-Reply-To: <5.2.1.1.2.20030502191240.04241b10@imap.ecs.soton.ac.uk> References: <000101c310d4$ceb53880$fc32000a@4> Message-ID: <5.2.1.1.2.20030503111208.02806778@imap.ecs.soton.ac.uk> I sneaked this feature into 4.20-3, so you can now specify a new name for spamassassin at the bottom of the languages.conf file for each language. Currently it is defined for all languages as spamassassin = SpamAssassin At 19:13 02/05/2003, you wrote: >At 19:01 02/05/2003, you wrote: >>Can anybody advise us where within Spamassassins config we could change the >>output within the X-Headers. >>We would like to change 'Spamassassin' > >It's hard-wired at the moment. It's in the code at line 368 of Message.pm >(which is in /usr/lib/MailScanner/MailScanner or >/opt/MailScanner/lib/MailScanner). You are welcome to change it there. >I guess I should move it to the languages.conf file... >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 3 11:10:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: 4.20-3 Re: MS, postfix, and MIME attachments In-Reply-To: <3EB2CA9E.21614.2468FCBC@localhost> References: <5.2.1.1.2.20030502215308.04248bd0@imap.ecs.soton.ac.uk> <3EB296F0.642.239F19FB@localhost> Message-ID: <5.2.1.1.2.20030503110909.0267f060@imap.ecs.soton.ac.uk> I have just posted version 4.20-3 including this bugfix for Postfix and ZMailer. It's quite an important fix, as without it you might not deliver mail you are quarantining or archiving. You won't *lose* any mail, but the recipients may not receive it. The change does not affect sendmail or Exim users at all, only Postfix and ZMailer. At 23:44 02/05/2003, Mariano Absatz wrote: >OK... my wife will kill me for coming home late again on a Friday evening... >but the patch is working just fine... > >Delivers the mail and stores in the quarantine directory when told to do >both... > >If you release during the weekend you can apply it confidently. > >BTW, it's just a silly thing, but the release has a bunch of cvs temporary >files scattered: >./docs/.#ChangeLog.1.145.2.55 >./docs/.#ChangeLog.1.145.2.69 >./bin/.#mailscanner.1.142.2.27 >./lib/MailScanner/.#SweepViruses.pm.1.49.2.14 > >and lots of executable files: >etc/*.conf >etc/reports/cy+en/* >lib/MailScanner/*.pm > >and there's also a lib/MailScanner/RBLs.pm.old lying there since some >releases ago... > >Regards. > >El 2 May 2003 a las 21:54, Julian Field escribi?: > > > As I haven't got a ZMailer system to test it on, can you drop me a line > > (off-list) once you've tested it? > > Thanks! > > > > At 20:04 02/05/2003, you wrote: > > >El 2 May 2003 a las 17:14, Julian Field escribi?: > > > > > > > > > > > > >I will continue investigating in and around CopyEntireMessage. > > > > > > > > Fixed in 4.20-2. > > > > > > > > Mariano --- You might want to check the CopyEntireMessage function > in your > > > > ZMailer code. I think it suffers the same problem. > > > > > >Indeed... since in this case, apparently Postfix code inherited our > ZMailer > > >mistakes :-) > > > > > >I won't have time to test this until Monday, but this patch (which simply > > >copies your code) should do, since it is calling already working > functions... > > > > > >*** ZMDiskStore.pm.old Tue Apr 22 16:32:32 2003 > > >--- ZMDiskStore.pm Fri May 2 15:48:20 2003 > > >*************** > > >*** 321,331 **** > > > my $this = shift; > > > my($message, $targetdir, $targetfile) = @_; > > > > > >! my $hdfile = $this->{hdpath}; > > > > > >! #system($global::cp . " \"$hdfile\" \"$targetdir/$$this{tname}\""); > > >! rename("$hdfile", "$targetdir/$$this{hdname}"); > > >! #my > > >$hdoutpath=MailScanner::Sendmail::HDOutFileName($targetdir/$$this{tname}); > > > } > > > > > > > > >--- 321,345 ---- > > > my $this = shift; > > > my($message, $targetdir, $targetfile) = @_; > > > > > >! #my $hdfile = $this->{hdpath}; > > >! #rename("$hdfile", "$targetdir/$$this{hdname}"); > > > > > >! # BBY we were moving instead of copying... now we copy(cat) > > >! # BBY Julian's higher level solution that is much clearer > > >! # BBY and storeentireasdfqf means "include envelope" which > > >! # BBY is quite reasonable > > >! > > >! #print STDERR "Copying to $targetdir $targetfile\n"; > > >! if (MailScanner::Config::Value('storeentireasdfqf')) { > > >! #print STDERR "Copying to dir $targetdir\n"; > > >! $this->CopyToDir($targetdir); > > >! } else { > > >! #print STDERR "Copying to file $targetdir/$targetfile\n"; > > >! my $target = new IO::File "$targetdir/$targetfile", "w"; > > >! MailScanner::Log::WarnLog("writing to $targetdir/$targetfile: $!") > > >! if not defined $target; > > >! $this->WriteEntireMessage($message, $target); > > >! } > > > } > > > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >Question: If someone with multiple personalities tries >to commit suicide, do the police consider it a hostage >situation? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From brose at MED.WAYNE.EDU Sat May 3 11:18:22 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:56 2006 Subject: SophosSavi problm Message-ID: This was working yesterday when I started using it for the first time but it suddenly stopped working early this morning. Mailscanner is logging an error when starting up now MailScanner E-Mail Virus Scanner version 4.20-2 starting... SophosSAVI ERROR:: initializing savi: Unknown error (557) I swithced back to plain old sophos and it seems to be working ok other than a little slower as was discussed last month or so. I recompiled Savi and it's make test works. Is there something else that I can try to get a better log message to figure out it's problem? -=Bobby From brose at MED.WAYNE.EDU Sat May 3 11:49:44 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:56 2006 Subject: SophosSavi problm Message-ID: I just checked my test box and it's doing the same thing. It looks like it started after the last Sophos update around 12am and when Mailscanner did it's 4 hr restarted it, it started to show it's reporting the problem. If I run the scan.pl from the SAVI examples, I get Version 3.69 (engine 2.14) recognizing 81434 viruses IDE /usr/local/Sophos/lib/vdl.dat released 5/5/2003 Error setting Mac: 524 Error setting SafeMacDfHandling: 524 But I don't know if that error is normal since I didn't run it before this problem crept up. -----Original Message----- From: Rose, Bobby Sent: Saturday, May 03, 2003 6:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: SophosSavi problm This was working yesterday when I started using it for the first time but it suddenly stopped working early this morning. Mailscanner is logging an error when starting up now MailScanner E-Mail Virus Scanner version 4.20-2 starting... SophosSAVI ERROR:: initializing savi: Unknown error (557) I swithced back to plain old sophos and it seems to be working ok other than a little slower as was discussed last month or so. I recompiled Savi and it's make test works. Is there something else that I can try to get a better log message to figure out it's problem? -=Bobby From jaearick at COLBY.EDU Sat May 3 12:00:30 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:17:56 2006 Subject: SpamAssassin score below 7? In-Reply-To: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> References: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> Message-ID: Hi, I use the default spam score of 5 and high spam score of 10. No complaints about loosing a false positive at 10. I had a recent post where I changed the subject for high spam to "{HIGH SPAM}", forwarded it to myself, and used procmail to drop it into a folder. No non-spam was captured in three days of testing. --- Jeff Earickson On Fri, 2 May 2003, ISP List wrote: > Date: Fri, 2 May 2003 14:16:22 -0500 > From: ISP List > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin score below 7? > > Anyone doing a SpamAssassin score threshold below 7? Have any problems > with false positives? > > ------------------------------------- > Mike Bacher / mike@sparklogic.com > Use OptiGold ISP? Check out OptiSkin! > http://www.sparklogic.com/optiskin/ > ------------------------------------- > From jaearick at COLBY.EDU Sat May 3 12:27:11 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:17:56 2006 Subject: Anyone know why this happens? In-Reply-To: <002701c310dc$9d5aa9c0$a91cbdcf@home.middlefinger.net> References: <002701c310dc$9d5aa9c0$a91cbdcf@home.middlefinger.net> Message-ID: Hi, The remote side is whacking the connection before the data transfer completes. This is not a DNS issue, because the DNS lookup are already done and the connection has been made by this point. I ran into this with another site using Novell Groupwise email and some firewall setup I've never heard of. The problem was at their end. They discovered that the MTU setting on their firewall was smaller than their MTU on their network. As packets went out thru the firewall, they were fragmented. All that packet fragmentation and reassembly slowed the connection to a crawl. In general, most mail software has timeout settings (sendmail has a lot of them, see the Bat book), and if a crawly data connection takes longer than one of these timeout settings, then the mail software thinks the connection is dead and whacks it. If you are seeing the EOM message in your logs, then the problem is at the remote end. Either their mailer timeouts are way too small (mailer misconfigured), their network connection is way slow (eg, fragmented packets), or their firewall is screwing up the connection. Since firewall boxes are the new thing, I always ask remote sites to check the config on them first. --- Jeff Earickson On Fri, 2 May 2003, Mike Kercher wrote: > Date: Fri, 2 May 2003 13:57:01 -0500 > From: Mike Kercher > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Anyone know why this happens? > > May 2 13:57:48 genesis sendmail[27561]: h42IoYo27561: collect: premature EOM: > Error 0 > May 2 13:57:48 genesis sendmail[27561]: h42IoYo27561: collect: unexpected close > on connection from mxsmta01.inithost.com, sender=: Error 0 > > Is this due to a DNS timeout or something? > > Mike > From brose at MED.WAYNE.EDU Sat May 3 12:40:21 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:17:56 2006 Subject: SophosSavi problm Message-ID: Forget it. I found the problem. The cron job for updating the virus defs was calling an older Sophos-autoupdate locating in my sophos/bin dir. It was place there since the 3.x days per the http://www.sng.ecs.soton.ac.uk/mailscanner/install/sophos.shtml instructions. -=B -----Original Message----- From: Rose, Bobby Sent: Saturday, May 03, 2003 6:50 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SophosSavi problm I just checked my test box and it's doing the same thing. It looks like it started after the last Sophos update around 12am and when Mailscanner did it's 4 hr restarted it, it started to show it's reporting the problem. If I run the scan.pl from the SAVI examples, I get Version 3.69 (engine 2.14) recognizing 81434 viruses IDE /usr/local/Sophos/lib/vdl.dat released 5/5/2003 Error setting Mac: 524 Error setting SafeMacDfHandling: 524 But I don't know if that error is normal since I didn't run it before this problem crept up. -----Original Message----- From: Rose, Bobby Sent: Saturday, May 03, 2003 6:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: SophosSavi problm This was working yesterday when I started using it for the first time but it suddenly stopped working early this morning. Mailscanner is logging an error when starting up now MailScanner E-Mail Virus Scanner version 4.20-2 starting... SophosSAVI ERROR:: initializing savi: Unknown error (557) I swithced back to plain old sophos and it seems to be working ok other than a little slower as was discussed last month or so. I recompiled Savi and it's make test works. Is there something else that I can try to get a better log message to figure out it's problem? -=Bobby From mailscanner at ecs.soton.ac.uk Sat May 3 12:38:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: SophosSavi problm In-Reply-To: Message-ID: <5.2.1.1.2.20030503123605.02809660@imap.ecs.soton.ac.uk> I have just been playing with a really short "Restart Every" time (45 seconds) and manually running /usr/lib/MailScanner/sophos-autoupdate. I can't get it to fail :-( What OS and version, etc are you running? I might be able to build a test server for it to reproduce the problem. I'm running 4.20-3 (effectively) on RedHat 8 with Sophos 3.68. At 11:49 03/05/2003, you wrote: >I just checked my test box and it's doing the same thing. It looks like >it started after the last Sophos update around 12am and when Mailscanner >did it's 4 hr restarted it, it started to show it's reporting the >problem. > >If I run the scan.pl from the SAVI examples, I get >Version 3.69 (engine 2.14) recognizing 81434 viruses > IDE /usr/local/Sophos/lib/vdl.dat released 5/5/2003 >Error setting Mac: 524 >Error setting SafeMacDfHandling: 524 > >But I don't know if that error is normal since I didn't run it before >this problem crept up. The 2 Mac errors are okay. It's just that the Perl SAVI module is a bit behind the list of available options in Sophos now. >-----Original Message----- >From: Rose, Bobby >Sent: Saturday, May 03, 2003 6:18 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: SophosSavi problm > > >This was working yesterday when I started using it for the first time >but it suddenly stopped working early this morning. Mailscanner is >logging an error when starting up now > >MailScanner E-Mail Virus Scanner version 4.20-2 starting... SophosSAVI >ERROR:: initializing savi: Unknown error (557) > >I swithced back to plain old sophos and it seems to be working ok other >than a little slower as was discussed last month or so. I recompiled >Savi and it's make test works. Is there something else that I can try >to get a better log message to figure out it's problem? > >-=Bobby -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 3 12:48:18 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: SophosSavi problm In-Reply-To: Message-ID: <5.2.1.1.2.20030503124755.0283c818@imap.ecs.soton.ac.uk> Fancy adding that to the faq-o-matic please? At 12:40 03/05/2003, you wrote: >Forget it. I found the problem. The cron job for updating the virus >defs was calling an older Sophos-autoupdate locating in my sophos/bin >dir. It was place there since the 3.x days per the >http://www.sng.ecs.soton.ac.uk/mailscanner/install/sophos.shtml >instructions. > >-=B > >-----Original Message----- >From: Rose, Bobby >Sent: Saturday, May 03, 2003 6:50 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SophosSavi problm > > >I just checked my test box and it's doing the same thing. It looks like >it started after the last Sophos update around 12am and when Mailscanner >did it's 4 hr restarted it, it started to show it's reporting the >problem. > >If I run the scan.pl from the SAVI examples, I get >Version 3.69 (engine 2.14) recognizing 81434 viruses > IDE /usr/local/Sophos/lib/vdl.dat released 5/5/2003 Error >setting Mac: 524 Error setting SafeMacDfHandling: 524 > >But I don't know if that error is normal since I didn't run it before >this problem crept up. > >-----Original Message----- >From: Rose, Bobby >Sent: Saturday, May 03, 2003 6:18 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: SophosSavi problm > > >This was working yesterday when I started using it for the first time >but it suddenly stopped working early this morning. Mailscanner is >logging an error when starting up now > >MailScanner E-Mail Virus Scanner version 4.20-2 starting... SophosSAVI >ERROR:: initializing savi: Unknown error (557) > >I swithced back to plain old sophos and it seems to be working ok other >than a little slower as was discussed last month or so. I recompiled >Savi and it's make test works. Is there something else that I can try >to get a better log message to figure out it's problem? > >-=Bobby -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikew at CRUCIS.NET Sat May 3 16:00:03 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? In-Reply-To: <010601c31142$6e10bbd0$75c65a42@x27> References: <010601c31142$6e10bbd0$75c65a42@x27> Message-ID: <200305031000.03818.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 03 May 2003 02:05 am, you wrote: > I have noticed that the spam that does get thru is found in > OSIRUSOFT, but I do not currently use it. Who is using it and how > well is it working? Wondering about how accuratly it is marking > SPAM. > > > Regards, > > Donovan Huff > Owner/Operator > HUFF DATA SYSTEMS > donovan@huffdatasystems.com > http://www.huffdatasystems.com/ > (361) 781-0631 > I used it for a while then turned it off. It had waayyy too many false positives for me. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+s9lz5fq6h2uDDlQRAm3DAKCy/aIhAl27+fOxj/Z0MZkM7IO3gwCgoIyJ BO8tLlHxW82raQZyv2HtKNQ= =r3lE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From mike at CAMAROSS.NET Sat May 3 15:57:48 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:17:56 2006 Subject: Anyone know why this happens? In-Reply-To: Message-ID: <003301c31184$5d748b20$6701a8c0@home.middlefinger.net> Excellent info...thanks a lot :) Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson Sent: Saturday, May 03, 2003 6:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Anyone know why this happens? Hi, The remote side is whacking the connection before the data transfer completes. This is not a DNS issue, because the DNS lookup are already done and the connection has been made by this point. I ran into this with another site using Novell Groupwise email and some firewall setup I've never heard of. The problem was at their end. They discovered that the MTU setting on their firewall was smaller than their MTU on their network. As packets went out thru the firewall, they were fragmented. All that packet fragmentation and reassembly slowed the connection to a crawl. In general, most mail software has timeout settings (sendmail has a lot of them, see the Bat book), and if a crawly data connection takes longer than one of these timeout settings, then the mail software thinks the connection is dead and whacks it. If you are seeing the EOM message in your logs, then the problem is at the remote end. Either their mailer timeouts are way too small (mailer misconfigured), their network connection is way slow (eg, fragmented packets), or their firewall is screwing up the connection. Since firewall boxes are the new thing, I always ask remote sites to check the config on them first. --- Jeff Earickson On Fri, 2 May 2003, Mike Kercher wrote: > Date: Fri, 2 May 2003 13:57:01 -0500 > From: Mike Kercher > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Anyone know why this happens? > > May 2 13:57:48 genesis sendmail[27561]: h42IoYo27561: collect: > premature EOM: Error 0 May 2 13:57:48 genesis sendmail[27561]: > h42IoYo27561: collect: unexpected close on connection from > mxsmta01.inithost.com, sender=: Error 0 > > Is this due to a DNS timeout or something? > > Mike > From marco at MUW.EDU Sat May 3 17:10:50 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:17:56 2006 Subject: ini script Message-ID: <1051978250.3eb3ea0a3bfb6@webmail.MUW.Edu> I just upgraded to 4.20-3 and upon restarting MailScanner, I see this: Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: chown: `smmsp:smmsp': invalid user [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] Have I missed anything? I searched all the posts already. This is a RH 7.3 system with sendmail-8.11.6-25.73. Thanks for any input Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at ecs.soton.ac.uk Sat May 3 17:20:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: ini script In-Reply-To: <1051978250.3eb3ea0a3bfb6@webmail.MUW.Edu> Message-ID: <5.2.1.1.2.20030503171706.027f1d48@imap.ecs.soton.ac.uk> At 17:10 03/05/2003, you wrote: >I just upgraded to 4.20-3 and upon restarting MailScanner, I see this: > >Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] >Starting MailScanner daemons: > incoming sendmail: chown: `smmsp:smmsp': invalid user > [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] > >Have I missed anything? I searched all the posts already. >This is a RH 7.3 system with sendmail-8.11.6-25.73. Your sendmail setup doesn't include the "submit.cf" sendmail instance. No harm is done. Apply this patch to your /etc/rc.d/init.d/MailScanner file --- MailScanner Fri May 2 00:58:30 2003 +++ MailScanner.new Sat May 3 17:21:37 2003 @@ -95,7 +95,7 @@ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID touch /var/run/sm-client.pid - chown smmsp:smmsp /var/run/sm-client.pid + chown smmsp:smmsp /var/run/sm-client.pid 2>/dev/null $SENDMAIL -L sm-msp-queue -Ac -q15m 2>/dev/null success echo -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From donovan at HUFFDATASYSTEMS.COM Sat May 3 17:58:14 2003 From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? References: <010601c31142$6e10bbd0$75c65a42@x27> <200305031000.03818.mikew@crucis.net> Message-ID: <023a01c31195$30dd88d0$75c65a42@x27> When I used it a while back I had a lot of false positives as well. Okay, seems like I will continue not using it. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ ----- Original Message ----- From: "Mike Watson" To: Sent: Saturday, May 03, 2003 10:00 AM Subject: Re: Use OSIRUSOFT yes or no? > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Saturday 03 May 2003 02:05 am, you wrote: > > I have noticed that the spam that does get thru is found in > > OSIRUSOFT, but I do not currently use it. Who is using it and how > > well is it working? Wondering about how accuratly it is marking > > SPAM. > > > > > > Regards, > > > > Donovan Huff > > Owner/Operator > > HUFF DATA SYSTEMS > > donovan@huffdatasystems.com > > http://www.huffdatasystems.com/ > > (361) 781-0631 > > > I used it for a while then turned it off. It had waayyy too many false > positives for me. > > Mike W > - -- > Registered Linux - 256979 > NRA Life > ARS: W0TMW > > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE+s9lz5fq6h2uDDlQRAm3DAKCy/aIhAl27+fOxj/Z0MZkM7IO3gwCgoIyJ > BO8tLlHxW82raQZyv2HtKNQ= > =r3lE > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by F-Prot and MailScanner, > and is believed to be clean. From mailscanner at ecs.soton.ac.uk Sat May 3 18:03:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Selling a product based on MailScanner? In-Reply-To: <5.2.1.1.2.20030429154336.0234e4c8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030503180226.04137008@imap.ecs.soton.ac.uk> I have had a grand total of about 3 replies to this. I'm sure there are some more of you out there! At 15:51 29/04/2003, you wrote: >A lot of sites are very cautious about having anything other than an >"appliance" or a "managed service" for providing email security. > >So what I would like to do is run a page on the MailScanner.biz site >(linked from MailScanner.info) that lists products, systems and services >that I know about, which use MailScanner. > >So if you are commercially providing any service or system based around >MailScanner to the general public, please drop me a line (off-list). > >I will give you at least a link to a web page of your choosing (it doesn't >have to be just your home page). Give me a few words that describe your >product or service, and I might choose to add them as well. If I don't like >what you send me, I'll re-write it. So be nice... > >Exactly what information gets put on the list, and in what order, is >entirely up to me. I retain complete editorial control of the whole list. > >This is a chance for some free advertising, so make good use of it. >I'm not charging anything for listing your product/service, but a suitable >donation would be appreciated (how much would a commercial site charge you >for this?). >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From michele at BLACKNIGHTSOLUTIONS.COM Sat May 3 18:03:07 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? In-Reply-To: <023a01c31195$30dd88d0$75c65a42@x27> References: <010601c31142$6e10bbd0$75c65a42@x27> <200305031000.03818.mikew@crucis.net> Message-ID: <5.2.0.9.0.20030503190224.02224f48@blacknightsolutions.com> What kind of false positives did you get? >. Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From mailscanner at DERRINGER.CO.UK Sat May 3 17:58:31 2003 From: mailscanner at DERRINGER.CO.UK (Michael Derringer) Date: Thu Jan 12 21:17:56 2006 Subject: Failed rpm install Message-ID: <000101c31195$4c18f850$54dc6f83@corpus.cam.ac.uk> Running Redhat 7.2, I get the following after running the install.sh script: [root@cur.chu.cam.ac.uk MailScanner-4.20-3]# rpm -Uvh --nodeps mailscanner*rpm Preparing... ########################################### [100%] Segmentation fault [root@cur.chu.cam.ac.uk MailScanner-4.20-3]# Any ideas what could be causing it? I sucessfully installed 2 earlier versions:- 4.13-3 and upgraded to 4.14-9 with no problems. Thanks in advance, Michael Derringer From mike at CAMAROSS.NET Sat May 3 18:09:59 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:17:56 2006 Subject: Failed rpm install In-Reply-To: <000101c31195$4c18f850$54dc6f83@corpus.cam.ac.uk> Message-ID: <003a01c31196$d486da80$6701a8c0@home.middlefinger.net> Did you try it without the --nodeps to see if you are missing any dependencies? I'd do --nodeps as a last resort... Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael Derringer Sent: Saturday, May 03, 2003 11:59 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Failed rpm install Running Redhat 7.2, I get the following after running the install.sh script: [root@cur.chu.cam.ac.uk MailScanner-4.20-3]# rpm -Uvh --nodeps mailscanner*rpm Preparing... ########################################### [100%] Segmentation fault [root@cur.chu.cam.ac.uk MailScanner-4.20-3]# Any ideas what could be causing it? I sucessfully installed 2 earlier versions:- 4.13-3 and upgraded to 4.14-9 with no problems. Thanks in advance, Michael Derringer From mailscanner at ecs.soton.ac.uk Sat May 3 18:14:27 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Failed rpm install In-Reply-To: <000101c31195$4c18f850$54dc6f83@corpus.cam.ac.uk> Message-ID: <5.2.1.1.2.20030503181211.04139320@imap.ecs.soton.ac.uk> To start with, try downloading it again and check that you have a correct copy. The command sum mailscanner*rpm should produce 40654 563 I haven't changed anything in the way that I package it, other than the entire distribution comes compressed (i.e. .tar.gz instead of just .tar). At 17:58 03/05/2003, you wrote: >Running Redhat 7.2, I get the following after running the install.sh script: > >[root@cur.chu.cam.ac.uk MailScanner-4.20-3]# rpm -Uvh --nodeps >mailscanner*rpm >Preparing... ########################################### >[100%] >Segmentation fault >[root@cur.chu.cam.ac.uk MailScanner-4.20-3]# > >Any ideas what could be causing it? I sucessfully installed 2 earlier >versions:- 4.13-3 and upgraded to 4.14-9 with no problems. > >Thanks in advance, > >Michael Derringer -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at DERRINGER.CO.UK Sat May 3 18:53:40 2003 From: mailscanner at DERRINGER.CO.UK (Michael Derringer) Date: Thu Jan 12 21:17:56 2006 Subject: Failed rpm install In-Reply-To: <5.2.1.1.2.20030503181211.04139320@imap.ecs.soton.ac.uk> Message-ID: <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> Thanks for your help, I re-downloaded the file and gunzipped it with tar xvzf, and also used sum on the mailscanner*rpm file which gave exactly the same readings as they should be: 40654 563. Could it be a fault not with the mailscanner install but something else on the machine? I then tried the ./inshall.sh script which executed perfectly up until this point: --------- Installing tnef decoder Preparing... ########################################### [100%] package tnef-1.1.4-sizelimit1 is already installed Now to install MailScanner itself. Preparing... ########################################### [100%] ./install.sh: line 254: 30758 Segmentation fault rpm -Uvh ${NODEPS} mailscanner*noarch.rpm --------- Then tried both these commands: --------- [root@cur MailScanner-4.20-3]# rpm -Uvh --nodeps mailscanner*rpm Preparing... ########################################### [100%] Segmentation fault [root@cur MailScanner-4.20-3]# rpm -Uvh mailscanner*rpm Preparing... ########################################### [100%] Segmentation fault --------- > To start with, try downloading it again and check that you > have a correct copy. The command > sum mailscanner*rpm > should produce > 40654 563 > > I haven't changed anything in the way that I package it, > other than the entire distribution comes compressed (i.e. > .tar.gz instead of just .tar). From mailscanner at ecs.soton.ac.uk Sat May 3 19:00:24 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Failed rpm install In-Reply-To: <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> References: <5.2.1.1.2.20030503181211.04139320@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030503185854.023fad20@imap.ecs.soton.ac.uk> Does "rpm -Uv" produce any more useful info than -Uvh ? Sounds like something is broken on your redhat box. Does a "rpm --rebuilddb" help at all? At 18:53 03/05/2003, you wrote: >Thanks for your help, I re-downloaded the file and gunzipped >it with tar xvzf, and also used sum on the mailscanner*rpm file which gave >exactly the same readings as they should be: 40654 563. > >Could it be a fault not with the mailscanner install but something else on >the machine? > >I then tried the ./inshall.sh script which executed perfectly up until this >point: >--------- >Installing tnef decoder > >Preparing... ########################################### [100%] >package tnef-1.1.4-sizelimit1 is already installed > >Now to install MailScanner itself. > >Preparing... ########################################### [100%] >./install.sh: line 254: 30758 Segmentation fault >rpm -Uvh ${NODEPS} mailscanner*noarch.rpm >--------- > > >Then tried both these commands: >--------- >[root@cur MailScanner-4.20-3]# rpm -Uvh --nodeps mailscanner*rpm >Preparing... ########################################### [100%] >Segmentation fault >[root@cur MailScanner-4.20-3]# rpm -Uvh mailscanner*rpm >Preparing... ########################################### [100%] >Segmentation fault >--------- > > > > To start with, try downloading it again and check that you > > have a correct copy. The command > > sum mailscanner*rpm > > should produce > > 40654 563 > > > > I haven't changed anything in the way that I package it, > > other than the entire distribution comes compressed (i.e. > > .tar.gz instead of just .tar). -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From donovan at HUFFDATASYSTEMS.COM Sat May 3 19:05:57 2003 From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS) Date: Thu Jan 12 21:17:56 2006 Subject: Selling a product based on MailScanner? References: <5.2.1.1.2.20030503180226.04137008@imap.ecs.soton.ac.uk> Message-ID: <025501c3119e$a68fc210$75c65a42@x27> Well I think thousands of hours spent making up marketing statistics would show that a better name is needed for a commercial ver$ion of MailScanner, selling the "Julian Field 4000 SPAM Stopper" might prove to be difficult. Oops... Hope I wasn't suppose to keep that name a secret till "launch day". However, having it add HTML ads to the footer of all e-mail shows great profit potential from the marketing statistics gathered from thousands of hours of made up research data by our firm, X10 is highly interested in purchasing all the ad space, it seems there is a large market for tiny hard-to-see video cameras. Also, if it is powered by Google that would be swell. Do not forget to get the AOL keyword SPAMSTP, we do not know why you need it, but get one and make sure you advertise it more than the actual domain name. Speaking of domain name further intense research after minutes of thinking discovered that the domain name spamstop.com would be the best domain name; the great news is that it is for sale and in these post dot com boom days it can be had for next to nothing at just $500,000! Yes, this is all a joke, this is the part where you laugh or think bad thoughts about me. I suggest laughing otherwise the physicist bills will be quite expensive, cause you know, it's a long road to recovery. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ ----- Original Message ----- From: "Julian Field" To: Sent: Saturday, May 03, 2003 12:03 PM Subject: Re: Selling a product based on MailScanner? > I have had a grand total of about 3 replies to this. > I'm sure there are some more of you out there! > > At 15:51 29/04/2003, you wrote: > >A lot of sites are very cautious about having anything other than an > >"appliance" or a "managed service" for providing email security. > > > >So what I would like to do is run a page on the MailScanner.biz site > >(linked from MailScanner.info) that lists products, systems and services > >that I know about, which use MailScanner. > > > >So if you are commercially providing any service or system based around > >MailScanner to the general public, please drop me a line (off-list). > > > >I will give you at least a link to a web page of your choosing (it doesn't > >have to be just your home page). Give me a few words that describe your > >product or service, and I might choose to add them as well. If I don't like > >what you send me, I'll re-write it. So be nice... > > > >Exactly what information gets put on the list, and in what order, is > >entirely up to me. I retain complete editorial control of the whole list. > > > >This is a chance for some free advertising, so make good use of it. > >I'm not charging anything for listing your product/service, but a suitable > >donation would be appreciated (how much would a commercial site charge you > >for this?). > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From Steve at swaney.com Sat May 3 19:11:21 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:17:56 2006 Subject: Failed rpm install In-Reply-To: <5.2.1.1.2.20030503185854.023fad20@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030503181211.04139320@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030503185854.023fad20@imap.ecs.soton.ac.uk> Message-ID: <1051985481.1332.120.camel@speedy> Don't know if your using redhat 8, but if you are - Redhat 8 rpm has a (yet unfixed) feature. Symptom is that rpm commands hang. If rpm is acting up in any way, You might try removing: /var/lib/rpm/__db.001 /var/lib/rpm/__db.002 /var/lib/rpm/__db.003 then rpm --rebuilddb On Sat, 2003-05-03 at 14:00, Julian Field wrote: > Does "rpm -Uv" produce any more useful info than -Uvh ? > Sounds like something is broken on your redhat box. > > Does a "rpm --rebuilddb" help at all? > > At 18:53 03/05/2003, you wrote: > >Thanks for your help, I re-downloaded the file and gunzipped > >it with tar xvzf, and also used sum on the mailscanner*rpm file which gave > >exactly the same readings as they should be: 40654 563. > > > >Could it be a fault not with the mailscanner install but something else on > >the machine? > > > >I then tried the ./inshall.sh script which executed perfectly up until this > >point: > >--------- > >Installing tnef decoder > > > >Preparing... ########################################### [100%] > >package tnef-1.1.4-sizelimit1 is already installed > > > >Now to install MailScanner itself. > > > >Preparing... ########################################### [100%] > >./install.sh: line 254: 30758 Segmentation fault > >rpm -Uvh ${NODEPS} mailscanner*noarch.rpm > >--------- > > > > > >Then tried both these commands: > >--------- > >[root@cur MailScanner-4.20-3]# rpm -Uvh --nodeps mailscanner*rpm > >Preparing... ########################################### [100%] > >Segmentation fault > >[root@cur MailScanner-4.20-3]# rpm -Uvh mailscanner*rpm > >Preparing... ########################################### [100%] > >Segmentation fault > >--------- > > > > > > > To start with, try downloading it again and check that you > > > have a correct copy. The command > > > sum mailscanner*rpm > > > should produce > > > 40654 563 > > > > > > I haven't changed anything in the way that I package it, > > > other than the entire distribution comes compressed (i.e. > > > .tar.gz instead of just .tar). > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030503/acabe563/attachment.html From Steve at swaney.com Sat May 3 19:23:17 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:17:56 2006 Subject: Selling a product based on MailScanner? In-Reply-To: <5.2.1.1.2.20030503180226.04137008@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030503180226.04137008@imap.ecs.soton.ac.uk> Message-ID: <1051986197.1337.140.camel@speedy> Juilan, Sorry I meant to respond earlier. Linux Systems Solutions is the only firm in the Washington Metropolitan Area which concentrates on providing Linux integration and consulting services. We specailize in providing comprehensive enterprise emthisail solutions using MailScanner and SpamAssassin integrated with Anti-virus software. Linux Systems Solutions, Inc. www.LinuxSystemsSolutions.com info@linuxSystemsSolutions.com Phone: 202 352-3262 Fax: 202 352-3262 Thanks for the gentle reminder, Steve On Sat, 2003-05-03 at 13:03, Julian Field wrote: > I have had a grand total of about 3 replies to this. > I'm sure there are some more of you out there! > > At 15:51 29/04/2003, you wrote: > >A lot of sites are very cautious about having anything other than an > >"appliance" or a "managed service" for providing email security. > > > >So what I would like to do is run a page on the MailScanner.biz site > >(linked from MailScanner.info) that lists products, systems and services > >that I know about, which use MailScanner. > > > >So if you are commercially providing any service or system based around > >MailScanner to the general public, please drop me a line (off-list). > > > >I will give you at least a link to a web page of your choosing (it doesn't > >have to be just your home page). Give me a few words that describe your > >product or service, and I might choose to add them as well. If I don't like > >what you send me, I'll re-write it. So be nice... > > > >Exactly what information gets put on the list, and in what order, is > >entirely up to me. I retain complete editorial control of the whole list. > > > >This is a chance for some free advertising, so make good use of it. > >I'm not charging anything for listing your product/service, but a suitable > >donation would be appreciated (how much would a commercial site charge you > >for this?). > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > -- > Julian Field > www.Mai > Steve Swaney > Steve@LinuxSystemsSolutions.com > www.LinuxSystemsSolutions.com > Linux System Solutions, Inc. > Phone: 202 352-3262 > Fax: 202 352-3262 > lScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030503/f29947cd/attachment.html From Steve at swaney.com Sat May 3 20:07:04 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:17:56 2006 Subject: sophossavi with Postfix In-Reply-To: <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> References: <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> Message-ID: <1051988823.1330.184.camel@speedy> I've just installed MailScanner 4.2-3 configured for postfix on Redhat 9 with SpamAssassin 2.53. All works perfectly! when using: Virus Scanners = sophos But when I switch to: Virus Scanner= sophossavi Mail is accepted but deferred. MailScanner doesn't pick up the message. Switching back to Virus Scanners = sophos and restarting MailScanner causes MailScanner to find and deliver the stalled message. I believe that sophossavi is compiled and installed identically to a Redhat 8.0 - sendmail system that is working flawlessly (Thanks very much!) Steve Steve Swaney Steve@Swaney.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030503/e762b64e/attachment.html From gerry at DORFAM.CA Sat May 3 20:17:42 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:17:56 2006 Subject: Running SpamAssassin as a specific user? Message-ID: I'd like to call spamassassin from within MailScanner but have it run as a specific user ie "gerry". Is that possible? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mailscanner at ecs.soton.ac.uk Sat May 3 20:24:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Running SpamAssassin as a specific user? In-Reply-To: Message-ID: <5.2.1.1.2.20030503202305.040e30f0@imap.ecs.soton.ac.uk> At 20:17 03/05/2003, you wrote: >I'd like to call spamassassin from within MailScanner but have it run as a >specific user ie "gerry". Is that possible? You can change where SpamAssassin looks for all its files, but I'm afraid you can't actually change the user it runs as. But you can change the user the whole of MailScanner runs as, if that helps. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 3 20:37:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: sophossavi with Postfix In-Reply-To: <1051988823.1330.184.camel@speedy> References: <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> Message-ID: <5.2.1.1.2.20030503203440.0250e6b0@imap.ecs.soton.ac.uk> At 20:07 03/05/2003, you wrote: >I've just installed MailScanner 4.2-3 configured for postfix on Redhat 9 >with SpamAssassin 2.53. All works perfectly! when using: >Virus Scanners = sophos > >But when I switch to: >Virus Scanner= sophossavi > >Mail is accepted but deferred. MailScanner doesn't pick up the message. > >Switching back to >Virus Scanners = sophos > >and restarting MailScanner causes MailScanner to find and deliver the >stalled message. I believe that sophossavi is compiled and installed >identically to a Redhat 8.0 - sendmail system that is working flawlessly >(Thanks very much!) Something curious is happening. I have just duplicated this setup on a test RedHat 8.0 server, and it works fine: May 3 19:33:52 tinker postfix/nqmgr[4706]: AAA011002C0: from=, size=410, nrcpt=1 (queue active) May 3 19:33:52 tinker postfix/nqmgr[4706]: AAA011002C0: to=, relay=none, delay=32, status=deferred (deferred transport) May 3 20:33:55 tinker MailScanner[4766]: New Batch: Scanning 1 messages, 557 bytes May 3 20:33:58 tinker MailScanner[4766]: Virus and Content Scanning: Starting May 3 20:33:58 tinker MailScanner[4766]: Uninfected: Delivered 1 messages The virus scanning code is totally separate from the Postfix code, and was even written at a different time, so I'm not sure what is going on. I'm afraid I can't reproduce your problem. Can you check that your 2 configurations really differ by only the "Virus Scanners" option? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Sat May 3 20:45:31 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:56 2006 Subject: Running SpamAssassin as a specific user? In-Reply-To: Message-ID: Hi! > I'd like to call spamassassin from within MailScanner but have it run as a > specific user ie "gerry". Is that possible? Why you wanna do that ? Bye, Raymond. From gerry at DORFAM.CA Sat May 3 20:59:19 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:17:56 2006 Subject: Running SpamAssassin as a specific user? In-Reply-To: Message-ID: On Sat, 3 May 2003, Raymond Dijkxhoorn wrote: > Hi! > > > I'd like to call spamassassin from within MailScanner but have it run as a > > specific user ie "gerry". Is that possible? > > Why you wanna do that ? > > Bye, > Raymond. I had built up quite a Bayes history running spamassassin separate from MailScanner as user gerry. I wanted to be able to continue using that history but I'm not sure how to when calls are made to spamassassin from within MailScanner. On a separate topic... I have never seen a mention of DCC in the spamassassin scores when spamassassin is called from within MailScanner. I see those scores a lot when spamassassin is called outside of MailScanner. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From michele at BLACKNIGHTSOLUTIONS.COM Sat May 3 20:59:42 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:56 2006 Subject: Upgrading to latest release In-Reply-To: References: Message-ID: <5.2.0.9.0.20030503215709.0250ed28@blacknightsolutions.com> I upgraded Mailscanner on one of our spare servers last night without any hiccups. However, I noticed something. The last time I did an upgrade there were instructions and possibly files (not 100% sure about that) to upgrade the configuration files - this time there weren't. Any pointers? Thanks, Michele Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From mailscanner at ecs.soton.ac.uk Sat May 3 21:15:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Running SpamAssassin as a specific user? In-Reply-To: References: Message-ID: <5.2.1.1.2.20030503211428.0413a3f8@imap.ecs.soton.ac.uk> At 20:59 03/05/2003, you wrote: >On Sat, 3 May 2003, Raymond Dijkxhoorn wrote: > > > Hi! > > > > > I'd like to call spamassassin from within MailScanner but have it run > as a > > > specific user ie "gerry". Is that possible? > > > > Why you wanna do that ? > > > > Bye, > > Raymond. > >I had built up quite a Bayes history running spamassassin separate from >MailScanner as user gerry. I wanted to be able to continue using that >history but I'm not sure how to when calls are made to spamassassin from >within MailScanner. > >On a separate topic... > >I have never seen a mention of DCC in the spamassassin scores when >spamassassin is called from within MailScanner. I see those scores a lot >when spamassassin is called outside of MailScanner. If you look in spam.assassin.prefs.conf you will find the DCC rules are set to 0. I did this for a previous version of SpamAssassin where this was a problem, but never removed it for some reason. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 3 21:17:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:56 2006 Subject: Upgrading to latest release In-Reply-To: <5.2.0.9.0.20030503215709.0250ed28@blacknightsolutions.com> References: Message-ID: <5.2.1.1.2.20030503211529.02886430@imap.ecs.soton.ac.uk> At 20:59 03/05/2003, you wrote: >I upgraded Mailscanner on one of our spare servers last night without any >hiccups. >However, I noticed something. The last time I did an upgrade there were >instructions and possibly files (not 100% sure about that) to upgrade the >configuration files - this time there weren't. The script is called "upgrade_MailScanner_conf". Just run it to get the usage. Whether you see the bit of text about it depends on what you are upgrading from. By the time MailScanner knows it is being upgraded, it's only the old version (being removed) that knows. Not much I can do about that. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Sat May 3 22:00:14 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:56 2006 Subject: Running SpamAssassin as a specific user? In-Reply-To: Message-ID: Hi! > > Why you wanna do that ? > I had built up quite a Bayes history running spamassassin separate from > MailScanner as user gerry. I wanted to be able to continue using that > history but I'm not sure how to when calls are made to spamassassin from > within MailScanner. Why not copy those and chown them to root ? Bye, Raymond. From mikew at CRUCIS.NET Sat May 3 22:06:45 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:17:56 2006 Subject: Use OSIRUSOFT yes or no? In-Reply-To: <5.2.0.9.0.20030503190224.02224f48@blacknightsolutions.com> References: <010601c31142$6e10bbd0$75c65a42@x27> <200305031000.03818.mikew@crucis.net> <5.2.0.9.0.20030503190224.02224f48@blacknightsolutions.com> Message-ID: <200305031606.48581.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 03 May 2003 12:03 pm, you wrote: > What kind of false positives did you get? > > >. > > Mr. Michele Neylon > Blacknight Solutions - affordable linux hosting > http://www.blacknightsolutions.com/ > Shell accounts now available!!! > > > ######################################################### > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance to it is prohibited. The most common were recognized mail lists from Yahoogroups.com. It wasn't consistent. A number of others were mail originating from Road Runner. In one weekend, over 40% of the incoming mail was flagged by OSIRUSOFT as spam. The real spam count was under 5% for that weekend. The normal mail count for a weekend is ~600 pieces. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+tC9o5fq6h2uDDlQRAhU7AKDXp02ohYdn75KAGT0VXJDoBFD7CwCgmaLT mTNVRz/OEa5kkfZz0wZLj3c= =zxma -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From gerry at DORFAM.CA Sat May 3 23:40:27 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:17:56 2006 Subject: Running SpamAssassin as a specific user? In-Reply-To: Message-ID: On Sat, 3 May 2003, Raymond Dijkxhoorn wrote: > Hi! > > > > Why you wanna do that ? > > > I had built up quite a Bayes history running spamassassin separate from > > MailScanner as user gerry. I wanted to be able to continue using that > > history but I'm not sure how to when calls are made to spamassassin from > > within MailScanner. > > Why not copy those and chown them to root ? > > Bye, > Raymond. > Gee, that would be too easy! I just did that and of course it works. Thanks for the suggestion! Doh! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From michele at BLACKNIGHTSOLUTIONS.COM Sun May 4 00:02:12 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:56 2006 Subject: Upgrading to latest release In-Reply-To: <5.2.1.1.2.20030503211529.02886430@imap.ecs.soton.ac.uk> References: <5.2.0.9.0.20030503215709.0250ed28@blacknightsolutions.com> Message-ID: <5.2.0.9.0.20030504005910.04046458@blacknightsolutions.com> At 21.17 03/05/2003 +0100, you wrote: >The script is called "upgrade_MailScanner_conf". Just run it to get the usage. I can't see it. I downloaded : http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.20-3.rpm.tar.gz Unpacked it and got: CheckModuleVersion perl-File-Spec-0.82-1.src.rpm perl-MailTools-1.50-1.src.rpm README ExtUtils-MakeMaker-6.05.tar.gz perl-File-Temp-0.12-1.src.rpm perl-MIME-Base64-2.12-1.src.rpm tnef-1.1.4-sizelimit1.i386.rpm install.sh perl-HTML-Parser-3.26-2.src.rpm perl-MIME-tools-5.411-pl4.2.src.rpm Update-MakeMaker.sh mailscanner-4.20-3.noarch.rpm perl-HTML-Tagset-3.03-1.src.rpm perl-TimeDate-1.1301-2.src.rpm perl-Convert-TNEF-0.17-1.src.rpm perl-IO-stringy-2.108-1.src.rpm QuickInstall.txt Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From mike at CAMAROSS.NET Sun May 4 00:20:34 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:17:56 2006 Subject: Upgrading to latest release In-Reply-To: <5.2.0.9.0.20030504005910.04046458@blacknightsolutions.com> Message-ID: <006101c311ca$99f45b20$6701a8c0@home.middlefinger.net> /usr/sbin/upgrade_MailScanner_conf -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: Blacknight Solutions Sent: Saturday, May 03, 2003 6:02 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Upgrading to latest release At 21.17 03/05/2003 +0100, you wrote: >The script is called "upgrade_MailScanner_conf". Just run it to get the >usage. I can't see it. I downloaded : http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.20-3.rp m.tar.gz Unpacked it and got: CheckModuleVersion perl-File-Spec-0.82-1.src.rpm perl-MailTools-1.50-1.src.rpm README ExtUtils-MakeMaker-6.05.tar.gz perl-File-Temp-0.12-1.src.rpm perl-MIME-Base64-2.12-1.src.rpm tnef-1.1.4-sizelimit1.i386.rpm install.sh perl-HTML-Parser-3.26-2.src.rpm perl-MIME-tools-5.411-pl4.2.src.rpm Update-MakeMaker.sh mailscanner-4.20-3.noarch.rpm perl-HTML-Tagset-3.03-1.src.rpm perl-TimeDate-1.1301-2.src.rpm perl-Convert-TNEF-0.17-1.src.rpm perl-IO-stringy-2.108-1.src.rpm QuickInstall.txt Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From michele at BLACKNIGHTSOLUTIONS.COM Sun May 4 00:31:07 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:17:57 2006 Subject: Upgrading to latest release In-Reply-To: <006101c311ca$99f45b20$6701a8c0@home.middlefinger.net> References: <5.2.0.9.0.20030504005910.04046458@blacknightsolutions.com> Message-ID: <5.2.0.9.0.20030504013022.03f91060@blacknightsolutions.com> At 18.20 03/05/2003 -0500, you wrote: >/usr/sbin/upgrade_MailScanner_conf Thanks! Mr. Michele Neylon Blacknight Solutions - affordable linux hosting http://www.blacknightsolutions.com/ Shell accounts now available!!! ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From mailscanner at ecs.soton.ac.uk Sun May 4 01:30:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Upgrading to latest release In-Reply-To: <5.2.0.9.0.20030504013022.03f91060@blacknightsolutions.com> References: <006101c311ca$99f45b20$6701a8c0@home.middlefinger.net> <5.2.0.9.0.20030504005910.04046458@blacknightsolutions.com> Message-ID: <5.2.1.1.2.20030504012937.022f9fa8@imap.ecs.soton.ac.uk> At 00:31 04/05/2003, you wrote: >At 18.20 03/05/2003 -0500, you wrote: >>/usr/sbin/upgrade_MailScanner_conf > >Thanks! If you su properly (i.e. "su -" and not just "su") then it will be on your path anyway, which is why I didn't bother giving the full path to you. Never just use "su", it doesn't set up the root user environment at all. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From dene at DATATECHIE.COM Sun May 4 02:08:44 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:57 2006 Subject: Selling a product based on MailScanner? In-Reply-To: <5.2.1.1.2.20030429154336.0234e4c8@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20030503204911.00b9f9c0@192.168.1.112> Hey Julian- Thanks for the invite. Sorry it took so long to ge6t back to you - been a little busy around here... Data Techie - "Always there to protect you" We provide a wide range of computer / network consulting services. We also offer dedicated and virtual hosting for web sites and email accounts. Our customers benefit from hosting options that include "SpamSlam" (primarily based on MailScanner for spam control only) and "S.A.V.E." (Spam And Virus Elimination) which provides a superior level of virus checking for some added comfort above using just a desktop antivirus application. End users no longer have to be concerned that their antivirus definitions might not be the "most recent". We take the extra step. Once again - thank you. Regards, Dene Ulmschneider Data Techie Inc. ------------------------------------------------------------------------- office: 718.738.8859 cell: 646.996.2976 email: dene@datatechie.com pager mail: denenow@datatechie.com website: www.datatechie.com ------------------------------------------------------------------------- "Life is too short...-...you should have dessert first" At 03:51 PM 4/29/2003 +0100, you wrote: >A lot of sites are very cautious about having anything other than an >"appliance" or a "managed service" for providing email security. > >So what I would like to do is run a page on the MailScanner.biz site >(linked from MailScanner.info) that lists products, systems and services >that I know about, which use MailScanner. > >So if you are commercially providing any service or system based around >MailScanner to the general public, please drop me a line (off-list). > >I will give you at least a link to a web page of your choosing (it doesn't >have to be just your home page). Give me a few words that describe your >product or service, and I might choose to add them as well. If I don't like >what you send me, I'll re-write it. So be nice... > >Exactly what information gets put on the list, and in what order, is >entirely up to me. I retain complete editorial control of the whole list. > >This is a chance for some free advertising, so make good use of it. >I'm not charging anything for listing your product/service, but a suitable >donation would be appreciated (how much would a commercial site charge you >for this?). >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030503/4bd4a67b/attachment.html From David.While at UCE.AC.UK Sun May 4 19:06:36 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:17:57 2006 Subject: syslog not working? Message-ID: I upgraded today from MS 4-10 to MS 4-20-3 I also use ClamAV. When the hourly update check is performed the syslog calls in clamav-autoupdate don't appear to be working - there is no output from the script in the maillog file. I have checked the syslog settings and all syslog calls for mail are logged. The calls in the update-virus-scanners do work. I am running RH7.3 and perl 5.6.1 Any ideas?? ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 From kevins at BMRB.CO.UK Sun May 4 20:51:40 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:57 2006 Subject: syslog not working? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011751F3@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011751F3@pascal.priv.bmrb.co.uk> Message-ID: <1052077903.16749.11.camel@bach.kevinspicer.co.uk> David, you got me a bit worried (I made some small changes to the syslog code in clamav-autoupdate, which Julian kindly merged into 4.20), but I've just checked by upgrading my home machine from 4.10 to 4.20-3 and it seems to be working fine. Which version of Clam are you using (any of the 'stable' releases should give you 'ClamAV Updated' under all circumstances, whereas any of the snapshot releases should give you a message conditional on Clam's exit status). I don't _think_ its anything I've done, since my changes should write something, no matter what happens. I don't know what your logging set up is (my info & error go to different files) so it might be worth mentioning that the new autoupdate script logs with severity error rather than info when something goes wrong. On Sun, 2003-05-04 at 19:06, David While wrote: I upgraded today from MS 4-10 to MS 4-20-3 I also use ClamAV. When the hourly update check is performed the syslog calls in clamav-autoupdate don't appear to be working - there is no output from the script in the maillog file. I have checked the syslog settings and all syslog calls for mail are logged. The calls in the update-virus-scanners do work. I am running RH7.3 and perl 5.6.1 Any ideas?? ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Sun May 4 21:18:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: syslog not working? In-Reply-To: Message-ID: <5.2.1.1.2.20030504211753.023c3e80@imap.ecs.soton.ac.uk> Take a look in /etc/rc.d/init.d/syslog and add a "-r" to the command it uses to start up syslogd. Then do /etc/rc.d/init.d/syslog restart At 19:06 04/05/2003, you wrote: >I upgraded today from MS 4-10 to MS 4-20-3 I also use ClamAV. When the >hourly update check is performed the syslog calls in clamav-autoupdate >don't appear to be working - there is no output from the script in the >maillog file. I have checked the syslog settings and all syslog calls for >mail are logged. The calls in the update-virus-scanners do work. > >I am running RH7.3 and perl 5.6.1 > >Any ideas?? > >----------------------------------------------------------------- >David While >Technical Development Manager >Faculty of Computing, Information & English >University of Central England >Tel: 0121 331 6211 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From David.While at UCE.AC.UK Sun May 4 23:32:05 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:17:57 2006 Subject: syslog not working? Message-ID: Thanks Julian - that did the trick! ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 Julian Field cc: Sent by: Subject: Re: syslog not working? MailScanner mailing list 04/05/2003 21:18 Please respond to MailScanner mailing list Take a look in /etc/rc.d/init.d/syslog and add a "-r" to the command it uses to start up syslogd. Then do /etc/rc.d/init.d/syslog restart At 19:06 04/05/2003, you wrote: >I upgraded today from MS 4-10 to MS 4-20-3 I also use ClamAV. When the >hourly update check is performed the syslog calls in clamav-autoupdate >don't appear to be working - there is no output from the script in the >maillog file. I have checked the syslog settings and all syslog calls for >mail are logged. The calls in the update-virus-scanners do work. > >I am running RH7.3 and perl 5.6.1 > >Any ideas?? > >----------------------------------------------------------------- >David While >Technical Development Manager >Faculty of Computing, Information & English >University of Central England >Tel: 0121 331 6211 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at BARENDSE.TO Mon May 5 08:19:58 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:17:57 2006 Subject: SpamAssassin not recognizing some chinese spam at all?? Message-ID: I have recently upgraded my SpamAssassin to 2.53-1 (RedHat rawhide SRPM). It seems to work ok but somehow some chinese spam is not recognized at all. Although the subject and the body are full of funny characters it still gets extremely low scores like 0.3 -> 2 The headers report only 1 or 2 things in those mails like: X-MailScanner-SpamCheck: not spam, SpamAssassin (score=2.1, required 7, MSG_ID_ADDED_BY_MTA_3, RCVD_IN_RFCI) X-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.3, required 7, MSG_ID_ADDED_BY_MTA_3) At the moment I am forwarding all incoming mail to one account at a server so I can see what is coming in. Although SpamAssassin does not add any headers about 8 bit or other crap, all those chinese mails are correctly being identified by pine as being in an abnormal character set [GB2312] Is this a bug in SpamAssassin? Is there a way to block e-mail that contains like > 90% chinese characters??? I can't block all e-mail solely on the character set because occasionally we do receive valid e-mail from china (albeit in English, not in chinese). -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kevins at BMRB.CO.UK Mon May 5 09:57:59 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:57 2006 Subject: SpamAssassin not recognizing some chinese spam at all?? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011751F7@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011751F7@pascal.priv.bmrb.co.uk> Message-ID: <1052125080.16749.15.camel@bach.kevinspicer.co.uk> >It seems to work ok but somehow some chinese spam is not recognized at all. Have you checked the settings for ok_locales and ok_languages in spam.assassin.prefs.conf? See here... http://useast.spamassassin.org/doc/Mail_SpamAssassin_Conf.html BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From j.cormie at ABERTAY.AC.UK Mon May 5 10:20:41 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:17:57 2006 Subject: [old version] spam not deleted properly Message-ID: This has happened a couple of time recently, a mail is supposedly removed from the queue, but mailscanner keeps trying to get it until I manually remove it from /var/spool/exim_incoming/input & msglog Yup, I know its an old version, just haven't had time to upgrade yet. Mailscanner 3.27 - Debian Testing Build Exim 3.35 May 4 01:23:01 uadspa01 mailscanner[4547]: Message 19C7HM-0001FS-00 from 67.121.6.134 (hotmail.com) is spam according to SpamAssassin (score=13.6, required 9, BASE64_ENC_TEXT, BAYES_30, DATE_IN_PAST_96_XX, FORGED_HOTMAIL_RCVD, MIME_MISSING_BOUNDARY, MSGID_OUTLOOK_TIME, NO_REAL_NAME, RCVD_FAKE_HELO_DOTCOM_2, TO_MALFORMED) May 4 01:23:01 uadspa01 mailscanner[4547]: Saved spam to /var/spool/mailscanner/quarantine/20030504/19C7HM-0001FS-00-D May 4 01:23:01 uadspa01 mailscanner[4547]: Deleted spam message 19C7HM-0001FS-00 from queue May 4 01:23:02 uadspa01 mailscanner[4547]: Could not open file /var/spool/exim_incoming/input/19C7HM-0001FS-00-D: No such file or directory May 4 01:23:02 uadspa01 mailscanner[4547]: Could not open file /var/spool/exim_incoming/input/19C7HM-0001FS-00-D: No such file or directory May 4 01:23:02 uadspa01 mailscanner[4547]: Could not open file /var/spool/exim_incoming/input/19C7HM-0001FS-00-D: No such file or directory May 4 01:23:02 uadspa01 mailscanner[4547]: Could not open file /var/spool/exim_incoming/input/19C7HM-0001FS-00-D: No such file or directory May 4 01:23:02 uadspa01 mailscanner[4547]: Could not open file /var/spool/exim_incoming/input/19C7HM-0001FS-00-D: No such file or directory May 4 01:23:03 uadspa01 mailscanner[4547]: Could not open file /var/spool/exim_incoming/input/19C7HM-0001FS-00-D: No such file or directory May 4 01:23:03 uadspa01 mailscanner[4547]: Could not open file /var/spool/exim_incoming/input/19C7HM-0001FS-00-D: No such file or directory Jason D Cormie Information Specialist Network & Communications Team Information Services University of Abertay Dundee ccojdc@abertay.ac.uk 01382 308826 From raymond at PROLOCATION.NET Mon May 5 10:28:22 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:57 2006 Subject: [old version] spam not deleted properly In-Reply-To: Message-ID: Hi! > Yup, I know its an old version, just haven't had time to upgrade yet. > > Mailscanner 3.27 - Debian Testing Build > Exim 3.35 What about upgading to a less stone aged version ? Try the last 4.x version. Meanwhile code changed a lot... Also the locking for Exim changed. Its not that painfull, it takes about the same time as writing this mail :) Thanks, Raymond. From kevins at BMRB.CO.UK Mon May 5 10:51:07 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:57 2006 Subject: ClamAV Message-ID: <1052128267.32540.22.camel@bach.kevinspicer.co.uk> I noticed that the clam site appears to have been down again overnight, stopping my mail server from updating clam, but my home machine (running a snapshot rather than a stable version) updated fine. Turns out that the latest snapshot contains support for falling back to a mirror. Thought I'd share that gem with the list. ALSO... Anyone using the 20030424 snapshot of Clam might like to know that it has been marked as 'DONTUSE' on their site since I downloaded it last week. I've rolled back to 20030403 [which supports one mirror - 20030424 supports 3 mirrors] BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From junaid at INSTACORE.COM Mon May 5 12:53:46 2003 From: junaid at INSTACORE.COM (Junaid Jeewa) Date: Thu Jan 12 21:17:57 2006 Subject: Can additional headers be included to display more information about scan process Message-ID: Is there a way where header(s) could be included in the scanned email to show more details about the process for eg. time spent to scan that email? Any tip would be highly appreciated regards Junaid From mailscanner at ecs.soton.ac.uk Mon May 5 13:50:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Can additional headers be included to display more information about scan process In-Reply-To: Message-ID: <5.2.1.1.2.20030505135009.022be558@imap.ecs.soton.ac.uk> At 12:53 05/05/2003, you wrote: >Is there a way where header(s) could be included in the scanned email to >show more details about the process for eg. time spent to scan that email? Not at the moment, no. No-one else has ever requested it. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From vlado at CIRUS.DHZ.HR Mon May 5 15:02:22 2003 From: vlado at CIRUS.DHZ.HR (Vladimir =?iso-8859-1?Q?Malovi=E6?=) Date: Thu Jan 12 21:17:57 2006 Subject: No subject Message-ID: <5.1.0.14.0.20030505160201.009fc770@posta.dhz.hr> Please, unsuscribe me from list. Thank You, Vladimir From Denis.Beauchemin at USHERBROOKE.CA Mon May 5 15:15:32 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:17:57 2006 Subject: Silent viruses not silent anymore Message-ID: <1052144132.30848.9.camel@dbeauchemin.si.usherbrooke.ca> Hello, I am running mailscanner-4.14-9 and just found out that the silent virus setting is not working: Silent Viruses = /etc/MailScanner/rules/viruses.to.delete.conf # cat /etc/MailScanner/rules/viruses.to.delete.conf FromorTo: default W32/Klez W32/Yaha W32/Bugbear@MM W32/Braid W32/Korvar W32/Sobig W32/Lirva W32/Avril W32/Ganda W32/Lovgate W32/Gibe.gen@MM I tried both with a Yaha and Gibe virus and I received 2 warnings. Could this be related to a mod I made to SweepViruses.pm to translate McAfee output to French (this used to work with previous versions): # diff SweepViruses.pm SweepViruses.pm.orig 919,926d918 < # Modif de Denis Beauchemin le 20021210 < $currentline =~ s/Found the (.*) (virus) !!!/contient le \2 \1 !!!/; < $currentline =~ s/Found the (.*) worm !!!/contient le ver \1 !!!/; < # Modif de Denis Beauchemin le 20030103 < $currentline =~ s/Found the (.*) trojan !!!/contient le cheval de Troie \1 !!!/; < # Modif de Denis Beauchemin le 20030313 < $currentline =~ s/Found trojan or variant (.*) !!!/contient le cheval de Troie \1 !!!/; < Here is an excerpt from my log: May 5 09:47:43 MailScanner[32466]: Virus and Content Scanning: Starting May 5 09:47:44 MailScanner[32466]: McAfee said "/var/spool/MailScanner/incoming/32466/h45DldY00518/gibe.exe" May 5 09:47:44 MailScanner[32466]: McAfee said " Found the W32/Gibe.gen@MM virus !!!" May 5 09:47:44 MailScanner[32466]: /h45DldY00518/gibe.exe contient le virus W32/Gibe.gen@MM !!! May 5 09:47:44 MailScanner[32466]: Virus Scanning: McAfee found 1 infections May 5 09:47:44 MailScanner[32466]: Virus Scanning: Found 1 viruses May 5 09:47:44 MailScanner[32466]: Filename Checks: Fichiers EXE dangereux (gibe.exe) May 5 09:47:44 MailScanner[32466]: Other Checks: Found 1 problems May 5 09:47:44 MailScanner[32466]: Saved infected "gibe.exe" to /quarantaine/usherbrooke/20030505/h45DldY00518 May 5 09:47:44 MailScanner[32466]: Uninfected: Delivered 2 messages May 5 09:47:44 MailScanner[32466]: Cleaned: Delivered 1 cleaned messages May 5 09:47:44 MailScanner[32466]: Sender Warnings: Delivered 1 warnings to virus senders Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From Andrew.Magnusson at COCC.COM Mon May 5 15:23:47 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:17:57 2006 Subject: Utility for SQL logging Message-ID: Here's a quick utility I just wrote up that will convert the old-style default SQL table (maillog) to the new style (maillog_mail, maillog_recipient, maillog_report) included in 4.20. It does rudimentary duplicate-checking, etc, but probably isn't safe to be run multiple times on datasets with attachments, as writing to the maillog_report table isn't checked for dupes. This may be useful to those who want to upgrade. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 <> *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** -------------- next part -------------- A non-text attachment was scrubbed... Name: convert.pl Type: application/octet-stream Size: 2160 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030505/c5107734/convert.obj From mailscanner at ecs.soton.ac.uk Mon May 5 15:37:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Silent viruses not silent anymore In-Reply-To: <1052144132.30848.9.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.1.1.2.20030505153453.02296948@imap.ecs.soton.ac.uk> At 15:15 05/05/2003, you wrote: >Hello, > >I am running mailscanner-4.14-9 and just found out that the silent virus >setting is not working: >Silent Viruses = /etc/MailScanner/rules/viruses.to.delete.conf In order to be able to distinguish between a virus name (or substring of a virus name) that happens to contain "/" characters and the filename of a ruleset, the check for this parameter is quite strict. Rename viruses.to.delete.conf to viruses.to.delete.rules and it should all work (does in 4.20 anyway). ># cat /etc/MailScanner/rules/viruses.to.delete.conf >FromorTo: default W32/Klez W32/Yaha W32/Bugbear@MM W32/Braid W32/Korvar >W32/Sobig W32/Lirva W32/Avril W32/Ganda W32/Lovgate W32/Gibe.gen@MM > >I tried both with a Yaha and Gibe virus and I received 2 warnings. > >Could this be related to a mod I made to SweepViruses.pm to translate >McAfee output to French (this used to work with previous versions): > ># diff SweepViruses.pm SweepViruses.pm.orig >919,926d918 >< # Modif de Denis Beauchemin le 20021210 >< $currentline =~ s/Found the (.*) (virus) !!!/contient le \2 \1 !!!/; >< $currentline =~ s/Found the (.*) worm !!!/contient le ver \1 !!!/; >< # Modif de Denis Beauchemin le 20030103 >< $currentline =~ s/Found the (.*) trojan !!!/contient le cheval de >Troie \1 !!!/; >< # Modif de Denis Beauchemin le 20030313 >< $currentline =~ s/Found trojan or variant (.*) !!!/contient le cheval >de Troie \1 !!!/; >< > >Here is an excerpt from my log: >May 5 09:47:43 MailScanner[32466]: Virus and Content Scanning: Starting >May 5 09:47:44 MailScanner[32466]: McAfee said >"/var/spool/MailScanner/incoming/32466/h45DldY00518/gibe.exe" >May 5 09:47:44 MailScanner[32466]: McAfee said " Found the >W32/Gibe.gen@MM virus !!!" >May 5 09:47:44 MailScanner[32466]: /h45DldY00518/gibe.exe contient >le virus W32/Gibe.gen@MM !!! >May 5 09:47:44 MailScanner[32466]: Virus Scanning: McAfee found 1 infections >May 5 09:47:44 MailScanner[32466]: Virus Scanning: Found 1 viruses >May 5 09:47:44 MailScanner[32466]: Filename Checks: Fichiers EXE >dangereux (gibe.exe) >May 5 09:47:44 MailScanner[32466]: Other Checks: Found 1 problems >May 5 09:47:44 MailScanner[32466]: Saved infected "gibe.exe" to >/quarantaine/usherbrooke/20030505/h45DldY00518 >May 5 09:47:44 MailScanner[32466]: Uninfected: Delivered 2 messages >May 5 09:47:44 MailScanner[32466]: Cleaned: Delivered 1 cleaned messages >May 5 09:47:44 MailScanner[32466]: Sender Warnings: Delivered 1 warnings >to virus senders > >Thanks again! > >Denis >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at LISTS.COM.AR Mon May 5 15:56:02 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:17:57 2006 Subject: Use OSIRUSOFT yes or no? In-Reply-To: <200305031606.48581.mikew@crucis.net> References: <5.2.0.9.0.20030503190224.02224f48@blacknightsolutions.com> Message-ID: <3EB65152.10084.322F611C@localhost> Osirusoft is not a single list, but a compendium of various lists... they are available separatedly, or you can check for the actual A record that you get from relays.osirusoft.com see http://relays.osirusoft.com/faq.html#_Toc533558165 Specifically, Osirusoft (relays.osirusoft.com) includes SPEWS (spews.relays.osirusoft.com) that is a list with intentional high collateral damage (read http://spews.org/faq.html). You can, instead, configure the individual xxx.relays.osirusoft.com RBLs or, instead, configure the large one or the individual ones _inside_ SpamAssassin and not directly from MailScanner. The latter allows you to weigh in the fact that a source is listed, but not ban it completely... you can configure the weight itself by giving each RBL a higher or lower score... El 3 May 2003 a las 16:06, Mike Watson escribi?: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Saturday 03 May 2003 12:03 pm, you wrote: > > What kind of false positives did you get? > > > The most common were recognized mail lists from Yahoogroups.com. It > wasn't consistent. A number of others were mail originating from Road > Runner. In one weekend, over 40% of the incoming mail was flagged by > OSIRUSOFT as spam. The real spam count was under 5% for that weekend. > The normal mail count for a weekend is ~600 pieces. > -- Mariano Absatz El Baby ---------------------------------------------------------- Double your drive space - delete Windows! From Denis.Beauchemin at USHERBROOKE.CA Mon May 5 16:04:30 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:17:57 2006 Subject: Silent viruses not silent anymore In-Reply-To: <5.2.1.1.2.20030505153453.02296948@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030505153453.02296948@imap.ecs.soton.ac.uk> Message-ID: <1052147070.30848.13.camel@dbeauchemin.si.usherbrooke.ca> Thanks again Julian! It solved my problem. Denis Le lun 05/05/2003 ? 10:37, Julian Field a ?crit : > At 15:15 05/05/2003, you wrote: > >Hello, > > > >I am running mailscanner-4.14-9 and just found out that the silent virus > >setting is not working: > >Silent Viruses = /etc/MailScanner/rules/viruses.to.delete.conf > > In order to be able to distinguish between a virus name (or substring of a > virus name) that happens to contain "/" characters and the filename of a > ruleset, the check for this parameter is quite strict. > > Rename > viruses.to.delete.conf > to > viruses.to.delete.rules > and it should all work (does in 4.20 anyway). > -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From AndreaC at GOTECH.IT Mon May 5 16:09:48 2003 From: AndreaC at GOTECH.IT (Andrea Cogliati) Date: Thu Jan 12 21:17:57 2006 Subject: Bayesian training policy (crossposted from SpamAssassin ML) Message-ID: <463F0AFA3E2CEA4E807EC569C019E7390984BD@atlantis.gtub.corp> Guys, I asked the same question on the SpamAssassin ML but I'd like to hear your opinion as well. Pls, don't flame me for crossposting... :-) We recently setup MailScanner at our email gateway with a SA required score of 9 (just to avoid most false positives). After a couple of weeks of tests, we catched about 80% of spam with just one false positive (a mailing list with TONS of ads, we just whitelisted it). Trying to improve the detection ratio, we used sa_learn with about 2,000 messages of spam and 3,000 messages of ham (manually checked) from the last 3 months and we now catch something like 90% of spam with no false positives. Now the question: we'd like to setup a Bayesian filter learning policy that makes sense. What are your suggestions? Thank you in advance for any help, Andrea From mailscanner at ecs.soton.ac.uk Mon May 5 16:22:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Bayesian training policy (crossposted from SpamAssassin ML) In-Reply-To: <463F0AFA3E2CEA4E807EC569C019E7390984BD@atlantis.gtub.corp> Message-ID: <5.2.1.1.2.20030505161958.02331248@imap.ecs.soton.ac.uk> At 16:09 05/05/2003, you wrote: >We recently setup MailScanner at our email gateway with a SA required >score of 9 (just to avoid most false positives). After a couple of weeks >of tests, we catched about 80% of spam with just one false positive (a >mailing list with TONS of ads, we just whitelisted it). Trying to >improve the detection ratio, we used sa_learn with about 2,000 messages >of spam and 3,000 messages of ham (manually checked) from the last 3 >months and we now catch something like 90% of spam with no false >positives. > >Now the question: we'd like to setup a Bayesian filter learning policy >that makes sense. What are your suggestions? What do you mean by a "learning policy that makes sense"? SpamAssassin will auto-learn on very high and very low scoring mail anyway, so mostly you can just leave it to get on with it. Other than that I use a couple of "spam" and "notspam" addresses, whose mailboxes are piped into sa-learn every hour to help the Bayes code when it got it wrong. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From AndreaC at GOTECH.IT Mon May 5 17:30:11 2003 From: AndreaC at GOTECH.IT (Andrea Cogliati) Date: Thu Jan 12 21:17:57 2006 Subject: Bayesian training policy (crossposted from SpamAssassin ML) Message-ID: <463F0AFA3E2CEA4E807EC569C019E739140B79@atlantis.gtub.corp> Julian, Thank you for your reply. Let me be more specific: I've created two mailboxes (spam and notspam) where I copy (not forward) Spam & Notspam messages; I run a script to launch sa_learn on them every hour. Right so far? How many messages should I use to train the filter? Should I include only false positives and false negatives in my manual training or should I also use correctly tagged messages? Is there a good ratio between spam and not spam messages to use? Should I use only "new" messages (maybe one month old at max) or should I use also old messages? Should I keep the messages I used to train the filter or can I discard them? Should I start from scratch every now and then or constantly train the filter with new messages without deleting the old database? How can I check if the learning procedure is doing any good at all? Thank you in advance for any hint, Andrea -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, May 05, 2003 5:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bayesian training policy (crossposted from SpamAssassin ML) [...] What do you mean by a "learning policy that makes sense"? [...] From mailscanner at ecs.soton.ac.uk Mon May 5 17:41:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Bayesian training policy (crossposted from SpamAssassin ML) In-Reply-To: <463F0AFA3E2CEA4E807EC569C019E739140B79@atlantis.gtub.corp> Message-ID: <5.2.1.1.2.20030505173602.03b0b748@imap.ecs.soton.ac.uk> At 17:30 05/05/2003, you wrote: >Julian, > >Thank you for your reply. Let me be more specific: > >I've created two mailboxes (spam and notspam) where I copy (not forward) >Spam & Notspam messages; I run a script to launch sa_learn on them every >hour. Right so far? Okay. >How many messages should I use to train the filter? SpamAssassin won't start using the bayes results for filtering mail until 200 spam and 200 ham (non-spam) messages have been learned. >Should I include only false positives and false negatives in my manual >training or should I also use correctly tagged messages? It will auto-learn if the other rules produce a very high or very low score. The false positives and false negatives are the most important ones to teach it, but adding correctly tagged messages certainly won't do any harm. >Is there a good ratio between spam and not spam messages to use? Ideally 50% of each I believe. >Should I use only "new" messages (maybe one month old at max) or should >I use also old messages? Due to the changing nature of spam in general, I would think you would get the best results with "new" messages. >Should I keep the messages I used to train the filter or can I discard >them? You can discard them. Just make sure you don't lose or corrupt your Bayes database files. Personally, I keep the manually-learned messages to be on the safe side. >Should I start from scratch every now and then or constantly train the >filter with new messages without deleting the old database? Don't delete it, just keep training it. It does a load of house-keeping every now and then to clear out words/tokens which virtually never appear and don't help the results. You can also trigger the house-keeping by hand using some command-line switch to sa-learn. RTM to find out the command-line. >How can I check if the learning procedure is doing any good at all? I do it by keeping an eye on the "BAYES_" result in some spam and ham messages. Other than that, I'm not sure. Hope that helps a bit, Jules. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From NFeasey at UTPRESS.UTORONTO.CA Mon May 5 18:40:32 2003 From: NFeasey at UTPRESS.UTORONTO.CA (Feasey, Nicholas) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn Message-ID: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? Is this correct? I don't want my users showing up as spammers because they are listed as the forwarder. N -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030505/5aa14782/attachment.html From sevans at FOUNDATION.SDSU.EDU Mon May 5 19:04:54 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:17:57 2006 Subject: Store Non-Spam Message-ID: You can do certain actions on messages marked as spam or high scoring spam. But what about messages not marked as spam? I'd like to send those on to the correct recipient, and store it on the mail server in mbox format. Steve Evans SDSU Foundation (619) 594-0653 From mailscanner at ecs.soton.ac.uk Mon May 5 19:06:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn In-Reply-To: Message-ID: <5.2.1.1.2.20030505190204.0267ac88@imap.ecs.soton.ac.uk> At 18:40 05/05/2003, you wrote: >I just want to be clear on the usage of the spam and not spam accounts >used in conjunction with the sa-learn script. > >I can have my users forward any message received to either spam (to have >it identified as spam) or notspam (to have it identified as ham) and it will >be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. > >Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) >I don't want my users showing up as spammers because they are listed as >the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030505/146ec1ee/attachment.html From mailscanner at ecs.soton.ac.uk Mon May 5 19:13:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Store Non-Spam In-Reply-To: Message-ID: <5.2.1.1.2.20030505191028.03ad79a8@imap.ecs.soton.ac.uk> At 19:04 05/05/2003, you wrote: >You can do certain actions on messages marked as spam or high scoring >spam. But what about messages not marked as spam? I'd like to send >those on to the correct recipient, and store it on the mail server in >mbox format. Delivering mail is a job for your mail delivery agent, be it sendmail, Postfix, Exim, ZMailer, /bin/mail, mail.local, procmail etc etc.... MailScanner doesn't deliver mail, there are plenty of tools out there which already do it very well :) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From NFeasey at UTPRESS.UTORONTO.CA Mon May 5 19:16:10 2003 From: NFeasey at UTPRESS.UTORONTO.CA (Feasey, Nicholas) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn Message-ID: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030505/445f7f09/attachment.html From mailscanner at ecs.soton.ac.uk Mon May 5 19:21:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn In-Reply-To: Message-ID: <5.2.1.1.2.20030505191908.03b17eb0@imap.ecs.soton.ac.uk> At 19:16 05/05/2003, you wrote: >Forgive my ignorance/stupidity on this subject but what do you mean by >redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( > >Yes, the cron job is in place, just want to give my users CORRECT >instructions on using the "auto-learn" feature. > >N >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 5-May-03 2:07 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: spam/notspam w/sa-learn > >At 18:40 05/05/2003, you wrote: >>I just want to be clear on the usage of the spam and not spam accounts >>used in conjunction with the sa-learn script. >> >>I can have my users forward any message received to either spam (to have >>it identified as spam) or notspam (to have it identified as ham) and it will >>be automatcially learned (sa-learn)?? > >It is important that they "redirect" and not "forward" their mail to the >addresses, as forwarding will destroy the headers and make it appear that >your users are the spammers. > >> >>Is this correct? > >You do, of course, need my cron job script to do the actual work, >mailboxes aren't magic :-) > >>I don't want my users showing up as spammers because they are listed as >>the forwarder. > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030505/c9d6c680/attachment.html From sevans at FOUNDATION.SDSU.EDU Mon May 5 19:31:06 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:17:57 2006 Subject: Store Non-Spam Message-ID: I'm just looking to use the options in MailScanner.conf to handle spam messages, except for non-spam messages. I kind of want to use the archive messages feature of MailScanner but selectively. Steve Evans SDSU Foundation (619) 594-0653 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, May 05, 2003 11:14 AM To: MAILSCANNER@JISCMAIL.AC.UK At 19:04 05/05/2003, you wrote: >You can do certain actions on messages marked as spam or high scoring >spam. But what about messages not marked as spam? I'd like to send >those on to the correct recipient, and store it on the mail server in >mbox format. Delivering mail is a job for your mail delivery agent, be it sendmail, Postfix, Exim, ZMailer, /bin/mail, mail.local, procmail etc etc.... MailScanner doesn't deliver mail, there are plenty of tools out there which already do it very well :) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From NFeasey at UTPRESS.UTORONTO.CA Mon May 5 19:33:13 2003 From: NFeasey at UTPRESS.UTORONTO.CA (Feasey, Nicholas) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn Message-ID: Hmm? So then, by forwarding I would place my address in the spam/notspam mailboxes and be identified as such. Any ideas on how to "fool" the app so that it will work with Outlook or am I going to have to try to write some sort of script - if, in fact, that is possible. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 19:16 05/05/2003, you wrote: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK ] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030505/edaaa804/attachment.html From mailscanner at ecs.soton.ac.uk Mon May 5 20:09:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Store Non-Spam In-Reply-To: Message-ID: <5.2.1.1.2.20030505200002.03ad0010@imap.ecs.soton.ac.uk> At 19:31 05/05/2003, you wrote: >I'm just looking to use the options in MailScanner.conf to handle spam >messages, except for non-spam messages. I kind of want to use the >archive messages feature of MailScanner but selectively. There isn't a "Non Spam Actions" option, I'm afraid. I guess there could be, but it would take a bit encouragement :-) >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, May 05, 2003 11:14 AM >To: MAILSCANNER@JISCMAIL.AC.UK > >At 19:04 05/05/2003, you wrote: > >You can do certain actions on messages marked as spam or high scoring > >spam. But what about messages not marked as spam? I'd like to send > >those on to the correct recipient, and store it on the mail server in > >mbox format. > >Delivering mail is a job for your mail delivery agent, be it sendmail, >Postfix, Exim, ZMailer, /bin/mail, mail.local, procmail etc etc.... >MailScanner doesn't deliver mail, there are plenty of tools out there >which already do it very well :) >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz MailScanner thanks >transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 5 20:11:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn In-Reply-To: Message-ID: <5.2.1.1.2.20030505200931.023b1e50@imap.ecs.soton.ac.uk> At 19:33 05/05/2003, you wrote: >Hmm? So then, by forwarding I would place my address in the spam/notspam >mailboxes and be identified as such. >Any ideas on how to "fool" the app so that it will work with Outlook or am >I going to have to try to write some sort of script - if, in fact, that is >possible. If you stripped out all the headers (except for a processed Subject: line), then removed all the leading ">" characters, I guess you could do it. It wouldn't be perfect but it would be better than nothing. > >N >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 5-May-03 2:22 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: spam/notspam w/sa-learn > >At 19:16 05/05/2003, you wrote: >>Forgive my ignorance/stupidity on this subject but what do you mean by >>redirect? > >Different mail apps call it different things, but it is usually bounce or >redirect. It sends the message on with the headers intact, so that replies >go back to the original sender and not the person who redirected it. > >Outlook and Outlook Express cannot do it. >Why, I don't know, it's the simplest job in the book :-( > >> >>Yes, the cron job is in place, just want to give my users CORRECT >>instructions on using the "auto-learn" feature. >> >>N >>-----Original Message----- >>From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >>Sent: 5-May-03 2:07 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: spam/notspam w/sa-learn >> >>At 18:40 05/05/2003, you wrote: >>>I just want to be clear on the usage of the spam and not spam accounts >>>used in conjunction with the sa-learn script. >>> >>>I can have my users forward any message received to either spam (to have >>>it identified as spam) or notspam (to have it identified as ham) and it will >>>be automatcially learned (sa-learn)?? >>It is important that they "redirect" and not "forward" their mail to the >>addresses, as forwarding will destroy the headers and make it appear that >>your users are the spammers. >> >>>Is this correct? >>You do, of course, need my cron job script to do the actual work, >>mailboxes aren't magic :-) >> >>>I don't want my users showing up as spammers because they are listed as >>>the forwarder. >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030505/51c7a9cd/attachment.html From kevins at BMRB.CO.UK Mon May 5 20:25:54 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117520F@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117520F@pascal.priv.bmrb.co.uk> Message-ID: <1052162755.32540.29.camel@bach.kevinspicer.co.uk> A couple of us on the list have been experimenting with ways of using the 'public folders' feature in Exchange to get round this problem with Outlook. I understand this works with Exchange 5.5. But due to an 'improvement' Microsoft made in Exchange 2000 it doesn't work with that (which I personally find damn annoying). The basic way it works is by creating two public folders for spam and ham then using a script on the MailScanner machine to grab the messages using IMAP. The most important thing when feeding messages to sa-learn is that the message ID should not be changed (since sa-learn tracks which messages it has learned using this). Should the message ID change, which is likely to happen when forwarding, SA may well learn the same message as both ham and spam! On Mon, 2003-05-05 at 19:33, Feasey, Nicholas wrote: Hmm? So then, by forwarding I would place my address in the spam/notspam mailboxes and be identified as such. Any ideas on how to "fool" the app so that it will work with Outlook or am I going to have to try to write some sort of script - if, in fact, that is possible. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 19:16 05/05/2003, you wrote: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From copper_shotgun at HOTMAIL.COM Mon May 5 21:30:13 2003 From: copper_shotgun at HOTMAIL.COM (Richard Alexander) Date: Thu Jan 12 21:17:57 2006 Subject: Allow html messages for spam.whitelist.rules Message-ID: Is there any way to allow html for anyone in the spam.whitelist.rules list? Maybe a stupid question, but i am a little confused as to the difference between: Spam Actions = deliver striphtml, Convert Dangerous HTML text = yes, and Convert Html to text = yes. We have internal users that have html signatures, etc that we would like to allow, but do not want PORN html coming through. From NFeasey at UTPRESS.UTORONTO.CA Mon May 5 21:46:53 2003 From: NFeasey at UTPRESS.UTORONTO.CA (Feasey, Nicholas) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn Message-ID: That's interesting. The Public folders is a good idea but we too are moving to Exchange 2000 shortly (just in time for Exchange 2003! :) ). The easiest thing to do, in my mind, is have the user send a message to spam@ or notspam@ which merely contains the email address in question. This is intercepted by a mail rewrite script to massage the address into a mail header which then could be read by the sa-learn script? So, looks like I'm going to have to go into the sa-learn script and do some poking around as my users would just love this feature. Anything to stop these large amounts of messages with weewees, peepees and mothers having intercourse with their sons but also allowing my users to receive the Penthouse monthly e-zine as required. :) N -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: 5-May-03 3:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn A couple of us on the list have been experimenting with ways of using the 'public folders' feature in Exchange to get round this problem with Outlook. I understand this works with Exchange 5.5. But due to an 'improvement' Microsoft made in Exchange 2000 it doesn't work with that (which I personally find damn annoying). The basic way it works is by creating two public folders for spam and ham then using a script on the MailScanner machine to grab the messages using IMAP. The most important thing when feeding messages to sa-learn is that the message ID should not be changed (since sa-learn tracks which messages it has learned using this). Should the message ID change, which is likely to happen when forwarding, SA may well learn the same message as both ham and spam! On Mon, 2003-05-05 at 19:33, Feasey, Nicholas wrote: Hmm? So then, by forwarding I would place my address in the spam/notspam mailboxes and be identified as such. Any ideas on how to "fool" the app so that it will work with Outlook or am I going to have to try to write some sort of script - if, in fact, that is possible. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 19:16 05/05/2003, you wrote: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Mon May 5 22:18:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Allow html messages for spam.whitelist.rules In-Reply-To: Message-ID: <5.2.1.1.2.20030505221430.022bbb20@imap.ecs.soton.ac.uk> At 21:30 05/05/2003, you wrote: >Is there any way to allow html for anyone in the spam.whitelist.rules >list? Maybe a stupid question, but i am a little confused as to the >difference between: Spam Actions = deliver striphtml, That applies only to messages which are deemed to be spam. But "Spam Actions" can also, of course, be a ruleset, so you can have different Spam Actions for different users/domains. > Convert Dangerous HTML text = yes, This just strips HTML from messages containing IFrame or Object Codebase tags. With a ruleset you can set who gets "dangerous" HTML and who doesn't. > and Convert Html to text = yes. This strips HTML from all messages. Again this can be a ruleset, so you can strip all HTML from messages delivered to/from some users/domains and not others. > We have internal users >that have html signatures, etc that we would like to allow, but do not >want PORN html coming through. In which case hopefully the porn html will be identified as spam. If that is true, then you can use the "deliver striphtml" spam action. If not, then you could allow outgoing HTML but ban incoming HTML by using "Convert HTML to text" with a ruleset that looks like this: From: yourdomain.com no FromOrTo: default yes Unfortunately, the reason there are so many different combinations here is because people wanted them all :-) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From donovan at HUFFDATASYSTEMS.COM Tue May 6 01:03:32 2003 From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn References: Message-ID: <005501c31362$ef8c54e0$91c75a42@x27> I like the spam@ and notspam@ idea, also it would be a good idea to only allow it from your users/domains. If you get this setup please send me a copy and/or let the list know. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ ----- Original Message ----- From: "Feasey, Nicholas" To: Sent: Monday, May 05, 2003 3:46 PM Subject: Re: spam/notspam w/sa-learn > That's interesting. > > The Public folders is a good idea but we too are moving to Exchange 2000 > shortly (just in time for Exchange 2003! :) ). > > The easiest thing to do, in my mind, is have the user send a message to > spam@ or notspam@ which merely contains the > email address in question. This is intercepted by a mail rewrite script to > massage the address into a mail header which then could be read by the > sa-learn script? > > So, looks like I'm going to have to go into the sa-learn script and do some > poking around as my users would just love this feature. > > Anything to stop these large amounts of messages with weewees, peepees and > mothers having intercourse with their sons but also allowing my users to > receive the Penthouse monthly e-zine as required. :) > > N > > -----Original Message----- > From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] > Sent: 5-May-03 3:26 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spam/notspam w/sa-learn > > > A couple of us on the list have been experimenting with ways of using > the 'public folders' feature in Exchange to get round this problem with > Outlook. I understand this works with Exchange 5.5. But due to an > 'improvement' Microsoft made in Exchange 2000 it doesn't work with that > (which I personally find damn annoying). > The basic way it works is by creating two public folders for spam and > ham then using a script on the MailScanner machine to grab the messages > using IMAP. > > The most important thing when feeding messages to sa-learn is that the > message ID should not be changed (since sa-learn tracks which messages > it has learned using this). Should the message ID change, which is > likely to happen when forwarding, SA may well learn the same message as > both ham and spam! > > On Mon, 2003-05-05 at 19:33, Feasey, Nicholas wrote: > Hmm? So then, by forwarding I would place my address in the > spam/notspam mailboxes and be identified as such. > Any ideas on how to "fool" the app so that it will work with Outlook or > am I going to have to try to write some sort of script - if, in fact, > that is possible. > > N > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: 5-May-03 2:22 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spam/notspam w/sa-learn > > > At 19:16 05/05/2003, you wrote: > > Forgive my ignorance/stupidity on this subject but what do you > mean by redirect? > Different mail apps call it different things, but it is usually > bounce or redirect. It sends the message on with the headers intact, > so that replies go back to the original sender and not the person > who redirected it. > > Outlook and Outlook Express cannot do it. > Why, I don't know, it's the simplest job in the book :-( > > > Yes, the cron job is in place, just want to give my users > CORRECT instructions on using the "auto-learn" feature. > > N > > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: 5-May-03 2:07 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: spam/notspam w/sa-learn > > > At 18:40 05/05/2003, you wrote: > > I just want to be clear on the usage of the spam and not > spam accounts used in conjunction with the sa-learn > script. > > > I can have my users forward any message received to > either spam (to have it identified as spam) or notspam > (to have it identified as ham) and it will > > be automatcially learned (sa-learn)?? > > It is important that they "redirect" and not "forward" their > mail to the addresses, as forwarding will destroy the > headers and make it appear that your users are the spammers. > > > > Is this correct? > > You do, of course, need my cron job script to do the actual > work, mailboxes aren't magic :-) > > > I don't want my users showing up as spammers because > they are listed as the forwarder. > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. From AndreaC at GOTECH.IT Tue May 6 09:14:17 2003 From: AndreaC at GOTECH.IT (Andrea Cogliati) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn Message-ID: <463F0AFA3E2CEA4E807EC569C019E7390984C4@atlantis.gtub.corp> Kevin, I'm currently using Exchange 2K Public Folders exactly for this purpose and I wrote a very simple Perl script for getting spam&ham from there. What 'improvement' are you talking about? Am I missing something? Bye, Andrea -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: Monday, May 05, 2003 9:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn A couple of us on the list have been experimenting with ways of using the 'public folders' feature in Exchange to get round this problem with Outlook. I understand this works with Exchange 5.5. But due to an 'improvement' Microsoft made in Exchange 2000 it doesn't work with that (which I personally find damn annoying). The basic way it works is by creating two public folders for spam and ham then using a script on the MailScanner machine to grab the messages using IMAP. The most important thing when feeding messages to sa-learn is that the message ID should not be changed (since sa-learn tracks which messages it has learned using this). Should the message ID change, which is likely to happen when forwarding, SA may well learn the same message as both ham and spam! On Mon, 2003-05-05 at 19:33, Feasey, Nicholas wrote: Hmm? So then, by forwarding I would place my address in the spam/notspam mailboxes and be identified as such. Any ideas on how to "fool" the app so that it will work with Outlook or am I going to have to try to write some sort of script - if, in fact, that is possible. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 19:16 05/05/2003, you wrote: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From festus at DNSDATA.COM Tue May 6 05:29:28 2003 From: festus at DNSDATA.COM (Bob Fayne) Date: Thu Jan 12 21:17:57 2006 Subject: Kaspersky doesn't find viruses Message-ID: I am using Kaspersky v.4.0.3.0 with MailScanner 4.20-3 under FreeBSD 4.7. With the default kaspersky-wrapper, no viruses are found. I commented out this line in kaspersky-wrapper: ScanOptions="$ScanOptions -F=$PF" # use profile (config file) and it is able to at least recognize viruses but doesn't handle them properly. When I change back to antivir (no changes to MailScanner.conf), everything works fine. I would prefer to use Kaspersky, but has anyone else had success with the latest versions? Thanks in advance. :) From solomon at swiftkenya.com Tue May 6 12:42:03 2003 From: solomon at swiftkenya.com (Solomon Odeny) Date: Thu Jan 12 21:17:57 2006 Subject: Batch: Found invalid queue file for message Message-ID: Hi, I have just configured Mailscanner 4.20 with Postfix 4.20 and on starting them I get "Batch: Found invalid queue file for message xxxxx" continuously in maillog. I running RH 8.0 Any idea what I could have missed out? TIA Solomon From Eric.Doutreleau at int-evry.fr Tue May 6 14:18:04 2003 From: Eric.Doutreleau at int-evry.fr (No Name) Date: Thu Jan 12 21:17:57 2006 Subject: when is bayes scoring used? Message-ID: Well i have just setup mailscanner 4.20-3 and i have some problemes with bayes "scoring". I have the bayes database working as it s modified each time i receive a mail but when i gor spam i never seen BAYES_DB tag in the scoring of spam. Is there a minim size of the bayes database in order to be uzed for scoring? Thanks in advance for any help P.S the command check_bayes_db -db /var/spool/spamassassin/bayes | head -8 0.000 0 0 0 non-token data: db format = on-the-fly probs, expiry, scan-counting 0.000 0 16 0 non-token data: nspam 0.000 0 1233 0 non-token data: nham 0.000 0 51394 0 non-token data: ntokens 0.000 0 0 0 non-token data: oldest age 0.000 0 1382 0 non-token data: current scan-count 0.000 0 0 0 non-token data: last expiry scan-count 0.027 0 8 801 english -- Eric Doutreleau I.N.T | Tel : +33 (0) 160764687 9 rue Charles Fourier | Fax : +33 (0) 160764321 91011 Evry France | email : Eric.Doutreleau@int-evry.fr From solomon at swiftkenya.com Tue May 6 14:28:48 2003 From: solomon at swiftkenya.com (Solomon Odeny) Date: Thu Jan 12 21:17:57 2006 Subject: Batch: Found invalid queue file for message Message-ID: Hi, Sorry, "Postfix 4.20" was a typo! I meant just "Postfix" Solomon From mailscanner at ecs.soton.ac.uk Tue May 6 14:29:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: when is bayes scoring used? In-Reply-To: Message-ID: <5.2.0.9.2.20030506142848.0406ae60@imap.ecs.soton.ac.uk> At 14:18 06/05/2003, you wrote: >Well i have just setup mailscanner 4.20-3 and i have some problemes >with bayes "scoring". > >I have the bayes database working as it s modified each time i receive >a mail but when i gor spam i never seen BAYES_DB tag in the scoring of >spam. >Is there a minim size of the bayes database in order to be uzed for >scoring? It won't start using the results of the Bayes data until 200 messages have been scanned. The bayes_msgcount file will tell you how many it has scanned (file size == number of messages). >Thanks in advance for any help > >P.S >the command >check_bayes_db -db /var/spool/spamassassin/bayes | head -8 >0.000 0 0 0 non-token data: db format = on-the-fly >probs, >expiry, scan-counting >0.000 0 16 0 non-token data: nspam >0.000 0 1233 0 non-token data: nham >0.000 0 51394 0 non-token data: ntokens >0.000 0 0 0 non-token data: oldest age >0.000 0 1382 0 non-token data: current scan-count >0.000 0 0 0 non-token data: last expiry scan-count >0.027 0 8 801 english > > >-- >Eric Doutreleau >I.N.T | Tel : +33 (0) 160764687 >9 rue Charles Fourier | Fax : +33 (0) 160764321 >91011 Evry France | email : Eric.Doutreleau@int-evry.fr -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jase at SENSIS.COM Tue May 6 14:42:45 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:57 2006 Subject: when is bayes scoring used? Message-ID: Also, one of the lines in the output of the command sa-learn -D --rebuild will let you know if you do not have enough ham or spam scanned. Jason > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Tuesday, May 06, 2003 9:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] when is bayes scoring used? > > > At 14:18 06/05/2003, you wrote: > >Well i have just setup mailscanner 4.20-3 and i have some problemes > >with bayes "scoring". > > > >I have the bayes database working as it s modified each time > i receive > >a mail but when i gor spam i never seen BAYES_DB tag in the > scoring of > >spam. > >Is there a minim size of the bayes database in order to be uzed for > >scoring? > > It won't start using the results of the Bayes data until 200 > messages have > been scanned. The bayes_msgcount file will tell you how many > it has scanned > (file size == number of messages). > > > >Thanks in advance for any help > > > >P.S > >the command > >check_bayes_db -db /var/spool/spamassassin/bayes | head -8 > >0.000 0 0 0 non-token data: db format > = on-the-fly > >probs, > >expiry, scan-counting > >0.000 0 16 0 non-token data: nspam > >0.000 0 1233 0 non-token data: nham > >0.000 0 51394 0 non-token data: ntokens > >0.000 0 0 0 non-token data: oldest age > >0.000 0 1382 0 non-token data: current scan-count > >0.000 0 0 0 non-token data: last > expiry scan-count > >0.027 0 8 801 english > > > > > >-- > >Eric Doutreleau > >I.N.T | Tel : +33 (0) 160764687 > >9 rue Charles Fourier | Fax : +33 (0) 160764321 > >91011 Evry France | email : Eric.Doutreleau@int-evry.fr > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From gerry at dorfam.ca Tue May 6 15:00:49 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:17:57 2006 Subject: Use of DCC Clarification Message-ID: <58526.129.80.22.143.1052229649.squirrel@tiger.dorfam.ca> I'm still trying to see if DCC is working when I use MailScanner (it works if I call spamassassin outside of MailScanner). If I understand correctly the only change I need to make to activate DCC is in the spam.assassin.prefs.conf file. I need to make sure the line referencing DCC is uncommented. Is this correct? Is there any way to turn on the DCC X-Header line? I couldn't find a way to display it. Gerry From Eric.Doutreleau at int-evry.fr Tue May 6 15:07:19 2003 From: Eric.Doutreleau at int-evry.fr (No Name) Date: Thu Jan 12 21:17:57 2006 Subject: when is bayes scoring used? In-Reply-To: <5.2.0.9.2.20030506142848.0406ae60@imap.ecs.soton.ac.uk> Message-ID: On Tue, 6 May 2003, Julian Field wrote: When i launch spamassassin outside mailscanner i got this line debug: debug: Only 16 spam(s) in Bayes DB < 200 does that mean i should get more than 200 spam before it use bayes filter for scoring? > At 14:18 06/05/2003, you wrote: > >Well i have just setup mailscanner 4.20-3 and i have some problemes > >with bayes "scoring". > > > >I have the bayes database working as it s modified each time i receive > >a mail but when i gor spam i never seen BAYES_DB tag in the scoring of > >spam. > >Is there a minim size of the bayes database in order to be uzed for > >scoring? > > It won't start using the results of the Bayes data until 200 messages have > been scanned. The bayes_msgcount file will tell you how many it has scanned > (file size == number of messages). > > > >Thanks in advance for any help > > > >P.S > >the command > >check_bayes_db -db /var/spool/spamassassin/bayes | head -8 > >0.000 0 0 0 non-token data: db format = on-the-fly > >probs, > >expiry, scan-counting > >0.000 0 16 0 non-token data: nspam > >0.000 0 1233 0 non-token data: nham > >0.000 0 51394 0 non-token data: ntokens > >0.000 0 0 0 non-token data: oldest age > >0.000 0 1382 0 non-token data: current scan-count > >0.000 0 0 0 non-token data: last expiry scan-count > >0.027 0 8 801 english > > > > > >-- > >Eric Doutreleau > >I.N.T | Tel : +33 (0) 160764687 > >9 rue Charles Fourier | Fax : +33 (0) 160764321 > >91011 Evry France | email : Eric.Doutreleau@int-evry.fr > > -- Eric Doutreleau I.N.T | Tel : +33 (0) 160764687 9 rue Charles Fourier | Fax : +33 (0) 160764321 91011 Evry France | email : Eric.Doutreleau@int-evry.fr From jase at SENSIS.COM Tue May 6 15:33:09 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:57 2006 Subject: Use of DCC Clarification Message-ID: I had to make sure that dccproc was in the path. MailScanner's path does not include /usr/local/bin (where dcc was installed by default for me), so I created a symbolic link. ls -al /usr/bin/dccproc lrwxrwxrwx 1 root root 22 Apr 16 11:33 /usr/bin/dccproc -> /usr/local/bin/dccproc Then dcc started working for me. Jason > -----Original Message----- > From: Gerry Doris [mailto:gerry@DORFAM.CA] > Sent: Tuesday, May 06, 2003 10:01 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Use of DCC Clarification > > > I'm still trying to see if DCC is working when I use > MailScanner (it works > if I call spamassassin outside of MailScanner). > > If I understand correctly the only change I need to make to > activate DCC > is in the spam.assassin.prefs.conf file. I need to make sure the line > referencing DCC is uncommented. Is this correct? > > Is there any way to turn on the DCC X-Header line? I > couldn't find a way > to display it. > > > Gerry > From Eric.Doutreleau at int-evry.fr Tue May 6 14:38:51 2003 From: Eric.Doutreleau at int-evry.fr (No Name) Date: Thu Jan 12 21:17:57 2006 Subject: when is bayes scoring used? In-Reply-To: <5.2.0.9.2.20030506142848.0406ae60@imap.ecs.soton.ac.uk> Message-ID: On Tue, 6 May 2003, Julian Field wrote: > At 14:18 06/05/2003, you wrote: > >Well i have just setup mailscanner 4.20-3 and i have some problemes > >with bayes "scoring". > > > >I have the bayes database working as it s modified each time i receive > >a mail but when i gor spam i never seen BAYES_DB tag in the scoring of > >spam. > >Is there a minim size of the bayes database in order to be uzed for > >scoring? > > It won't start using the results of the Bayes data until 200 messages have > been scanned. The bayes_msgcount file will tell you how many it has scanned > (file size == number of messages). Ok the size of this file is 1391 but ididn't see any BAYES_* on the spam report. I have other tags but not these ones > > > >Thanks in advance for any help > > > >P.S > >the command > >check_bayes_db -db /var/spool/spamassassin/bayes | head -8 > >0.000 0 0 0 non-token data: db format = on-the-fly > >probs, > >expiry, scan-counting > >0.000 0 16 0 non-token data: nspam > >0.000 0 1233 0 non-token data: nham > >0.000 0 51394 0 non-token data: ntokens > >0.000 0 0 0 non-token data: oldest age > >0.000 0 1382 0 non-token data: current scan-count > >0.000 0 0 0 non-token data: last expiry scan-count > >0.027 0 8 801 english > > > > > >-- > >Eric Doutreleau > >I.N.T | Tel : +33 (0) 160764687 > >9 rue Charles Fourier | Fax : +33 (0) 160764321 > >91011 Evry France | email : Eric.Doutreleau@int-evry.fr > > -- Eric Doutreleau I.N.T | Tel : +33 (0) 160764687 9 rue Charles Fourier | Fax : +33 (0) 160764321 91011 Evry France | email : Eric.Doutreleau@int-evry.fr From dene at DATATECHIE.COM Tue May 6 15:53:25 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:57 2006 Subject: when is Bayes scoring used? In-Reply-To: <5.2.0.9.2.20030506142848.0406ae60@imap.ecs.soton.ac.uk> References: Message-ID: <5.1.0.14.2.20030506104420.00ba6ab8@192.168.1.112> Hey Julian et all- In regards to all of the messages I have read that Bayes will not start working until the magic number of 200 messages is reached, I am certain that I have processed more than 200 messages and yet I still see no "Bayes" entries in the headers. I have checked the files in /root/.spamassassin and found the following: filename size date modified auto-whitelist 644.0 kb today auto-whitelist.db 12.0 kb 3.28.03 bayes_msgcount 3.2 kb today bayes_seen 1.3 mb today bayes_seen.db 4.0 kb 3.28.03 bayes_toks 2.6 mb today bayes_toks.db 12.0 kb 3.28.03 while I was checking these files - I saw that a new file was created and then deleted called auto-whitelist.lock, due to the fact that the system starting processing mails at this time. The questions that I have are: 1-according to previous statements about the size of bayes_msgcount, have I only correctly processed 3 or 4 emails? 2-why are all of the .db files form a month and a half ago? 3-why are there still no headers containing anything regarding Bayes? Am I missing something. I have had MailScanner running for about 2 months now and am certain that I have processed enough emails. Any help is appreciated. Thank You Dene Ulmschneider Data Techie Inc. ------------------------------------------------------------------------- office: 718.738.8859 email: dene@datatechie.com pager mail: denenow@datatechie.com website: www.datatechie.com ------------------------------------------------------------------------- "Life is too short...-...you should have dessert first" At 02:29 PM 5/6/2003 +0100, you wrote: >At 14:18 06/05/2003, you wrote: >>Well i have just setup mailscanner 4.20-3 and i have some problemes >>with bayes "scoring". >> >>I have the bayes database working as it s modified each time i receive >>a mail but when i gor spam i never seen BAYES_DB tag in the scoring of >>spam. >>Is there a minim size of the bayes database in order to be uzed for >>scoring? > >It won't start using the results of the Bayes data until 200 messages have >been scanned. The bayes_msgcount file will tell you how many it has scanned >(file size == number of messages). > > >>Thanks in advance for any help >> >>P.S >>the command >>check_bayes_db -db /var/spool/spamassassin/bayes | head -8 >>0.000 0 0 0 non-token data: db format = on-the-fly >>probs, >>expiry, scan-counting >>0.000 0 16 0 non-token data: nspam >>0.000 0 1233 0 non-token data: nham >>0.000 0 51394 0 non-token data: ntokens >>0.000 0 0 0 non-token data: oldest age >>0.000 0 1382 0 non-token data: current scan-count >>0.000 0 0 0 non-token data: last expiry scan-count >>0.027 0 8 801 english >> >> >>-- >>Eric Doutreleau >>I.N.T | Tel : +33 (0) 160764687 >>9 rue Charles Fourier | Fax : +33 (0) 160764321 >>91011 Evry France | email : Eric.Doutreleau@int-evry.fr > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned for viruses and dangerous >content by Data Techie, and is believed to be clean. >Data Techie... always there to protect you! >http://www.datatechie.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030506/e93a7c6a/attachment.html From sevans at FOUNDATION.SDSU.EDU Tue May 6 15:30:08 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:17:57 2006 Subject: Store Non-Spam Message-ID: I think it would be useful because of bayes. I plan on making a copy of all non-spam marked mail, and seeing how long it takes to find false negatives, and then feed it into bayes. Steve Evans SDSU Foundation (619) 594-0653 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, May 05, 2003 12:09 PM To: MAILSCANNER@JISCMAIL.AC.UK At 19:31 05/05/2003, you wrote: >I'm just looking to use the options in MailScanner.conf to handle spam >messages, except for non-spam messages. I kind of want to use the >archive messages feature of MailScanner but selectively. There isn't a "Non Spam Actions" option, I'm afraid. I guess there could be, but it would take a bit encouragement :-) >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, May 05, 2003 11:14 AM >To: MAILSCANNER@JISCMAIL.AC.UK > >At 19:04 05/05/2003, you wrote: > >You can do certain actions on messages marked as spam or high scoring > >spam. But what about messages not marked as spam? I'd like to send > >those on to the correct recipient, and store it on the mail server in > >mbox format. > >Delivering mail is a job for your mail delivery agent, be it sendmail, >Postfix, Exim, ZMailer, /bin/mail, mail.local, procmail etc etc.... >MailScanner doesn't deliver mail, there are plenty of tools out there >which already do it very well :) >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz MailScanner thanks >transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 6 15:10:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:57 2006 Subject: Use of DCC Clarification In-Reply-To: <58526.129.80.22.143.1052229649.squirrel@tiger.dorfam.ca> Message-ID: <5.2.0.9.2.20030506150941.0325fd98@imap.ecs.soton.ac.uk> At 15:00 06/05/2003, you wrote: >I'm still trying to see if DCC is working when I use MailScanner (it works >if I call spamassassin outside of MailScanner). > >If I understand correctly the only change I need to make to activate DCC >is in the spam.assassin.prefs.conf file. I need to make sure the line >referencing DCC is uncommented. Is this correct? Just make sure that file doesn't set the DCC scores to 0. Comment out any "score" lines in that file to do with DCC. >Is there any way to turn on the DCC X-Header line? I couldn't find a way >to display it. No, afraid not. You should see DCC counting towards the SpamAssassin score though. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jase at SENSIS.COM Tue May 6 16:13:10 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:57 2006 Subject: when is bayes scoring used? Message-ID: Yes. > -----Original Message----- > From: No Name [mailto:Eric.Doutreleau@INT-EVRY.FR] > Sent: Tuesday, May 06, 2003 10:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] when is bayes scoring used? > > > On Tue, 6 May 2003, Julian Field wrote: > > When i launch spamassassin outside mailscanner i got this line > > debug: debug: Only 16 spam(s) in Bayes DB < 200 > > does that mean i should get more than 200 spam before it use bayes > filter for scoring? > > > > At 14:18 06/05/2003, you wrote: > > >Well i have just setup mailscanner 4.20-3 and i have some problemes > > >with bayes "scoring". > > > > > >I have the bayes database working as it s modified each > time i receive > > >a mail but when i gor spam i never seen BAYES_DB tag in > the scoring of > > >spam. > > >Is there a minim size of the bayes database in order to be uzed for > > >scoring? > > > > It won't start using the results of the Bayes data until > 200 messages have > > been scanned. The bayes_msgcount file will tell you how > many it has scanned > > (file size == number of messages). > > > > > > >Thanks in advance for any help > > > > > >P.S > > >the command > > >check_bayes_db -db /var/spool/spamassassin/bayes | head -8 > > >0.000 0 0 0 non-token data: db > format = on-the-fly > > >probs, > > >expiry, scan-counting > > >0.000 0 16 0 non-token data: nspam > > >0.000 0 1233 0 non-token data: nham > > >0.000 0 51394 0 non-token data: ntokens > > >0.000 0 0 0 non-token data: oldest age > > >0.000 0 1382 0 non-token data: current > scan-count > > >0.000 0 0 0 non-token data: last > expiry scan-count > > >0.027 0 8 801 english > > > > > > > > >-- > > >Eric Doutreleau > > >I.N.T | Tel : +33 (0) 160764687 > > >9 rue Charles Fourier | Fax : +33 (0) 160764321 > > >91011 Evry France | email : Eric.Doutreleau@int-evry.fr > > > > > > -- > Eric Doutreleau > I.N.T | Tel : +33 (0) 160764687 > 9 rue Charles Fourier | Fax : +33 (0) 160764321 > 91011 Evry France | email : Eric.Doutreleau@int-evry.fr > From nfeasey at UTPRESS.UTORONTO.CA Tue May 6 16:05:22 2003 From: nfeasey at UTPRESS.UTORONTO.CA (Feasey, Nicholas) Date: Thu Jan 12 21:17:57 2006 Subject: spam/notspam w/sa-learn Message-ID: The improvement that we are discussing is the ability to merely allow any mail user to FORWARD a message to spam or notspam and have it processed through SpamAssassin's sa-learn script and treated accordingly. The original problem, as Julian stated, is that Outlook, Outlook Express remove the headers when a message is forwarded so instead of the message being marked as spam or ham, depending on which email address (spam/notspam) you sent it to, it would incorrectly mark the end user. This is not the desired affect. I was mulling over the possibility of any user sending a email to either spam or notspam which merely contains an address (or series of addresses). Then a script runs which processes this messages through the sa-learn script which, in turn, teaches SpamAssassin about them. Unfortunately, although I pretty good in C and PHP, I'm not much of a Perl wizard. Perhaps what I describe above is exactly what your perl script does? If so, why not share it with the rest of us so we don't have to re-invent the wheel :) Many thanks. N -----Original Message----- From: Andrea Cogliati [mailto:AndreaC@GOTECH.IT] Sent: 6-May-03 4:14 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn Kevin, I'm currently using Exchange 2K Public Folders exactly for this purpose and I wrote a very simple Perl script for getting spam&ham from there. What 'improvement' are you talking about? Am I missing something? Bye, Andrea -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: Monday, May 05, 2003 9:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn A couple of us on the list have been experimenting with ways of using the 'public folders' feature in Exchange to get round this problem with Outlook. I understand this works with Exchange 5.5. But due to an 'improvement' Microsoft made in Exchange 2000 it doesn't work with that (which I personally find damn annoying). The basic way it works is by creating two public folders for spam and ham then using a script on the MailScanner machine to grab the messages using IMAP. The most important thing when feeding messages to sa-learn is that the message ID should not be changed (since sa-learn tracks which messages it has learned using this). Should the message ID change, which is likely to happen when forwarding, SA may well learn the same message as both ham and spam! On Mon, 2003-05-05 at 19:33, Feasey, Nicholas wrote: Hmm? So then, by forwarding I would place my address in the spam/notspam mailboxes and be identified as such. Any ideas on how to "fool" the app so that it will work with Outlook or am I going to have to try to write some sort of script - if, in fact, that is possible. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 19:16 05/05/2003, you wrote: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mike at CAMAROSS.NET Tue May 6 16:17:31 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:17:58 2006 Subject: Use of DCC Clarification In-Reply-To: Message-ID: <000201c313e2$9cd6df10$a91cbdcf@home.middlefinger.net> I just downloaded an installed DCC and did the symlink like you showed. How would I know if DCC is working or not? Is there a header that's added? Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Desai, Jason Sent: Tuesday, May 06, 2003 9:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Use of DCC Clarification I had to make sure that dccproc was in the path. MailScanner's path does not include /usr/local/bin (where dcc was installed by default for me), so I created a symbolic link. ls -al /usr/bin/dccproc lrwxrwxrwx 1 root root 22 Apr 16 11:33 /usr/bin/dccproc -> /usr/local/bin/dccproc Then dcc started working for me. Jason > -----Original Message----- > From: Gerry Doris [mailto:gerry@DORFAM.CA] > Sent: Tuesday, May 06, 2003 10:01 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Use of DCC Clarification > > > I'm still trying to see if DCC is working when I use MailScanner (it > works if I call spamassassin outside of MailScanner). > > If I understand correctly the only change I need to make to activate > DCC is in the spam.assassin.prefs.conf file. I need to make sure the > line referencing DCC is uncommented. Is this correct? > > Is there any way to turn on the DCC X-Header line? I couldn't find a > way to display it. > > > Gerry > From jase at SENSIS.COM Tue May 6 16:34:45 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:58 2006 Subject: Use of DCC Clarification Message-ID: You can check for DCC_CHECK in the spamassassin report (if the message was spam and the dcc check was positive). You can also sniff your network and see if your MailScanner server is sending out udp packets on port 6277. Jason > -----Original Message----- > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > Sent: Tuesday, May 06, 2003 11:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Use of DCC Clarification > > > I just downloaded an installed DCC and did the symlink like > you showed. How > would I know if DCC is working or not? Is there a header > that's added? > > Mike > > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of > Desai, Jason > Sent: Tuesday, May 06, 2003 9:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Use of DCC Clarification > > > I had to make sure that dccproc was in the path. > MailScanner's path does not > include /usr/local/bin (where dcc was installed by default > for me), so I created > a symbolic link. > > ls -al /usr/bin/dccproc > lrwxrwxrwx 1 root root 22 Apr 16 11:33 > /usr/bin/dccproc -> > /usr/local/bin/dccproc > > Then dcc started working for me. > > Jason > > > -----Original Message----- > > From: Gerry Doris [mailto:gerry@DORFAM.CA] > > Sent: Tuesday, May 06, 2003 10:01 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: [MAILSCANNER] Use of DCC Clarification > > > > > > I'm still trying to see if DCC is working when I use > MailScanner (it > > works if I call spamassassin outside of MailScanner). > > > > If I understand correctly the only change I need to make to > activate > > DCC is in the spam.assassin.prefs.conf file. I need to > make sure the > > line referencing DCC is uncommented. Is this correct? > > > > Is there any way to turn on the DCC X-Header line? I > couldn't find a > > way to display it. > > > > > > Gerry > > > From mike at CAMAROSS.NET Tue May 6 16:33:43 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:17:58 2006 Subject: Use of DCC Clarification In-Reply-To: Message-ID: <000301c313e4$e09f8dd0$a91cbdcf@home.middlefinger.net> I can see the dccproc process running when an email comes in, so I guess it's safe to assume that it's working. I rarely get spam anymore...and I LOVE it! :) Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Desai, Jason Sent: Tuesday, May 06, 2003 10:35 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Use of DCC Clarification You can check for DCC_CHECK in the spamassassin report (if the message was spam and the dcc check was positive). You can also sniff your network and see if your MailScanner server is sending out udp packets on port 6277. Jason > -----Original Message----- > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > Sent: Tuesday, May 06, 2003 11:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Use of DCC Clarification > > > I just downloaded an installed DCC and did the symlink like you > showed. How would I know if DCC is working or not? Is there a header > that's added? > > Mike > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Desai, Jason > Sent: Tuesday, May 06, 2003 9:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Use of DCC Clarification > > > I had to make sure that dccproc was in the path. MailScanner's path > does not include /usr/local/bin (where dcc was installed by default > for me), so I created > a symbolic link. > > ls -al /usr/bin/dccproc > lrwxrwxrwx 1 root root 22 Apr 16 11:33 > /usr/bin/dccproc -> > /usr/local/bin/dccproc > > Then dcc started working for me. > > Jason > > > -----Original Message----- > > From: Gerry Doris [mailto:gerry@DORFAM.CA] > > Sent: Tuesday, May 06, 2003 10:01 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: [MAILSCANNER] Use of DCC Clarification > > > > > > I'm still trying to see if DCC is working when I use > MailScanner (it > > works if I call spamassassin outside of MailScanner). > > > > If I understand correctly the only change I need to make to > activate > > DCC is in the spam.assassin.prefs.conf file. I need to > make sure the > > line referencing DCC is uncommented. Is this correct? > > > > Is there any way to turn on the DCC X-Header line? I > couldn't find a > > way to display it. > > > > > > Gerry > > > From jase at SENSIS.COM Tue May 6 16:38:23 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? Message-ID: I think you need 200 spam and 200 ham. Try running spamassassin with the -D switch for debug and see what it says about bayes. Also, you can run the check_bayes_db command and see how many spam and ham have been learned. And you can run "sa-learn -D --rebuild" and see if it says anything about there not being enough spam or ham. These may give you some clues to your questions. Jason -----Original Message----- From: Dene Ulmschneider [mailto:dene@DATATECHIE.COM] Sent: Tuesday, May 06, 2003 10:53 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] when is Bayes scoring used? Hey Julian et all- In regards to all of the messages I have read that Bayes will not start working until the magic number of 200 messages is reached, I am certain that I have processed more than 200 messages and yet I still see no "Bayes" entries in the headers. I have checked the files in /root/.spamassassin and found the following: filename size date modified auto-whitelist 644.0 kb today auto-whitelist.db 12.0 kb 3.28.03 bayes_msgcount 3.2 kb today bayes_seen 1.3 mb today bayes_seen.db 4.0 kb 3.28.03 bayes_toks 2.6 mb today bayes_toks.db 12.0 kb 3.28.03 while I was checking these files - I saw that a new file was created and then deleted called auto-whitelist.lock, due to the fact that the system starting processing mails at this time. The questions that I have are: 1-according to previous statements about the size of bayes_msgcount, have I only correctly processed 3 or 4 emails? 2-why are all of the .db files form a month and a half ago? 3-why are there still no headers containing anything regarding Bayes? Am I missing something. I have had MailScanner running for about 2 months now and am certain that I have processed enough emails. Any help is appreciated. Thank You Dene Ulmschneider Data Techie Inc. ------------------------------------------------------------------------- office: 718.738.8859 email: dene@datatechie.com pager mail: denenow@datatechie.com website: www.datatechie.com ------------------------------------------------------------------------- "Life is too short...-...you should have dessert first" At 02:29 PM 5/6/2003 +0100, you wrote: At 14:18 06/05/2003, you wrote: Well i have just setup mailscanner 4.20-3 and i have some problemes with bayes "scoring". I have the bayes database working as it s modified each time i receive a mail but when i gor spam i never seen BAYES_DB tag in the scoring of spam. Is there a minim size of the bayes database in order to be uzed for scoring? It won't start using the results of the Bayes data until 200 messages have been scanned. The bayes_msgcount file will tell you how many it has scanned (file size == number of messages). Thanks in advance for any help P.S the command check_bayes_db -db /var/spool/spamassassin/bayes | head -8 0.000 0 0 0 non-token data: db format = on-the-fly probs, expiry, scan-counting 0.000 0 16 0 non-token data: nspam 0.000 0 1233 0 non-token data: nham 0.000 0 51394 0 non-token data: ntokens 0.000 0 0 0 non-token data: oldest age 0.000 0 1382 0 non-token data: current scan-count 0.000 0 0 0 non-token data: last expiry scan-count 0.027 0 8 801 english -- Eric Doutreleau I.N.T | Tel : +33 (0) 160764687 9 rue Charles Fourier | Fax : +33 (0) 160764321 91011 Evry France | email : Eric.Doutreleau@int-evry.fr -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- This message has been scanned for viruses and dangerous content by Data Techie, and is believed to be clean. Data Techie... always there to protect you! http://www.datatechie.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030506/64a650ec/attachment.html From nerijus at USERS.SOURCEFORGE.NET Tue May 6 17:40:39 2003 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:17:58 2006 Subject: Kaspersky doesn't find viruses In-Reply-To: References: Message-ID: <1052239239.1217.45.camel@nerijus> An, 2003-05-06 07:29, Bob Fayne wrote: > I am using Kaspersky v.4.0.3.0 with MailScanner 4.20-3 under FreeBSD 4.7. > With the default kaspersky-wrapper, no viruses are found. > > I commented out this line in kaspersky-wrapper: > ScanOptions="$ScanOptions -F=$PF" # use profile (config file) > > and it is able to at least recognize viruses but doesn't handle them > properly. When I change back to antivir (no changes to MailScanner.conf), > everything works fine. > > I would prefer to use Kaspersky, but has anyone else had success with the > latest versions? Yes, it works for me with kaspersky 4.0.3.0 and mailscanner 4.15-13 (kaspersky support didn't change between this and the latest version IMHO). Nerijus From hciss at HCIWS.COM Tue May 6 18:47:23 2003 From: hciss at HCIWS.COM (Matt) Date: Thu Jan 12 21:17:58 2006 Subject: Turning On Spam Checks with Script Message-ID: <011c01c313f7$934c8020$7801a8c0@matthew> What I would like to do is setup Mailscanner so it does Spam checks but all users are whitelisted by default. So if they want Spam checks they must turn it on and they will have no reason to complain to me about seeing there email tagged with {SPAM?}. To explain. If a user wants Spam checks enabled on there email account they would go to a webpage, enter there email address in a form and that would enable Spam checks for them. If they later decide they do not like getting a bunch of there email tagged with {SPAM?} they could go back and enter there email in a removal form and turn it off. It would also be nice if they could enter a from addresses to whitelist in a form if its being tagged incorrectly. All these forms should have access restricted to local IP subnets I control for security. Is something like this possible with a perl script? I imagine one gotcha is that if a config file is modified by a script it will not take affect until mailscanner is restarted but that occurs every 6 hours I thought? Matt From dene at DATATECHIE.COM Tue May 6 19:17:08 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: Message-ID: <5.1.0.14.2.20030506141348.00ba61e0@192.168.1.112> The sa-learn -D --rebuild returned the following output: <---snip---> debug: Score set 0 chosen. debug: running in taint mode? no debug: using "/usr/share/spamassassin" for default rules dir debug: using "/etc/mail/spamassassin" for site rules dir Failed to create default user preference file /root/.spamassassin/user_prefs debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: bayes: 17204 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 17204 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: debug: Only 87 spam(s) in Bayes DB < 200 debug: bayes: 17204 untie-ing debug: bayes: 17204 untie-ing db_toks debug: bayes: 17204 untie-ing db_seen debug: Score set 0 chosen. debug: Initialising learner debug: Initialising learner debug: lock: 17204 created /root/.spamassassin/bayes.lock.neo.datatechie.com.17204 debug: lock: 17204 trying to get lock on /root/.spamassassin/bayes with 0 retries debug: lock: 17204 link to /root/.spamassassin/bayes.lock: link ok debug: bayes: 17204 tie-ing to DB file R/W /root/.spamassassin/bayes_toks debug: bayes: 17204 tie-ing to DB file R/W /root/.spamassassin/bayes_seen debug: bayes: 17204 untie-ing debug: bayes: 17204 untie-ing db_toks debug: bayes: 17204 untie-ing db_seen debug: bayes: files locked, now unlocking lock debug: unlock: 17204 unlink /root/.spamassassin/bayes.lock debug: bayes: 17204 untie-ing <---snip---> Does anything look wrong? I am shocked to find that only 87 messages have been recorded so far, but that's what the output states. Thanks for the help. Dene At 11:38 AM 5/6/2003 -0400, you wrote: >I think you need 200 spam and 200 ham. Try running spamassassin with the >-D switch for debug and see what it says about bayes. Also, you can run >the check_bayes_db command and see how many spam and ham have been >learned. And you can run "sa-learn -D --rebuild" and see if it says >anything about there not being enough spam or ham. These may give you >some clues to your questions. > >Jason >-----Original Message----- >From: Dene Ulmschneider [mailto:dene@DATATECHIE.COM] >Sent: Tuesday, May 06, 2003 10:53 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] when is Bayes scoring used? > >Hey Julian et all- > >In regards to all of the messages I have read that Bayes will not start >working until the magic number of 200 messages is reached, I am certain >that I have processed more than 200 messages and yet I still see no >"Bayes" entries in the headers. > >I have checked the files in /root/.spamassassin and found the following: > >filename size date modified >auto-whitelist 644.0 kb today >auto-whitelist.db 12.0 kb 3.28.03 >bayes_msgcount 3.2 kb today >bayes_seen 1.3 mb today >bayes_seen.db 4.0 kb 3.28.03 >bayes_toks 2.6 mb today >bayes_toks.db 12.0 kb 3.28.03 > >while I was checking these files - I saw that a new file was created and >then deleted called auto-whitelist.lock, due to the fact that the system >starting processing mails at this time. > >The questions that I have are: >1-according to previous statements about the size of bayes_msgcount, have >I only correctly processed 3 or 4 emails? >2-why are all of the .db files form a month and a half ago? >3-why are there still no headers containing anything regarding Bayes? > >Am I missing something. I have had MailScanner running for about 2 months >now and am certain that I have processed enough emails. > >Any help is appreciated. > >Thank You > >Dene Ulmschneider >Data Techie Inc. >------------------------------------------------------------------------- >office: 718.738.8859 >email: dene@datatechie.com >pager mail: denenow@datatechie.com >website: www.datatechie.com >------------------------------------------------------------------------- >"Life is too short...-...you should have dessert first" > >At 02:29 PM 5/6/2003 +0100, you wrote: >>At 14:18 06/05/2003, you wrote: >>>Well i have just setup mailscanner 4.20-3 and i have some problemes >>>with bayes "scoring". >>> >>>I have the bayes database working as it s modified each time i receive >>>a mail but when i gor spam i never seen BAYES_DB tag in the scoring of >>>spam. >>>Is there a minim size of the bayes database in order to be uzed for >>>scoring? >>It won't start using the results of the Bayes data until 200 messages have >>been scanned. The bayes_msgcount file will tell you how many it has scanned >>(file size == number of messages). >> >> >> >>>Thanks in advance for any help >>> >>>P.S >>>the command >>>check_bayes_db -db /var/spool/spamassassin/bayes | head -8 >>>0.000 0 0 0 non-token data: db format = on-the-fly >>>probs, >>>expiry, scan-counting >>>0.000 0 16 0 non-token data: nspam >>>0.000 0 1233 0 non-token data: nham >>>0.000 0 51394 0 non-token data: ntokens >>>0.000 0 0 0 non-token data: oldest age >>>0.000 0 1382 0 non-token data: current scan-count >>>0.000 0 0 0 non-token data: last expiry scan-count >>>0.027 0 8 801 english >>> >>> >>> >>>-- >>>Eric Doutreleau >>>I.N.T | Tel : +33 (0) 160764687 >>>9 rue Charles Fourier | Fax : +33 (0) 160764321 >>>91011 Evry France | email : Eric.Doutreleau@int-evry.fr >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030506/b358aade/attachment.html From dene at DATATECHIE.COM Tue May 6 19:38:10 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: <5.1.0.14.2.20030506141348.00ba61e0@192.168.1.112> References: Message-ID: <5.1.0.14.2.20030506143409.03242570@192.168.1.112> something else to add... According the script that Julian provided to run sa-learn through cron, my log is called "learn.spam.log" When I checked that file - I added up all of the "learned form XX messages" and the total number was 447. Is the "learned from" referring to spam and ham? Is it possible that I have 87 spam and the rest of them a ham? I thought I was pretty sure that more spam was getting processed than ham - but I could be wrong. Can anyone shed a little light? Dene At 02:17 PM 5/6/2003 -0400, you wrote: >The sa-learn -D --rebuild returned the following output: > ><---snip---> >debug: Score set 0 chosen. >debug: running in taint mode? no >debug: using "/usr/share/spamassassin" for default rules dir >debug: using "/etc/mail/spamassassin" for site rules dir >Failed to create default user preference file /root/.spamassassin/user_prefs >debug: using "/root/.spamassassin/user_prefs" for user prefs file >debug: bayes: 17204 tie-ing to DB file R/O /root/.spamassassin/bayes_toks >debug: bayes: 17204 tie-ing to DB file R/O /root/.spamassassin/bayes_seen >debug: debug: Only 87 spam(s) in Bayes DB < 200 >debug: bayes: 17204 untie-ing >debug: bayes: 17204 untie-ing db_toks >debug: bayes: 17204 untie-ing db_seen >debug: Score set 0 chosen. >debug: Initialising learner >debug: Initialising learner >debug: lock: 17204 created >/root/.spamassassin/bayes.lock.neo.datatechie.com.17204 >debug: lock: 17204 trying to get lock on /root/.spamassassin/bayes with 0 >retries >debug: lock: 17204 link to /root/.spamassassin/bayes.lock: link ok >debug: bayes: 17204 tie-ing to DB file R/W /root/.spamassassin/bayes_toks >debug: bayes: 17204 tie-ing to DB file R/W /root/.spamassassin/bayes_seen >debug: bayes: 17204 untie-ing >debug: bayes: 17204 untie-ing db_toks >debug: bayes: 17204 untie-ing db_seen >debug: bayes: files locked, now unlocking lock >debug: unlock: 17204 unlink /root/.spamassassin/bayes.lock >debug: bayes: 17204 untie-ing ><---snip---> > >Does anything look wrong? I am shocked to find that only 87 messages have >been recorded so far, but that's what the output states. > >Thanks for the help. > >Dene > >At 11:38 AM 5/6/2003 -0400, you wrote: >>I think you need 200 spam and 200 ham. Try running spamassassin with the >>-D switch for debug and see what it says about bayes. Also, you can run >>the check_bayes_db command and see how many spam and ham have been >>learned. And you can run "sa-learn -D --rebuild" and see if it says >>anything about there not being enough spam or ham. These may give you >>some clues to your questions. >> >>Jason >>-----Original Message----- >>From: Dene Ulmschneider [mailto:dene@DATATECHIE.COM] >>Sent: Tuesday, May 06, 2003 10:53 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: [MAILSCANNER] when is Bayes scoring used? >> >>Hey Julian et all- >> >>In regards to all of the messages I have read that Bayes will not start >>working until the magic number of 200 messages is reached, I am certain >>that I have processed more than 200 messages and yet I still see no >>"Bayes" entries in the headers. >> >>I have checked the files in /root/.spamassassin and found the following: >> >>filename size date modified >>auto-whitelist 644.0 kb today >>auto-whitelist.db 12.0 kb 3.28.03 >>bayes_msgcount 3.2 kb today >>bayes_seen 1.3 mb today >>bayes_seen.db 4.0 kb 3.28.03 >>bayes_toks 2.6 mb today >>bayes_toks.db 12.0 kb 3.28.03 >> >>while I was checking these files - I saw that a new file was created and >>then deleted called auto-whitelist.lock, due to the fact that the system >>starting processing mails at this time. >> >>The questions that I have are: >>1-according to previous statements about the size of bayes_msgcount, have >>I only correctly processed 3 or 4 emails? >>2-why are all of the .db files form a month and a half ago? >>3-why are there still no headers containing anything regarding Bayes? >>Am I missing something. I have had MailScanner running for about 2 months >>now and am certain that I have processed enough emails. >> >>Any help is appreciated. >> >>Thank You >> >>Dene Ulmschneider >>Data Techie Inc. >>------------------------------------------------------------------------- >>office: 718.738.8859 >>email: dene@datatechie.com >>pager mail: denenow@datatechie.com >>website: www.datatechie.com >>------------------------------------------------------------------------- >>"Life is too short...-...you should have dessert first" >> >>At 02:29 PM 5/6/2003 +0100, you wrote: >>>At 14:18 06/05/2003, you wrote: >>>>Well i have just setup mailscanner 4.20-3 and i have some problemes >>>>with bayes "scoring". >>>> >>>>I have the bayes database working as it s modified each time i receive >>>>a mail but when i gor spam i never seen BAYES_DB tag in the scoring of >>>>spam. >>>>Is there a minim size of the bayes database in order to be uzed for >>>>scoring? >>>It won't start using the results of the Bayes data until 200 messages have >>>been scanned. The bayes_msgcount file will tell you how many it has scanned >>>(file size == number of messages). >>> >>> >>> >>> >>> >>>>Thanks in advance for any help >>>> >>>>P.S >>>>the command >>>>check_bayes_db -db /var/spool/spamassassin/bayes | head -8 >>>>0.000 0 0 0 non-token data: db format = on-the-fly >>>>probs, >>>>expiry, scan-counting >>>>0.000 0 16 0 non-token data: nspam >>>>0.000 0 1233 0 non-token data: nham >>>>0.000 0 51394 0 non-token data: ntokens >>>>0.000 0 0 0 non-token data: oldest age >>>>0.000 0 1382 0 non-token data: current scan-count >>>>0.000 0 0 0 non-token data: last expiry scan-count >>>>0.027 0 8 801 english >>>> >>>> >>>> >>>> >>>> >>>>-- >>>>Eric Doutreleau >>>>I.N.T | Tel : +33 (0) 160764687 >>>>9 rue Charles Fourier | Fax : +33 (0) 160764321 >>>>91011 Evry France | email : Eric.Doutreleau@int-evry.fr >>>-- >>>Julian Field >>>www.MailScanner.info >>>MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030506/e739ab0c/attachment.html From jase at SENSIS.COM Tue May 6 20:23:06 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? Message-ID: Are you sure you're using the same bayes database for everything? Make sure you are running everything (MailScanner, sa-learn scripts, etc) as the same user or you specify the same location for your bayes database. I think you can force a location in both your spam.assassin.prefs.conf and in MailScanner.conf. If you're not specifying a location, it should default to ~/.spamassassin. Right now though, it looks like your database (for root) has only learned about 87 spams. Jason -----Original Message----- From: Dene Ulmschneider [mailto:dene@DATATECHIE.COM] Sent: Tuesday, May 06, 2003 2:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] when is Bayes scoring used? something else to add... According the script that Julian provided to run sa-learn through cron, my log is called "learn.spam.log" When I checked that file - I added up all of the "learned form XX messages" and the total number was 447. Is the "learned from" referring to spam and ham? Is it possible that I have 87 spam and the rest of them a ham? I thought I was pretty sure that more spam was getting processed than ham - but I could be wrong. Can anyone shed a little light? Dene At 02:17 PM 5/6/2003 -0400, you wrote: The sa-learn -D --rebuild returned the following output: <---snip---> debug: Score set 0 chosen. debug: running in taint mode? no debug: using "/usr/share/spamassassin" for default rules dir debug: using "/etc/mail/spamassassin" for site rules dir Failed to create default user preference file /root/.spamassassin/user_prefs debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: bayes: 17204 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 17204 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: debug: Only 87 spam(s) in Bayes DB < 200 debug: bayes: 17204 untie-ing debug: bayes: 17204 untie-ing db_toks debug: bayes: 17204 untie-ing db_seen debug: Score set 0 chosen. debug: Initialising learner debug: Initialising learner debug: lock: 17204 created /root/.spamassassin/bayes.lock.neo.datatechie.com.17204 debug: lock: 17204 trying to get lock on /root/.spamassassin/bayes with 0 retries debug: lock: 17204 link to /root/.spamassassin/bayes.lock: link ok debug: bayes: 17204 tie-ing to DB file R/W /root/.spamassassin/bayes_toks debug: bayes: 17204 tie-ing to DB file R/W /root/.spamassassin/bayes_seen debug: bayes: 17204 untie-ing debug: bayes: 17204 untie-ing db_toks debug: bayes: 17204 untie-ing db_seen debug: bayes: files locked, now unlocking lock debug: unlock: 17204 unlink /root/.spamassassin/bayes.lock debug: bayes: 17204 untie-ing <---snip---> Does anything look wrong? I am shocked to find that only 87 messages have been recorded so far, but that's what the output states. Thanks for the help. Dene At 11:38 AM 5/6/2003 -0400, you wrote: I think you need 200 spam and 200 ham. Try running spamassassin with the -D switch for debug and see what it says about bayes. Also, you can run the check_bayes_db command and see how many spam and ham have been learned. And you can run "sa-learn -D --rebuild" and see if it says anything about there not being enough spam or ham. These may give you some clues to your questions. Jason -----Original Message----- From: Dene Ulmschneider [ mailto:dene@DATATECHIE.COM ] Sent: Tuesday, May 06, 2003 10:53 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] when is Bayes scoring used? Hey Julian et all- In regards to all of the messages I have read that Bayes will not start working until the magic number of 200 messages is reached, I am certain that I have processed more than 200 messages and yet I still see no "Bayes" entries in the headers. I have checked the files in /root/.spamassassin and found the following: filename size date modified auto-whitelist 644.0 kb today auto-whitelist.db 12.0 kb 3.28.03 bayes_msgcount 3.2 kb today bayes_seen 1.3 mb today bayes_seen.db 4.0 kb 3.28.03 bayes_toks 2.6 mb today bayes_toks.db 12.0 kb 3.28.03 while I was checking these files - I saw that a new file was created and then deleted called auto-whitelist.lock, due to the fact that the system starting processing mails at this time. The questions that I have are: 1-according to previous statements about the size of bayes_msgcount, have I only correctly processed 3 or 4 emails? 2-why are all of the .db files form a month and a half ago? 3-why are there still no headers containing anything regarding Bayes? Am I missing something. I have had MailScanner running for about 2 months now and am certain that I have processed enough emails. Any help is appreciated. Thank You Dene Ulmschneider Data Techie Inc. ------------------------------------------------------------------------- office: 718.738.8859 email: dene@datatechie.com pager mail: denenow@datatechie.com website: www.datatechie.com ------------------------------------------------------------------------- "Life is too short...-...you should have dessert first" At 02:29 PM 5/6/2003 +0100, you wrote: At 14:18 06/05/2003, you wrote: Well i have just setup mailscanner 4.20-3 and i have some problemes with bayes "scoring". I have the bayes database working as it s modified each time i receive a mail but when i gor spam i never seen BAYES_DB tag in the scoring of spam. Is there a minim size of the bayes database in order to be uzed for scoring? It won't start using the results of the Bayes data until 200 messages have been scanned. The bayes_msgcount file will tell you how many it has scanned (file size == number of messages). Thanks in advance for any help P.S the command check_bayes_db -db /var/spool/spamassassin/bayes | head -8 0.000 0 0 0 non-token data: db format = on-the-fly probs, expiry, scan-counting 0.000 0 16 0 non-token data: nspam 0.000 0 1233 0 non-token data: nham 0.000 0 51394 0 non-token data: ntokens 0.000 0 0 0 non-token data: oldest age 0.000 0 1382 0 non-token data: current scan-count 0.000 0 0 0 non-token data: last expiry scan-count 0.027 0 8 801 english -- Eric Doutreleau I.N.T | Tel : +33 (0) 160764687 9 rue Charles Fourier | Fax : +33 (0) 160764321 91011 Evry France | email : Eric.Doutreleau@int-evry.fr -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030506/4917d8e0/attachment.html From jaearick at COLBY.EDU Tue May 6 20:28:13 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:17:58 2006 Subject: my mail server is drowning Message-ID: Gang, Setup: Sun E220R (2 450 MHZ CPUS, 2 GB memory), Solaris 8, MailScanner-4.20-3, sophos 3.69, sophosavi, sendmail 8.12.9, spamassassin 2.53 (bayes learning on). Other stuff running on the box: qpopper 4.0.5, mailman 2.1.2. Problem: It can't keep up with the mail traffic. We get roughly 25K messages a day. I didn't really have this problem until after sophos 3.67 came out, it has been getting worse even with sophossavi. A backlog forms in mqueue.in in the morning and the box can't keep up during the day. Right now (1:30 PM), I've got slightly more than 1000 messages waiting on MailScanner. My system load (uptime load) is a steady a steady 10 to 12, sar shows roughly 70% usr, 30% sys with no idle. vmstat shows that the system is doing memory paging like crazy (pi=5K). Iostat is not outrageous on anything, so the issue seems to be lack of CPU. "top" shows that MailScanner is a real heavyweight on memory usage. Each process is roughly 40M is size, with most of that resident in memory. The only other heavy memory user is named (170 to 190 MB). I've tried tuning MS by changing the number of emails per scan (25 to 100), the number of children (4 to 10, currently running 6). Nothing helps. It takes MS several minutes to chomp on 100 messages -- time enough for 100 more messages to roll in. Any suggestions for tuning? Any ideas why MS takes so much memory? Is this related to the bayes learning in SA? I've noticed that the files in /var/spool/spamassassin are big: -rw-r--r-- 1 root daemon 1335296 May 6 13:49 auto-whitelist -rw------- 1 root daemon 112 May 6 13:49 bayes.lock -rw------- 1 root daemon 98 May 6 13:49 bayes.lock.emerald.14132 -rw------- 1 root daemon 45468 May 6 13:49 bayes_journal -rw------- 1 root daemon 54 May 6 13:49 bayes_msgcount -rw-r--r-- 1 root daemon 10559488 May 6 13:49 bayes_seen -rw------- 1 root daemon 7700480 May 6 13:49 bayes_toks and that lsof shows me that bayes_seen and bayes_toks files are used by MS processes. Maybe the size of these files related to the memory usage of MS? --- Jeff Earickson Colby College From ryanb at AACRAO.ORG Tue May 6 20:49:18 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:17:58 2006 Subject: bayes ignore {spam} tag in subject line Message-ID: I apologize if this is a dumb question but I haven't been able to find the answer anywhere. Is there a way to get Bayes to ignore the {spam} tag in the Subject line (without ignoring the entire Subject line)? Alternatively, is there an easy way to remove/replace a text string i.e. {spam} from all the messages in an mbox file? I'd like to have Bayes learn messages in my low scoring spam mailbox after I've cleaned out the false positives. Thanks, Ryan From mikea at MIKEA.ATH.CX Tue May 6 20:53:03 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:17:58 2006 Subject: bayes ignore {spam} tag in subject line In-Reply-To: ; from ryanb@AACRAO.ORG on Tue, May 06, 2003 at 03:49:18PM -0400 References: Message-ID: <20030506145303.A74407@mikea.ath.cx> On Tue, May 06, 2003 at 03:49:18PM -0400, Bingham, Ryan wrote: > I apologize if this is a dumb question but I haven't been able to find > the answer anywhere. Is there a way to get Bayes to ignore the {spam} > tag in the Subject line (without ignoring the entire Subject line)? > Alternatively, is there an easy way to remove/replace a text string i.e. > {spam} from all the messages in an mbox file? > > I'd like to have Bayes learn messages in my low scoring spam mailbox > after I've cleaned out the false positives. Well, certainly you can use an editor on the mailbox to do the vim[1] equivalent of :1,999999 s/^Subject: {spam}/Subject: / where the line numbers are dependent on the size of the mailbox. I think it would be safer to work on a _copy_ of the mailbox, rather than on the original, unless it's not needed in a pristine state for archival or other purposes. [1] emacs users will have their own incantation, and will wave a totally different object as they chant. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From raymond at PROLOCATION.NET Tue May 6 21:31:25 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:58 2006 Subject: my mail server is drowning In-Reply-To: Message-ID: Hi! > Problem: It can't keep up with the mail traffic. We get roughly > 25K messages a day. I didn't really have this problem until after > sophos 3.67 came out, it has been getting worse even with sophossavi. > A backlog forms in mqueue.in in the morning and the box can't keep up > during the day. Right now (1:30 PM), I've got slightly more than 1000 > messages waiting on MailScanner. My system load (uptime load) Suggestion, move to f-prot or rav, that will ease down your CPUs. > with no idle. vmstat shows that the system is doing memory paging > like crazy (pi=5K). Iostat is not outrageous on anything, so the issue > seems to be lack of CPU. Yes, Sophos is known to be a CPU hogg and the last versions are even worse. We have two customers that migrated away allready towards competitive products. Bye, Raymond. From RHerban at GRAMTEL.NET Tue May 6 21:26:08 2003 From: RHerban at GRAMTEL.NET (Randy Herban) Date: Thu Jan 12 21:17:58 2006 Subject: bayes ignore {spam} tag in subject line Message-ID: > -----Original Message----- > From: mikea [mailto:mikea@MIKEA.ATH.CX] > Sent: Tuesday, May 06, 2003 2:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes ignore {spam} tag in subject line > > > On Tue, May 06, 2003 at 03:49:18PM -0400, Bingham, Ryan wrote: > > I apologize if this is a dumb question but I haven't been > able to find > > the answer anywhere. Is there a way to get Bayes to ignore > the {spam} > > tag in the Subject line (without ignoring the entire Subject line)? > > Alternatively, is there an easy way to remove/replace a text string > > i.e. {spam} from all the messages in an mbox file? > > > > I'd like to have Bayes learn messages in my low scoring > spam mailbox > > after I've cleaned out the false positives. > > Well, certainly you can use an editor on the mailbox to do > the vim[1] equivalent of > > :1,999999 s/^Subject: {spam}/Subject: / I only just saw this message and havn't been tracing this thread, but this can be done easier on the command line with sed. Not to discount vi but if this needs done on mass scale, vi won't work the greatest :o) Cat mailbox | sed -e "s/^Subject: {spam}/Subject:/" >> mailbox.tmp; mv mailbox.tmp mailbox To do on many mailboxes in a directory: For each in *; do at $each | sed -e "s/^Subject: {spam}/Subject:/" >> $each.tmp; mv $each.tmp $each; done; (capitalization is done by outlook, not by me, don't capitalize anything on the unix shell Sorry if this is way off track of conversation, but noticed this piece and figured I'd offer to help ease some pain. -Randy > > where the line numbers are dependent on the size of the > mailbox. I think it would be safer to work on a _copy_ of the > mailbox, rather than on the original, unless it's not needed > in a pristine state for archival or other purposes. > > [1] emacs users will have their own incantation, and will wave a > totally different object as they chant. > > -- > Mike Andrews > mikea@mikea.ath.cx > Tired old sysadmin since 1964 > From mark at TIPPINGMAR.COM Wed May 7 01:30:44 2003 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: Message-ID: <3EB7F144.7062.124CEF8@localhost> If you are counting on SpamAssassin to "auto-learn", rather than manually feeding messages through it, then it only uses messages with very high or low scores. The defaults are auto_learn_threshold_nonspam -2.0 auto_learn_threshold_spam 15.0 I imagine that 200 spams with scores greater than 15 will accumulate fairly quickly, but I don't see many messages with scores less than negative two, so how will it ever auto-learn any ham? Even messages internal to my network score zero. I'm thinking about changing the default to positive one or thereabouts. -- Mark W. Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave, Berkeley, CA 94704 visit our website at http://www.tippingmar.com From gerry at DORFAM.CA Wed May 7 01:54:28 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:17:58 2006 Subject: Use of DCC Clarification In-Reply-To: Message-ID: On Tue, 6 May 2003, Desai, Jason wrote: > I had to make sure that dccproc was in the path. MailScanner's path does > not include /usr/local/bin (where dcc was installed by default for me), so I > created a symbolic link. > > ls -al /usr/bin/dccproc > lrwxrwxrwx 1 root root 22 Apr 16 11:33 /usr/bin/dccproc -> > /usr/local/bin/dccproc > > Then dcc started working for me. > > Jason Another list member sent me a note saying that he added the line dcc_path /usr/local/bin/dccproc to spam.assassin.prefs.conf and DCC check started to work. I tried it and sure enough DCC is now operational. Perhaps this should be added to the spam.assassin.prefs.conf file instead of the "score dcc" line that's in there now??? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Wed May 7 02:01:19 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: <3EB7F144.7062.124CEF8@localhost> Message-ID: On Tue, 6 May 2003, Mark Nienberg wrote: > If you are counting on SpamAssassin to "auto-learn", rather than manually > feeding messages through it, then it only uses messages with very high or > low scores. The defaults are > > auto_learn_threshold_nonspam -2.0 > auto_learn_threshold_spam 15.0 > > I imagine that 200 spams with scores greater than 15 will accumulate fairly > quickly, but I don't see many messages with scores less than negative > two, so how will it ever auto-learn any ham? Even messages internal to > my network score zero. I'm thinking about changing the default to positive > one or thereabouts. > -- > Mark W. Nienberg, SE > Tipping Mar + associates > 1906 Shattuck Ave, Berkeley, CA 94704 > visit our website at http://www.tippingmar.com Where are those threshold lines added if I want to change them so that they take affect with MailScanner? Do you put them into spam.assassin.prefs.conf? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mailscanner at ecs.soton.ac.uk Wed May 7 07:59:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: my mail server is drowning In-Reply-To: Message-ID: <5.2.0.9.2.20030507075458.04930f00@imap.ecs.soton.ac.uk> Try 1) switch off bayes support in SpamAssassin 2) reduce number of children to 2 3) temporarily try f-prot instead of sophossavi 4) get rid of your auto-whitelist completely If you are doing lots of paging, then memory is surely your problem, not CPU. Context switching on SPARC architectures is quite an expensive operation, so if it is spending 30% of its CPU doing nothing other than context-switching, you have already lost most of 1 CPU. You need to get the paging figure down. One other alternative which might be worth it as a temporary test, is to use an Intel box instead of a SPARC one. You can still run Solaris on it, no problem, but context switching is a lot cheaper on Intel than SPARC. At 20:28 06/05/2003, you wrote: >Gang, > >Setup: Sun E220R (2 450 MHZ CPUS, 2 GB memory), Solaris 8, >MailScanner-4.20-3, sophos 3.69, sophosavi, sendmail 8.12.9, >spamassassin 2.53 (bayes learning on). Other stuff running >on the box: qpopper 4.0.5, mailman 2.1.2. > >Problem: It can't keep up with the mail traffic. We get roughly >25K messages a day. I didn't really have this problem until after >sophos 3.67 came out, it has been getting worse even with sophossavi. >A backlog forms in mqueue.in in the morning and the box can't keep up >during the day. Right now (1:30 PM), I've got slightly more than 1000 >messages waiting on MailScanner. My system load (uptime load) >is a steady a steady 10 to 12, sar shows roughly 70% usr, 30% sys >with no idle. vmstat shows that the system is doing memory paging >like crazy (pi=5K). Iostat is not outrageous on anything, so the issue >seems to be lack of CPU. > >"top" shows that MailScanner is a real heavyweight on memory usage. >Each process is roughly 40M is size, with most of that resident in >memory. The only other heavy memory user is named (170 to 190 MB). > >I've tried tuning MS by changing the number of emails per scan (25 to 100), >the number of children (4 to 10, currently running 6). Nothing helps. >It takes MS several minutes to chomp on 100 messages -- time enough for >100 more messages to roll in. > >Any suggestions for tuning? Any ideas why MS takes so much memory? >Is this related to the bayes learning in SA? I've noticed that the >files in /var/spool/spamassassin are big: > >-rw-r--r-- 1 root daemon 1335296 May 6 13:49 auto-whitelist >-rw------- 1 root daemon 112 May 6 13:49 bayes.lock >-rw------- 1 root daemon 98 May 6 13:49 bayes.lock.emerald.14132 >-rw------- 1 root daemon 45468 May 6 13:49 bayes_journal >-rw------- 1 root daemon 54 May 6 13:49 bayes_msgcount >-rw-r--r-- 1 root daemon 10559488 May 6 13:49 bayes_seen >-rw------- 1 root daemon 7700480 May 6 13:49 bayes_toks > >and that lsof shows me that bayes_seen and bayes_toks files are used >by MS processes. Maybe the size of these files related to the memory >usage of MS? > >--- Jeff Earickson > Colby College -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From David.While at UCE.AC.UK Wed May 7 08:46:41 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? Message-ID: Yep - put them in spam.assassin.prefs.conf also if you have moved the bayes databases from their default locations by using the settings in spam.assassin.prefs.conf then the sa-learn and check_bayes_db commands will give the wrong output - they check the default location of /root/.spamassassin (assuming MS etc is being run as root.). I use sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild to check my database and it reports correctly. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 Gerry Doris To: MAILSCANNER@JISCMAIL.AC.UK Sent by: cc: MailScanner Subject: Re: when is Bayes scoring used? mailing list 07/05/2003 02:01 Please respond to MailScanner mailing list On Tue, 6 May 2003, Mark Nienberg wrote: > If you are counting on SpamAssassin to "auto-learn", rather than manually > feeding messages through it, then it only uses messages with very high or > low scores. The defaults are > > auto_learn_threshold_nonspam -2.0 > auto_learn_threshold_spam 15.0 > > I imagine that 200 spams with scores greater than 15 will accumulate fairly > quickly, but I don't see many messages with scores less than negative > two, so how will it ever auto-learn any ham? Even messages internal to > my network score zero. I'm thinking about changing the default to positive > one or thereabouts. > -- > Mark W. Nienberg, SE > Tipping Mar + associates > 1906 Shattuck Ave, Berkeley, CA 94704 > visit our website at http://www.tippingmar.com Where are those threshold lines added if I want to change them so that they take affect with MailScanner? Do you put them into spam.assassin.prefs.conf? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mailscanner at ecs.soton.ac.uk Wed May 7 08:50:30 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: bayes ignore {spam} tag in subject line In-Reply-To: Message-ID: <5.2.0.9.2.20030507084846.050f3998@imap.ecs.soton.ac.uk> At 21:26 06/05/2003, you wrote: > > -----Original Message----- > > From: mikea [mailto:mikea@MIKEA.ATH.CX] > > Sent: Tuesday, May 06, 2003 2:53 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: bayes ignore {spam} tag in subject line > > > > > > On Tue, May 06, 2003 at 03:49:18PM -0400, Bingham, Ryan wrote: > > > I apologize if this is a dumb question but I haven't been > > able to find > > > the answer anywhere. Is there a way to get Bayes to ignore > > the {spam} > > > tag in the Subject line (without ignoring the entire Subject line)? > > > Alternatively, is there an easy way to remove/replace a text string > > > i.e. {spam} from all the messages in an mbox file? > > > > > > I'd like to have Bayes learn messages in my low scoring > > spam mailbox > > > after I've cleaned out the false positives. > > > > Well, certainly you can use an editor on the mailbox to do > > the vim[1] equivalent of > > > > :1,999999 s/^Subject: {spam}/Subject: / > > >I only just saw this message and havn't been tracing this thread, but this >can be done easier on the command line with sed. Not to discount vi but if >this needs done on mass scale, vi won't work the greatest :o) > >Cat mailbox | sed -e "s/^Subject: {spam}/Subject:/" >> mailbox.tmp; mv >mailbox.tmp mailbox A neater way might be perl -pi -e 's/^(Subject: )\{spam\}/$1/;' mailbox-file >To do on many mailboxes in a directory: >For each in *; do at $each | sed -e "s/^Subject: {spam}/Subject:/" >> >$each.tmp; mv $each.tmp $each; done; > >(capitalization is done by outlook, not by me, don't capitalize anything on >the unix shell > > >Sorry if this is way off track of conversation, but noticed this piece and >figured I'd offer to help ease some pain. > >-Randy > > > > > > > where the line numbers are dependent on the size of the > > mailbox. I think it would be safer to work on a _copy_ of the > > mailbox, rather than on the original, unless it's not needed > > in a pristine state for archival or other purposes. > > > > [1] emacs users will have their own incantation, and will wave a > > totally different object as they chant. > > > > -- > > Mike Andrews > > mikea@mikea.ath.cx > > Tired old sysadmin since 1964 > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 08:48:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: Turning On Spam Checks with Script In-Reply-To: <011c01c313f7$934c8020$7801a8c0@matthew> Message-ID: <5.2.0.9.2.20030507084254.03265d08@imap.ecs.soton.ac.uk> At 18:47 06/05/2003, you wrote: >What I would like to do is setup Mailscanner so it does Spam checks but all >users are whitelisted by default. So if they want Spam checks they must >turn it on and they will have no reason to complain to me about seeing there >email tagged with {SPAM?}. > >To explain. If a user wants Spam checks enabled on there email account they >would go to a webpage, enter there email address in a form and that would >enable Spam checks for them. If they later decide they do not like getting >a bunch of there email tagged with {SPAM?} they could go back and enter >there email in a removal form and turn it off. It would also be nice if >they could enter a from addresses to whitelist in a form if its being tagged >incorrectly. All these forms should have access restricted to local IP >subnets I control for security. > >Is something like this possible with a perl script? I imagine one gotcha is >that if a config file is modified by a script it will not take affect until >mailscanner is restarted but that occurs every 6 hours I thought? What I would do is turn on and off their {SPAM?} Subject: line tag, not the actual spam checking. Then if a "power user" wants to do his/her own filtering on the SpamScore header (for example) but doesn't want the Subject: line tag, then they can do it. How you the implement it depends on how many users you are talking about. If it's only a few hundred or so, I would recommend rebuilding a "spam.modify.subject.rules" file which is pointed to by an entry in MailScanner.conf like this: Spam Modify Subject = /etc/MailScanner/rules/spam.modify.subject.rules Then make that file say FromOrTo: default no To: user1@domain.com yes To: user2@domain.com yes and so on. If you are talking thousands of users, a database table might be better. You can suck in the DB table when MailScanner starts, then just do a very fast hash table lookup for each message. This will be very quick. If you have a "semaphore flag" file somewhere that indicates if the DB table has been modified recently, and a cron job to "reload" MailScanner, you can restart it every hour or so if any users have modified their settings. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 08:34:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: References: <3EB7F144.7062.124CEF8@localhost> Message-ID: <5.2.0.9.2.20030507083416.032ac2c0@imap.ecs.soton.ac.uk> At 02:01 07/05/2003, you wrote: >On Tue, 6 May 2003, Mark Nienberg wrote: > > > If you are counting on SpamAssassin to "auto-learn", rather than manually > > feeding messages through it, then it only uses messages with very high or > > low scores. The defaults are > > > > auto_learn_threshold_nonspam -2.0 > > auto_learn_threshold_spam 15.0 > > > > I imagine that 200 spams with scores greater than 15 will accumulate fairly > > quickly, but I don't see many messages with scores less than negative > > two, so how will it ever auto-learn any ham? Even messages internal to > > my network score zero. I'm thinking about changing the default to positive > > one or thereabouts. > > -- > > Mark W. Nienberg, SE > > Tipping Mar + associates > > 1906 Shattuck Ave, Berkeley, CA 94704 > > visit our website at http://www.tippingmar.com > >Where are those threshold lines added if I want to change them so that >they take affect with MailScanner? Do you put them into >spam.assassin.prefs.conf? Yes. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 08:37:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: Use of DCC Clarification In-Reply-To: References: Message-ID: <5.2.0.9.2.20030507083518.03217e18@imap.ecs.soton.ac.uk> At 01:54 07/05/2003, you wrote: >On Tue, 6 May 2003, Desai, Jason wrote: > > > I had to make sure that dccproc was in the path. MailScanner's path does > > not include /usr/local/bin (where dcc was installed by default for me), > so I > > created a symbolic link. > > > > ls -al /usr/bin/dccproc > > lrwxrwxrwx 1 root root 22 Apr 16 11:33 /usr/bin/dccproc -> > > /usr/local/bin/dccproc > > > > Then dcc started working for me. > > > > Jason > >Another list member sent me a note saying that he added the line > >dcc_path /usr/local/bin/dccproc > >to spam.assassin.prefs.conf and DCC check started to work. I tried it and >sure enough DCC is now operational. > >Perhaps this should be added to the spam.assassin.prefs.conf file instead >of the "score dcc" line that's in there now??? Can you just do a quick test for me, and set dcc_path to a path that *doesn't* exist please? I want to make sure that no error messages are logged anywhere, as otherwise the logging is going to get very noisy if it gets an error for every message. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 09:06:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: Itch + patch In-Reply-To: <20030507015038.GA9506@hkust.se> Message-ID: <5.2.0.9.2.20030507090520.032859e0@imap.ecs.soton.ac.uk> At 02:50 07/05/2003, you wrote: >I have a couple of patches that I find useful; > >1) During my last 4 or so updates of MailScanner, MS has been >automatically restarted by the cron script, while I was upgrading >config files etc, which is kind of unwanted. > >The patch below makes the cron script look for the lock file to see if >MailScanner has been stopped by the rc script. (same problem would >occur in runlevels where MS should not run) I have implemented it rather differently, so it uses the presence of a file to stop MailScanner, rather than the absence of one. It you rely on the absence of a file, but the directory you wanted to store it in never existed, then MailScanner would never restart itself. >2) I start my sendmail processes separately (I got four; in, out, >slow, list), so I don't want MS to start or stop them. > >(I also find if useful to be able to stop MailScanner *only* and still >accept mail) > >The patch below adds a config variable in sysconfig/MailScanner which >controls whether MS should control the mail daemons. Should work on >the other mailers, too, haven't checked. I'll think about adding that one. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From so-mlist-alias at all-about-shift.com Wed May 7 09:47:15 2003 From: so-mlist-alias at all-about-shift.com (Soeren Gerlach) Date: Thu Jan 12 21:17:58 2006 Subject: F-Prot enterprise/small business scanner & MailScanner Message-ID: <26545.193.194.7.77.1052297235.squirrel@miyako.all-about-shift.com> Hi, visiting the F-Prot site I recognized that F-Prot does [now?] not only have two kind of different licenses for their scanner but also the technique they're using is different. While the enterprise scanner uses a daemon with TCP/IP communication the small business version uses the default on demand scanner. I've noticed in this mailgroup that there were some discussions about pros and cons using scanning deamons and I know that MailScanner uses currently the on demand scanner because it can gain full controll in respect to used resources of the scanning process. So I'd like to ask what the current status of this discussion is daemon vs. on demand - and: Does MailScanner support both falvours of the F-Prot scanners? Thanks & regards, Soeren Gerlach From mailscanner at ecs.soton.ac.uk Wed May 7 09:54:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: F-Prot enterprise/small business scanner & MailScanner In-Reply-To: <26545.193.194.7.77.1052297235.squirrel@miyako.all-about-sh ift.com> Message-ID: <5.2.0.9.2.20030507095326.034233d8@imap.ecs.soton.ac.uk> At 09:47 07/05/2003, you wrote: >Hi, > >visiting the F-Prot site I recognized that F-Prot does [now?] not only >have two kind of different licenses for their scanner but also the >technique they're using is different. >While the enterprise scanner uses a daemon with TCP/IP communication the >small business version uses the default on demand scanner. > >I've noticed in this mailgroup that there were some discussions about pros >and cons using scanning deamons and I know that MailScanner uses currently >the on demand scanner because it can gain full controll in respect to used >resources of the scanning process. So I'd like to ask what the current >status of this discussion is daemon vs. on demand - and: Does MailScanner >support both falvours of the F-Prot scanners? Not at the moment, no. You want the command-line scanner, so the cheaper Small Business edition is what you want. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From klaus.strebel at EIGNER.COM Wed May 7 09:46:06 2003 From: klaus.strebel at EIGNER.COM (Klaus Strebel) Date: Thu Jan 12 21:17:58 2006 Subject: mailscanner-4.20-3 install ... Message-ID: <3EB8C7CE.7050706@eigner.com> Hi guys, rpm -Uvh mailscanner-4.20-3.noarch.rpm error: failed dependencies: postfix conflicts with mailscanner-4.20-3 did you update your specs-file ;-) (or is it 'cause a installed sendmail and postfix in paralell, well with nodeps and backing up/renaming files that both are using). Ciao Klaus -- Klaus Strebel UNIX-Engineer klaus.strebel@eigner.com EIGNER - Precision Lifecycle Management - From AndreaC at GOTECH.IT Wed May 7 10:01:29 2003 From: AndreaC at GOTECH.IT (Andrea Cogliati) Date: Thu Jan 12 21:17:58 2006 Subject: spam/notspam w/sa-learn Message-ID: <463F0AFA3E2CEA4E807EC569C019E7390984CC@atlantis.gtub.corp> Nicholas, I see the problem. My solution is not using Forwarding at all. I created two Public Folders on Exchange (2K) where users can copy (or move) spam & ham messages. Then I use a very quick & dirty perl script (I'm not a perl guru either) to feed the spam and notspam accounts on the MailScanner gateway where another script (Julian's one) runs sa_learn. I'm attaching my script to this message: it's really dumb and completely uncommented but it's working for us. Should you find it useful, please feel free to use it. Bye, Andrea -----Original Message----- From: Feasey, Nicholas [mailto:nfeasey@UTPRESS.UTORONTO.CA] Sent: Tuesday, May 06, 2003 5:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn The improvement that we are discussing is the ability to merely allow any mail user to FORWARD a message to spam or notspam and have it processed through SpamAssassin's sa-learn script and treated accordingly. The original problem, as Julian stated, is that Outlook, Outlook Express remove the headers when a message is forwarded so instead of the message being marked as spam or ham, depending on which email address (spam/notspam) you sent it to, it would incorrectly mark the end user. This is not the desired affect. I was mulling over the possibility of any user sending a email to either spam or notspam which merely contains an address (or series of addresses). Then a script runs which processes this messages through the sa-learn script which, in turn, teaches SpamAssassin about them. Unfortunately, although I pretty good in C and PHP, I'm not much of a Perl wizard. Perhaps what I describe above is exactly what your perl script does? If so, why not share it with the rest of us so we don't have to re-invent the wheel :) Many thanks. N -----Original Message----- From: Andrea Cogliati [mailto:AndreaC@GOTECH.IT] Sent: 6-May-03 4:14 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn Kevin, I'm currently using Exchange 2K Public Folders exactly for this purpose and I wrote a very simple Perl script for getting spam&ham from there. What 'improvement' are you talking about? Am I missing something? Bye, Andrea -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: Monday, May 05, 2003 9:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn A couple of us on the list have been experimenting with ways of using the 'public folders' feature in Exchange to get round this problem with Outlook. I understand this works with Exchange 5.5. But due to an 'improvement' Microsoft made in Exchange 2000 it doesn't work with that (which I personally find damn annoying). The basic way it works is by creating two public folders for spam and ham then using a script on the MailScanner machine to grab the messages using IMAP. The most important thing when feeding messages to sa-learn is that the message ID should not be changed (since sa-learn tracks which messages it has learned using this). Should the message ID change, which is likely to happen when forwarding, SA may well learn the same message as both ham and spam! On Mon, 2003-05-05 at 19:33, Feasey, Nicholas wrote: Hmm? So then, by forwarding I would place my address in the spam/notspam mailboxes and be identified as such. Any ideas on how to "fool" the app so that it will work with Outlook or am I going to have to try to write some sort of script - if, in fact, that is possible. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 19:16 05/05/2003, you wrote: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------- next part -------------- A non-text attachment was scrubbed... Name: GetSpam&Ham.pl Type: application/octet-stream Size: 1977 bytes Desc: GetSpam&Ham.pl Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030507/14dc69ac/GetSpamHam.obj From so-mlist-alias at all-about-shift.com Wed May 7 10:10:23 2003 From: so-mlist-alias at all-about-shift.com (Soeren Gerlach) Date: Thu Jan 12 21:17:58 2006 Subject: F-Prot enterprise/small business scanner & MailScanner In-Reply-To: <5.2.0.9.2.20030507095326.034233d8@imap.ecs.soton.ac.uk> References: <26545.193.194.7.77.1052297235.squirrel@miyako.all-about-sh <5.2.0.9.2.20030507095326.034233d8@imap.ecs.soton.ac.uk> Message-ID: <57000.193.194.7.77.1052298623.squirrel@miyako.all-about-shift.com> >>visiting the F-Prot site I recognized that F-Prot does [now?] not only >> have two kind of different licenses for their scanner but also the >> technique they're using is different. >>While the enterprise scanner uses a daemon with TCP/IP communication >> the small business version uses the default on demand scanner. >> >>I've noticed in this mailgroup that there were some discussions about >> pros and cons using scanning deamons and I know that MailScanner uses >> currently the on demand scanner because it can gain full controll in >> respect to used resources of the scanning process. So I'd like to ask >> what the current status of this discussion is daemon vs. on demand - >> and: Does MailScanner support both falvours of the F-Prot scanners? > > Not at the moment, no. You want the command-line scanner, so the cheaper > Small Business edition is what you want. Hi Julian, thanks for clearifying this issue so quick! Regards, Soeren From paul.hamilton at sme-ecom.co.uk Wed May 7 10:43:46 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:58 2006 Subject: Bayes Probability Message-ID: <000001c3147d$2a120f40$fc32000a@4> Hi All, Could someone advise us what level of percentage probability does Bayes have to reach before it deems a message to be Spam? Thanks in advance Paul H. From mailscanner at ecs.soton.ac.uk Wed May 7 10:05:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: mailscanner-4.20-3 install ... In-Reply-To: <3EB8C7CE.7050706@eigner.com> Message-ID: <5.2.0.9.2.20030507100427.0532b1b8@imap.ecs.soton.ac.uk> At 09:46 07/05/2003, you wrote: >Hi guys, > >rpm -Uvh mailscanner-4.20-3.noarch.rpm >error: failed dependencies: > postfix conflicts with mailscanner-4.20-3 > >did you update your specs-file ;-) Oops. You might need to add a "--nodeps" or even possibly "--force" to do it. > (or is it 'cause a installed sendmail >and postfix in paralell, well with nodeps and backing up/renaming files >that both are using). What OS and version are you on? If it's RedHat, then you should switch MTA's using "redhat-switchmail-nox". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dcmwai at AMTB-M.ORG.MY Wed May 7 11:24:19 2003 From: dcmwai at AMTB-M.ORG.MY (=?Big5?B?s6+7yrC2IENoYW4gTWluIFdhaQ==?=) Date: Thu Jan 12 21:17:58 2006 Subject: [OT]F-Secure 4.5 update for Rh9 Message-ID: <3EB8DED3.6080003@amtb-m.org.my> Hello, I've just got my F-secure running with mailscanner, but somehow, the dbupdate is having problem. I'm using RH9, can anyone help me to Over come that? Thank You Chan Min Wai -- ------------------------------ °¨¨Ó¦è¨È²b©v¾Ç·| Amitabha Buddhist Society (M) 16A, 1st Floor, Jalan Pahang, 53000, Kuala Lumpur, Malaysia. Tel:+603-40414101, 40452630 Fax:+603-40412172 WebPage: http://www.amtb-m.org.my E-Mail: amtbmy@amtb-m.org.my From mailscanner at ecs.soton.ac.uk Wed May 7 11:48:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: [OT]F-Secure 4.5 update for Rh9 In-Reply-To: <3EB8DED3.6080003@amtb-m.org.my> Message-ID: <5.2.0.9.2.20030507114809.04898308@imap.ecs.soton.ac.uk> What do you mean by dbupdate? You are using /usr/lib/MailScanner/f-secure-autoupdate or /usr/sbin/update_virus_scanners? At 11:24 07/05/2003, you wrote: >Hello, > > I've just got my F-secure running with mailscanner, but somehow, the >dbupdate is having problem. > >I'm using RH9, can anyone help me to Over come that? > > >Thank You >Chan Min Wai >-- >------------------------------ >?????????b?v???| >Amitabha Buddhist Society (M) >16A, 1st Floor, Jalan Pahang, >53000, Kuala Lumpur, >Malaysia. > >Tel:+603-40414101, 40452630 >Fax:+603-40412172 >WebPage: http://www.amtb-m.org.my >E-Mail: amtbmy@amtb-m.org.my -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From andersan at LTKALMAR.SE Wed May 7 11:55:17 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:17:58 2006 Subject: OT Regarding SA rpm vs compile with MS Message-ID: <9F18B7DDBA88E544AB1F1995148916660146E0@lkl63.ltkalmar.se> Hi First and last big thanks to Julian for a superb produkt :) I know there been discussion not to use the rpm of SA with mailscanner. Since Im not a great unix admin im just wondered if this has to do with ms config files or that SA change where the rpm will be installed. It wont be a big prob to compile SA but Im worried how to upgrade it if I cant use rpm? Ive tried csv once and broke the hole comp so Im a little worried since this is production servers! Any hints or future solutions for the possibillity to use the rpm instead? Kind regards /Anders From David.While at UCE.AC.UK Wed May 7 11:59:47 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:17:58 2006 Subject: OT Regarding SA rpm vs compile with MS Message-ID: I have used the RPMs of SA without any problem. I just recently upgraded to SA 2.53 using the RPMs. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 "Anders Andersson, IT" Sent by: MailScanner mailing list 07/05/2003 11:55 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: OT Regarding SA rpm vs compile with MS Hi First and last big thanks to Julian for a superb produkt :) I know there been discussion not to use the rpm of SA with mailscanner. Since Im not a great unix admin im just wondered if this has to do with ms config files or that SA change where the rpm will be installed. It wont be a big prob to compile SA but Im worried how to upgrade it if I cant use rpm? Ive tried csv once and broke the hole comp so Im a little worried since this is production servers! Any hints or future solutions for the possibillity to use the rpm instead? Kind regards /Anders -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030507/af903ec0/attachment.html From andersan at LTKALMAR.SE Wed May 7 12:14:50 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:17:58 2006 Subject: SV: OT Regarding SA rpm vs compile with MS Message-ID: <9F18B7DDBA88E544AB1F1995148916660146E2@lkl63.ltkalmar.se> Great, now I can start making plans :) -----Ursprungligt meddelande----- Fr?n: David While [mailto:David.While@UCE.AC.UK] Skickat: den 7 maj 2003 13:00 Till: MAILSCANNER@JISCMAIL.AC.UK ?mne: Re: OT Regarding SA rpm vs compile with MS I have used the RPMs of SA without any problem. I just recently upgraded to SA 2.53 using the RPMs. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 "Anders Andersson, IT" Sent by: MailScanner mailing list 07/05/2003 11:55 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: OT Regarding SA rpm vs compile with MS Hi First and last big thanks to Julian for a superb produkt :) I know there been discussion not to use the rpm of SA with mailscanner. Since Im not a great unix admin im just wondered if this has to do with ms config files or that SA change where the rpm will be installed. It wont be a big prob to compile SA but Im worried how to upgrade it if I cant use rpm? Ive tried csv once and broke the hole comp so Im a little worried since this is production servers! Any hints or future solutions for the possibillity to use the rpm instead? Kind regards /Anders -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030507/2a0fe274/attachment.html From mailscanner at ecs.soton.ac.uk Wed May 7 12:19:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: OT Regarding SA rpm vs compile with MS In-Reply-To: <9F18B7DDBA88E544AB1F1995148916660146E0@lkl63.ltkalmar.se> Message-ID: <5.2.0.9.2.20030507121643.0487fd90@imap.ecs.soton.ac.uk> At 11:55 07/05/2003, you wrote: >Hi >First and last big thanks to Julian for a superb produkt :) :-) >I know there been discussion not to use the rpm of SA with mailscanner. >Since Im not a great unix admin im just wondered if this has to do with ms >config files or that SA change where the rpm will be installed. It wont be a >big prob to compile SA but Im worried how to upgrade it if I cant use rpm? >Ive tried csv once and broke the hole comp so Im a little worried since this >is production servers! > >Any hints or future solutions for the possibillity to use the rpm instead? The RPM may work on some versions of RedHat, but not all, as the installation paths need to be changed between versions. This is why the MailScanner installation script rebuilds all the RPMs from SRPMs as it installs each one, it's the only way to guarantee the paths are right. Ignore the CVS versions of SpamAssassin, just use the full releases. Download the .tar.gz file, then unpack it with something like tar xzf Mail-SpamAssassin-2.53.tar.gz then build it cd Mail-SpamAssassin-2.53 perl Makefile.PL make make test make install When a new version is released, just do exactly the same steps with the new version and it will just install over the top of the old version. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From andersan at LTKALMAR.SE Wed May 7 12:30:54 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:17:58 2006 Subject: SV: OT Regarding SA rpm vs compile with MS Message-ID: <9F18B7DDBA88E544AB1F1995148916660146E4@lkl63.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Skickat: den 7 maj 2003 13:19 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: OT Regarding SA rpm vs compile with MS > > > At 11:55 07/05/2003, you wrote: > >Hi > >First and last big thanks to Julian for a superb produkt :) > > :-) > > >I know there been discussion not to use the rpm of SA with > mailscanner. > >Since Im not a great unix admin im just wondered if this has > to do with > >ms config files or that SA change where the rpm will be > installed. It > >wont be a big prob to compile SA but Im worried how to > upgrade it if I > >cant use rpm? Ive tried csv once and broke the hole comp so > Im a little > >worried since this is production servers! > > > >Any hints or future solutions for the possibillity to use the rpm > >instead? > > The RPM may work on some versions of RedHat, but not all, as > the installation paths need to be changed between versions. > This is why the MailScanner installation script rebuilds all > the RPMs from SRPMs as it installs each one, it's the only > way to guarantee the paths are right. > > Ignore the CVS versions of SpamAssassin, just use the full > releases. Download the .tar.gz file, then unpack it with > something like > tar xzf Mail-SpamAssassin-2.53.tar.gz > then build it > cd Mail-SpamAssassin-2.53 > perl Makefile.PL > make > make test > make install > > When a new version is released, just do exactly the same > steps with the new version and it will just install over the > top of the old version. Maybe I should give it a try, I need to evolve sometimes ;) Just setting up a test enviroment fo safety.... :) > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From andersan at LTKALMAR.SE Wed May 7 12:36:28 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:17:58 2006 Subject: SV: OT Regarding SA rpm vs compile with MS Message-ID: <9F18B7DDBA88E544AB1F1995148916660146E5@lkl63.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Skickat: den 7 maj 2003 13:19 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: OT Regarding SA rpm vs compile with MS > > > At 11:55 07/05/2003, you wrote: > >Hi > >First and last big thanks to Julian for a superb produkt :) > > :-) > > >I know there been discussion not to use the rpm of SA with > mailscanner. > >Since Im not a great unix admin im just wondered if this has > to do with > >ms config files or that SA change where the rpm will be > installed. It > >wont be a big prob to compile SA but Im worried how to > upgrade it if I > >cant use rpm? Ive tried csv once and broke the hole comp so > Im a little > >worried since this is production servers! > > > >Any hints or future solutions for the possibillity to use the rpm > >instead? > > The RPM may work on some versions of RedHat, but not all, as > the installation paths need to be changed between versions. > This is why the MailScanner installation script rebuilds all > the RPMs from SRPMs as it installs each one, it's the only > way to guarantee the paths are right. > > Ignore the CVS versions of SpamAssassin, just use the full > releases. Download the .tar.gz file, then unpack it with > something like > tar xzf Mail-SpamAssassin-2.53.tar.gz > then build it > cd Mail-SpamAssassin-2.53 > perl Makefile.PL > make > make test > make install > > When a new version is released, just do exactly the same > steps with the new version and it will just install over the > top of the old version. One question more. If I got old sa.rpm's installed they should be removed first or? > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From raymond at PROLOCATION.NET Wed May 7 12:37:36 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:58 2006 Subject: F-Prot enterprise/small business scanner & MailScanner In-Reply-To: <5.2.0.9.2.20030507095326.034233d8@imap.ecs.soton.ac.uk> Message-ID: Hi! > >I've noticed in this mailgroup that there were some discussions about pros > >and cons using scanning deamons and I know that MailScanner uses currently > >the on demand scanner because it can gain full controll in respect to used > >resources of the scanning process. So I'd like to ask what the current > >status of this discussion is daemon vs. on demand - and: Does MailScanner > >support both falvours of the F-Prot scanners? > Not at the moment, no. You want the command-line scanner, so the cheaper > Small Business edition is what you want. F-prot will change the pricing scheme i heard, they could not tell what exactly will change but something will come up in the near feature their sales guys told us. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed May 7 12:43:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: SV: OT Regarding SA rpm vs compile with MS In-Reply-To: <9F18B7DDBA88E544AB1F1995148916660146E5@lkl63.ltkalmar.se> Message-ID: <5.2.0.9.2.20030507124303.05506a68@imap.ecs.soton.ac.uk> At 12:36 07/05/2003, you wrote: > > -----Ursprungligt meddelande----- > > Fr?n: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Skickat: den 7 maj 2003 13:19 > > Till: MAILSCANNER@JISCMAIL.AC.UK > > ?mne: Re: OT Regarding SA rpm vs compile with MS > > > > > > At 11:55 07/05/2003, you wrote: > > >Hi > > >First and last big thanks to Julian for a superb produkt :) > > > > :-) > > > > >I know there been discussion not to use the rpm of SA with > > mailscanner. > > >Since Im not a great unix admin im just wondered if this has > > to do with > > >ms config files or that SA change where the rpm will be > > installed. It > > >wont be a big prob to compile SA but Im worried how to > > upgrade it if I > > >cant use rpm? Ive tried csv once and broke the hole comp so > > Im a little > > >worried since this is production servers! > > > > > >Any hints or future solutions for the possibillity to use the rpm > > >instead? > > > > The RPM may work on some versions of RedHat, but not all, as > > the installation paths need to be changed between versions. > > This is why the MailScanner installation script rebuilds all > > the RPMs from SRPMs as it installs each one, it's the only > > way to guarantee the paths are right. > > > > Ignore the CVS versions of SpamAssassin, just use the full > > releases. Download the .tar.gz file, then unpack it with > > something like > > tar xzf Mail-SpamAssassin-2.53.tar.gz > > then build it > > cd Mail-SpamAssassin-2.53 > > perl Makefile.PL > > make > > make test > > make install > > > > When a new version is released, just do exactly the same > > steps with the new version and it will just install over the > > top of the old version. > >One question more. >If I got old sa.rpm's installed they should be removed first or? I would, yes. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From carl.boberg at NRM.SE Wed May 7 13:05:29 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:17:58 2006 Subject: Problems with F-secure and MS In-Reply-To: <9F18B7DDBA88E544AB1F1995148916660146E4@lkl63.ltkalmar.se> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have recently noticed that my f-secure ver. 4.15 on linux is not working with MS anymore... It isnt scanning viruses. I have tested it with eicar and a real virus. Nothing happens! It just passes through. It has been working quite well. I think it might have stopped when i uppgraded to the MS version before last, 4.15 something... I have now uppgraded to 4.20 but still no function. I have checked the config and cant see anything strange. I checked the wrapper script and commented out the check for f-secure 4.50. I tested the wrapper-script: ./f-secure-wrapper virus.file and that works. But it doesnt work when I send email through MS... Any idea what this might bee? I am now running latest sophos beta AND f-secure, in that order. Headers in mail with virus says: X-MailScanner: Found to be infected, Found to be clean Would really appreciate som help on this one :-) Best regards - --------------------------------- Carl Boberg System & Network Administrator Dept. of Information Technology Swedish Museum of Natural History Frescativ. 40 104 05 Stockholm carl.boberg@nrm.se Phone: 08-519 551 16 Mobile: 0701-82 40 55 - --------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15f Bk36uVPBg7cF9jgCEGKBRW/A =XJbq -----END PGP SIGNATURE----- From carl.boberg at NRM.SE Wed May 7 13:31:21 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:17:58 2006 Subject: Problems with F-secure and MS In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found this in the maillog: May 7 11:47:38 smtp MailScanner[5306]: ./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B 11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1 messages WHAT! It says it is uninfected and delivers as ususal, but has found an infection? Im confused to what might be the problem here... / Carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Carl Boberg >Sent: Wednesday, May 07, 2003 14:05 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Problems with F-secure and MS > > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi, >I have recently noticed that my f-secure ver. 4.15 on linux is not >working with MS >anymore... It isnt scanning viruses. I have tested it with eicar and >a real virus. >Nothing happens! It just passes through. > >It has been working quite well. I think it might have stopped when i >uppgraded to >the MS version before last, 4.15 something... I have now uppgraded >to 4.20 but still >no function. > >I have checked the config and cant see anything strange. I checked >the wrapper script >and commented out the check for f-secure 4.50. I tested the >wrapper-script: > >./f-secure-wrapper virus.file > >and that works. But it doesnt work when I send email through MS... > >Any idea what this might bee? I am now running latest sophos beta >AND f-secure, in that >order. Headers in mail with virus says: > >X-MailScanner: Found to be infected, Found to be clean > >Would really appreciate som help on this one :-) > >Best regards >- --------------------------------- >Carl Boberg >System & Network Administrator >Dept. of Information Technology >Swedish Museum of Natural History >Frescativ. 40 >104 05 Stockholm >carl.boberg@nrm.se >Phone: 08-519 551 16 >Mobile: 0701-82 40 55 >- --------------------------------- > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 7.0.3 for non-commercial use > > >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15f >Bk36uVPBg7cF9jgCEGKBRW/A >=XJbq >-----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU Eu/Ybp4j0uofC5vq/yWwJnAO =E1IX -----END PGP SIGNATURE----- From dene at DATATECHIE.COM Wed May 7 13:32:48 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: <5.1.0.14.2.20030506143409.03242570@192.168.1.112> References: <5.1.0.14.2.20030506141348.00ba61e0@192.168.1.112> Message-ID: <5.1.0.14.2.20030507082145.02a69b20@192.168.1.112> OK - this is really getting a little confusing... I checked my "learn.spam.log" this morning and a found the following entries: Wed May 7 00:01:01 EDT 2003 Learned from 4 messages. Learned from 1 messages. Wed May 7 01:01:01 EDT 2003 The problem is that when I run sa-learn -D --rebuild I still get the message that says: Only 87 spam(s) in Bayes_db < 200 (it should be AT LEAST the 87 form yesterday plus the ones listed above - right?) Can anyone tell me how to fix this? The Bayes files on /root/.spamassassin are all being updated multiple times per day so I know it is working, unless of course the sa-learn command is reading Bayes info from another directory that really DOES only have 87 spam(s). Is there a way to run sa-learn and have it tell you the path that it is reading the Bayes info from? Thank for any assistance. Dene At 02:38 PM 5/6/2003 -0400, you wrote: >something else to add... > >According the script that Julian provided to run sa-learn through cron, my >log is called "learn.spam.log" > >When I checked that file - I added up all of the "learned form XX >messages" and the total number was 447. > >Is the "learned from" referring to spam and ham? Is it possible that I >have 87 spam and the rest of them a ham? I thought I was pretty sure that >more spam was getting processed than ham - but I could be wrong. > >Can anyone shed a little light? > >Dene -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030507/5a6c7f81/attachment.html From mailscanner at ecs.soton.ac.uk Wed May 7 13:50:17 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: <5.1.0.14.2.20030507082145.02a69b20@192.168.1.112> References: <5.1.0.14.2.20030506143409.03242570@192.168.1.112> <5.1.0.14.2.20030506141348.00ba61e0@192.168.1.112> Message-ID: <5.2.0.9.2.20030507134952.048a02b8@imap.ecs.soton.ac.uk> At 13:32 07/05/2003, you wrote: >OK - this is really getting a little confusing... > >I checked my "learn.spam.log" this morning and a found the following entries: > >Wed May 7 00:01:01 EDT 2003 >Learned from 4 messages. >Learned from 1 messages. >Wed May 7 01:01:01 EDT 2003 > >The problem is that when I run sa-learn -D --rebuild I still get the >message that says: >Only 87 spam(s) in Bayes_db < 200 >(it should be AT LEAST the 87 form yesterday plus the ones listed above - >right?) > >Can anyone tell me how to fix this? The Bayes files on /root/.spamassassin >are all being updated multiple times per day so I know it is working, >unless of course the sa-learn command is reading Bayes info from another >directory that really DOES only have 87 spam(s). > >Is there a way to run sa-learn and have it tell you the path that it is >reading the Bayes info from? Have you tried sa-learn -D ? I just ran "sa-learn" on its own and it prints the usage for you. >Thank for any assistance. > >Dene > >At 02:38 PM 5/6/2003 -0400, you wrote: >>something else to add... >> >>According the script that Julian provided to run sa-learn through cron, >>my log is called "learn.spam.log" >> >>When I checked that file - I added up all of the "learned form XX >>messages" and the total number was 447. >> >>Is the "learned from" referring to spam and ham? Is it possible that I >>have 87 spam and the rest of them a ham? I thought I was pretty sure that >>more spam was getting processed than ham - but I could be wrong. >> >>Can anyone shed a little light? >> >>Dene -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 13:48:11 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: Problems with F-secure and MS In-Reply-To: References: Message-ID: <5.2.0.9.2.20030507134626.034a6ad0@imap.ecs.soton.ac.uk> In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will find a function ProcessFSecureOutput. In there, just after a "Lose header" comment, they will be a line commented out that logs the version number. Please remove the # from the start of that line, then restart MailScanner and run an infected message through it. What did it log? At 13:31 07/05/2003, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I found this in the maillog: > >May 7 11:47:38 smtp MailScanner[5306]: >./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B >11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1 >messages > >WHAT! It says it is uninfected and delivers as ususal, but has found >an infection? > >Im confused to what might be the problem here... > >/ Carl > > >-----Original Message----- > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >Behalf Of Carl Boberg > >Sent: Wednesday, May 07, 2003 14:05 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Problems with F-secure and MS > > > > > > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Hi, > >I have recently noticed that my f-secure ver. 4.15 on linux is not > >working with MS > >anymore... It isnt scanning viruses. I have tested it with eicar and > >a real virus. > >Nothing happens! It just passes through. > > > >It has been working quite well. I think it might have stopped when i > >uppgraded to > >the MS version before last, 4.15 something... I have now uppgraded > >to 4.20 but still > >no function. > > > >I have checked the config and cant see anything strange. I checked > >the wrapper script > >and commented out the check for f-secure 4.50. I tested the > >wrapper-script: > > > >./f-secure-wrapper virus.file > > > >and that works. But it doesnt work when I send email through MS... > > > >Any idea what this might bee? I am now running latest sophos beta > >AND f-secure, in that > >order. Headers in mail with virus says: > > > >X-MailScanner: Found to be infected, Found to be clean > > > >Would really appreciate som help on this one :-) > > > >Best regards > >- --------------------------------- > >Carl Boberg > >System & Network Administrator > >Dept. of Information Technology > >Swedish Museum of Natural History > >Frescativ. 40 > >104 05 Stockholm > >carl.boberg@nrm.se > >Phone: 08-519 551 16 > >Mobile: 0701-82 40 55 > >- --------------------------------- > > > >-----BEGIN PGP SIGNATURE----- > >Version: PGPfreeware 7.0.3 for non-commercial use > > > > > >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15f > >Bk36uVPBg7cF9jgCEGKBRW/A > >=XJbq > >-----END PGP SIGNATURE----- > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 7.0.3 for non-commercial use > >iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU >Eu/Ybp4j0uofC5vq/yWwJnAO >=E1IX >-----END PGP SIGNATURE----- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From carl.boberg at NRM.SE Wed May 7 14:04:11 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:17:58 2006 Subject: Problems with F-secure and MS In-Reply-To: <5.2.0.9.2.20030507134626.034a6ad0@imap.ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are theese sufficient? May 7 15:02:22 smtp MailScanner[19448]: New Batch: Scanning 1 messages, 33216 bytes May 7 15:02:22 smtp MailScanner[19448]: Spam Checks: Starting May 7 15:02:22 smtp MailScanner[19448]: Virus and Content Scanning: Starting May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version 3.11=3.11 May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version 2003=2003 May 7 15:02:22 smtp last message repeated 2 times May 7 15:02:22 smtp MailScanner[19448]: ./h47D2Ltq019476/joke.ex_^Iinfection: W32/Hybris.worm.B May 7 15:02:22 smtp MailScanner[19448]: Uninfected: Delivered 1 messages / Carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Wednesday, May 07, 2003 14:48 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Problems with F-secure and MS > > >In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will find >a function ProcessFSecureOutput. In there, just after a "Lose >header" >comment, they will be a line commented out that logs the version >number. Please remove the # from the start of that line, then >restart MailScanner and run an infected message through it. What did >it log? > >At 13:31 07/05/2003, you wrote: >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>I found this in the maillog: >> >>May 7 11:47:38 smtp MailScanner[5306]: >>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B >>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1 >>messages >> >>WHAT! It says it is uninfected and delivers as ususal, but has >>found an infection? >> >>Im confused to what might be the problem here... >> >>/ Carl >> >> >-----Original Message----- >> >From: MailScanner mailing list >> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Carl Boberg >> >Sent: Wednesday, May 07, 2003 14:05 >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >Subject: Problems with F-secure and MS >> > >> > >> > >> >-----BEGIN PGP SIGNED MESSAGE----- >> >Hash: SHA1 >> > >> >Hi, >> >I have recently noticed that my f-secure ver. 4.15 on linux is >> >not working with MS >> >anymore... It isnt scanning viruses. I have tested it with eicar >> >and a real virus. >> >Nothing happens! It just passes through. >> > >> >It has been working quite well. I think it might have stopped >> >when i uppgraded to >> >the MS version before last, 4.15 something... I have now >> >uppgraded to 4.20 but still >> >no function. >> > >> >I have checked the config and cant see anything strange. I >> >checked the wrapper script >> >and commented out the check for f-secure 4.50. I tested the >> >wrapper-script: >> > >> >./f-secure-wrapper virus.file >> > >> >and that works. But it doesnt work when I send email through >> >MS... >> > >> >Any idea what this might bee? I am now running latest sophos beta >> >AND f-secure, in that >> >order. Headers in mail with virus says: >> > >> >X-MailScanner: Found to be infected, Found to be clean >> > >> >Would really appreciate som help on this one :-) >> > >> >Best regards >> >- --------------------------------- >> >Carl Boberg >> >System & Network Administrator >> >Dept. of Information Technology >> >Swedish Museum of Natural History >> >Frescativ. 40 >> >104 05 Stockholm >> >carl.boberg@nrm.se >> >Phone: 08-519 551 16 >> >Mobile: 0701-82 40 55 >> >- --------------------------------- >> > >> >-----BEGIN PGP SIGNATURE----- >> >Version: PGPfreeware 7.0.3 for non-commercial use >> > >> > >> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15f >> >Bk36uVPBg7cF9jgCEGKBRW/A >> >=XJbq >> >-----END PGP SIGNATURE----- >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGPfreeware 7.0.3 for non-commercial use >> >> >>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU >>Eu/Ybp4j0uofC5vq/yWwJnAO >>=E1IX >>-----END PGP SIGNATURE----- > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPrkERui5vtTaHS+IEQI1+wCgjBpAlCwh8Skzn1q/VUvOtsWprogAoO4E vVf1HiDAritxlDdJ/OITC/uT =2a9b -----END PGP SIGNATURE----- From paul.hamilton at sme-ecom.co.uk Wed May 7 14:11:20 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:58 2006 Subject: RBL's Message-ID: <000101c3149a$28fb9000$fc32000a@4> Hi All, We are just about to include RBL's to our MS.conf file, but we are a little unsure of what exactly to enter. We do not intend to use a ruleset. Would we enter for example: ORDB-RBL or relays.ordb.org. Thanks in advance Paul H. From mailscanner at ecs.soton.ac.uk Wed May 7 14:22:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:58 2006 Subject: Problems with F-secure and MS In-Reply-To: References: <5.2.0.9.2.20030507134626.034a6ad0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030507142236.048aec20@imap.ecs.soton.ac.uk> Please apply this patch to SweepViruses.pm and try it again for me: --- SweepViruses.pm 2003-05-03 11:10:03.000000000 +0100 +++ SweepViruses.pm.new 2003-05-07 14:23:13.000000000 +0100 @@ -1190,7 +1190,8 @@ #system("echo -n '$line' | od -c"); # Lose header - if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i) { + if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i && + !$fsecure_Version) { $fsecure_Version = $1 + 0.0; #MailScanner::Log::InfoLog("Found F-Secure version $1=$fsecure_Version\n"); return 0; At 14:04 07/05/2003, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Are theese sufficient? > >May 7 15:02:22 smtp MailScanner[19448]: New Batch: Scanning 1 >messages, 33216 bytes >May 7 15:02:22 smtp MailScanner[19448]: Spam Checks: Starting >May 7 15:02:22 smtp MailScanner[19448]: Virus and Content Scanning: >Starting >May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version >3.11=3.11 >May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version >2003=2003 >May 7 15:02:22 smtp last message repeated 2 times >May 7 15:02:22 smtp MailScanner[19448]: >./h47D2Ltq019476/joke.ex_^Iinfection: W32/Hybris.worm.B >May 7 15:02:22 smtp MailScanner[19448]: Uninfected: Delivered 1 >messages > >/ Carl > > >-----Original Message----- > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >Behalf Of Julian Field > >Sent: Wednesday, May 07, 2003 14:48 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Problems with F-secure and MS > > > > > >In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will find > >a function ProcessFSecureOutput. In there, just after a "Lose > >header" > >comment, they will be a line commented out that logs the version > >number. Please remove the # from the start of that line, then > >restart MailScanner and run an infected message through it. What did > >it log? > > > >At 13:31 07/05/2003, you wrote: > >> > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>I found this in the maillog: > >> > >>May 7 11:47:38 smtp MailScanner[5306]: > >>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B > >>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1 > >>messages > >> > >>WHAT! It says it is uninfected and delivers as ususal, but has > >>found an infection? > >> > >>Im confused to what might be the problem here... > >> > >>/ Carl > >> > >> >-----Original Message----- > >> >From: MailScanner mailing list > >> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Carl Boberg > >> >Sent: Wednesday, May 07, 2003 14:05 > >> >To: MAILSCANNER@JISCMAIL.AC.UK > >> >Subject: Problems with F-secure and MS > >> > > >> > > >> > > >> >-----BEGIN PGP SIGNED MESSAGE----- > >> >Hash: SHA1 > >> > > >> >Hi, > >> >I have recently noticed that my f-secure ver. 4.15 on linux is > >> >not working with MS > >> >anymore... It isnt scanning viruses. I have tested it with eicar > >> >and a real virus. > >> >Nothing happens! It just passes through. > >> > > >> >It has been working quite well. I think it might have stopped > >> >when i uppgraded to > >> >the MS version before last, 4.15 something... I have now > >> >uppgraded to 4.20 but still > >> >no function. > >> > > >> >I have checked the config and cant see anything strange. I > >> >checked the wrapper script > >> >and commented out the check for f-secure 4.50. I tested the > >> >wrapper-script: > >> > > >> >./f-secure-wrapper virus.file > >> > > >> >and that works. But it doesnt work when I send email through > >> >MS... > >> > > >> >Any idea what this might bee? I am now running latest sophos beta > >> >AND f-secure, in that > >> >order. Headers in mail with virus says: > >> > > >> >X-MailScanner: Found to be infected, Found to be clean > >> > > >> >Would really appreciate som help on this one :-) > >> > > >> >Best regards > >> >- --------------------------------- > >> >Carl Boberg > >> >System & Network Administrator > >> >Dept. of Information Technology > >> >Swedish Museum of Natural History > >> >Frescativ. 40 > >> >104 05 Stockholm > >> >carl.boberg@nrm.se > >> >Phone: 08-519 551 16 > >> >Mobile: 0701-82 40 55 > >> >- --------------------------------- > >> > > >> >-----BEGIN PGP SIGNATURE----- > >> >Version: PGPfreeware 7.0.3 for non-commercial use > >> > > >> > > >> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15f > >> >Bk36uVPBg7cF9jgCEGKBRW/A > >> >=XJbq > >> >-----END PGP SIGNATURE----- > >> > >>-----BEGIN PGP SIGNATURE----- > >>Version: PGPfreeware 7.0.3 for non-commercial use > >> > >> > >>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU > >>Eu/Ybp4j0uofC5vq/yWwJnAO > >>=E1IX > >>-----END PGP SIGNATURE----- > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 7.0.3 for non-commercial use > >iQA/AwUBPrkERui5vtTaHS+IEQI1+wCgjBpAlCwh8Skzn1q/VUvOtsWprogAoO4E >vVf1HiDAritxlDdJ/OITC/uT >=2a9b >-----END PGP SIGNATURE----- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dot at DOTAT.AT Wed May 7 14:34:04 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:17:58 2006 Subject: f-prot autoupdate In-Reply-To: Message-ID: Brad White wrote: > >I've noticed a problem with the f-prot autoupdate script. For some >reason this script often takes forever to download the updates. I must >have poor connectivity to the f-prot servers. When the autoupdate >script is fired off and waiting, and waiting, and waiting...MailScanner >stops processing mail. Mail just piles up in /var/spool/mqueue.in. As >soon as I kill the autoupdate script mail starts being processed again. My version of the McAfee autoupdate script has a staging mechanism so that the data files can be downloaded and tested without affecting the live setup -- it doesn't require an interlock so connectivity problems to the FTP site won't stop email flowing. Perhaps you could use it as a basis for an improved f-prot script. Tony. -- f.a.n.finch http://dotat.at/ WHITBY TO THE WASH: SOUTHWEST OR WEST 4, BACKING SOUTH 5 OR 6, VEERING SOUTHWEST LATER. FAIR, THEN RAIN FOR A TIME. MODERATE OR GOOD. SLIGHT OR MODERATE. From dene at DATATECHIE.COM Wed May 7 14:41:46 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:58 2006 Subject: when is Bayes scoring used? In-Reply-To: <5.2.0.9.2.20030507134952.048a02b8@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20030507082145.02a69b20@192.168.1.112> <5.1.0.14.2.20030506143409.03242570@192.168.1.112> <5.1.0.14.2.20030506141348.00ba61e0@192.168.1.112> Message-ID: <5.1.0.14.2.20030507093835.00bcfe38@192.168.1.112> Julian- there was a message that I sent yesterday (clipped it out of last email to list) that showed the complete output of the command "sa-learn -D --rebuild". That's how I know the system says there are "Only 87 spam(s) in Bayes_db < 200". I cannot figure out why the learn.spam.log is always counting "learned from" messages but it is not increasing the number when I run the "sa-learn -D --rebuild". Any ideas? Dene At 01:50 PM 5/7/2003 +0100, you wrote: >At 13:32 07/05/2003, you wrote: >>OK - this is really getting a little confusing... >> >>I checked my "learn.spam.log" this morning and a found the following entries: >> >>Wed May 7 00:01:01 EDT 2003 >>Learned from 4 messages. >>Learned from 1 messages. >>Wed May 7 01:01:01 EDT 2003 >> >>The problem is that when I run sa-learn -D --rebuild I still get the >>message that says: >>Only 87 spam(s) in Bayes_db < 200 >>(it should be AT LEAST the 87 form yesterday plus the ones listed above - >>right?) >> >>Can anyone tell me how to fix this? The Bayes files on /root/.spamassassin >>are all being updated multiple times per day so I know it is working, >>unless of course the sa-learn command is reading Bayes info from another >>directory that really DOES only have 87 spam(s). >> >>Is there a way to run sa-learn and have it tell you the path that it is >>reading the Bayes info from? > >Have you tried > sa-learn -D >? I just ran "sa-learn" on its own and it prints the usage for you. > > >>Thank for any assistance. >> >>Dene >> >>At 02:38 PM 5/6/2003 -0400, you wrote: >>>something else to add... >>> >>>According the script that Julian provided to run sa-learn through cron, >>>my log is called "learn.spam.log" >>> >>>When I checked that file - I added up all of the "learned form XX >>>messages" and the total number was 447. >>> >>>Is the "learned from" referring to spam and ham? Is it possible that I >>>have 87 spam and the rest of them a ham? I thought I was pretty sure that >>>more spam was getting processed than ham - but I could be wrong. >>> >>>Can anyone shed a little light? >>> >>>Dene > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Wed May 7 14:48:12 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:17:59 2006 Subject: when is Bayes scoring used? Message-ID: <67D9E7698329D411936E00508B6590B9027738A3@neelix.lbsltd.co.uk> Dene, How about trying this: 'sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild' Does this show anything different? Also, have you set 'bayes_path' in any of the prefs files? Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. > ---------- > From: Dene Ulmschneider > Reply To: MailScanner mailing list > Sent: Wednesday, May 7, 2003 2:41 PM > To: MAILSCANNER@jiscmail.ac.uk > Subject: Re: when is Bayes scoring used? > > Julian- > > there was a message that I sent yesterday (clipped it out of last email to > list) that showed the complete output of the command "sa-learn -D > --rebuild". That's how I know the system says there are "Only 87 spam(s) > in > Bayes_db < 200". > > I cannot figure out why the learn.spam.log is always counting "learned > from" messages but it is not increasing the number when I run the > "sa-learn > -D --rebuild". > > Any ideas? > > Dene > > > At 01:50 PM 5/7/2003 +0100, you wrote: > >At 13:32 07/05/2003, you wrote: > >>OK - this is really getting a little confusing... > >> > >>I checked my "learn.spam.log" this morning and a found the following > entries: > >> > >>Wed May 7 00:01:01 EDT 2003 > >>Learned from 4 messages. > >>Learned from 1 messages. > >>Wed May 7 01:01:01 EDT 2003 > >> > >>The problem is that when I run sa-learn -D --rebuild I still get the > >>message that says: > >>Only 87 spam(s) in Bayes_db < 200 > >>(it should be AT LEAST the 87 form yesterday plus the ones listed above > - > >>right?) > >> > >>Can anyone tell me how to fix this? The Bayes files on > /root/.spamassassin > >>are all being updated multiple times per day so I know it is working, > >>unless of course the sa-learn command is reading Bayes info from another > >>directory that really DOES only have 87 spam(s). > >> > >>Is there a way to run sa-learn and have it tell you the path that it is > >>reading the Bayes info from? > > > >Have you tried > > sa-learn -D > >? I just ran "sa-learn" on its own and it prints the usage for you. > > > > > >>Thank for any assistance. > >> > >>Dene > >> > >>At 02:38 PM 5/6/2003 -0400, you wrote: > >>>something else to add... > >>> > >>>According the script that Julian provided to run sa-learn through cron, > >>>my log is called "learn.spam.log" > >>> > >>>When I checked that file - I added up all of the "learned form XX > >>>messages" and the total number was 447. > >>> > >>>Is the "learned from" referring to spam and ham? Is it possible that I > >>>have 87 spam and the rest of them a ham? I thought I was pretty sure > that > >>>more spam was getting processed than ham - but I could be wrong. > >>> > >>>Can anyone shed a little light? > >>> > >>>Dene > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.lbsltd.co.uk ********************************************************************** From dot at DOTAT.AT Wed May 7 14:42:20 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:17:59 2006 Subject: MS hangs, unkillable process In-Reply-To: Message-ID: "Desai, Jason" wrote: > >I've found (at least with syslog-ng on Debian) that I need to restart >MailScanner when I rotate my syslogs. Otherwise MailScanner does not log >again until it restarts. This is either a bug in perl's Sys::Syslog or in syslog-ng or both. The code in libc re-connects to the logging socket if an attempt to log fails, but the perl version doesn't. Standard syslogd doesn't close the logging socket when it re-initializes; I guess that this isn't true for syslog-ng. Tony. -- f.a.n.finch http://dotat.at/ VIKING NORTH UTSIRE SOUTH UTSIRE: SOUTHWESTERLY BACKING SOUTHEASTERLY FOR A TIME 4 OR 5, INCREASING 5 TO 7, PERHAPS GALE 8 LATER. RAIN OR SHOWERS. MODERATE OR GOOD. From ryanb at AACRAO.ORG Wed May 7 14:52:16 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:17:59 2006 Subject: bayes ignore {spam} tag in subject line Message-ID: Thanks to all for the suggestions! Ryan -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, May 07, 2003 3:51 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes ignore {spam} tag in subject line At 21:26 06/05/2003, you wrote: > > -----Original Message----- > > From: mikea [mailto:mikea@MIKEA.ATH.CX] > > Sent: Tuesday, May 06, 2003 2:53 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: bayes ignore {spam} tag in subject line > > > > > > On Tue, May 06, 2003 at 03:49:18PM -0400, Bingham, Ryan wrote: > > > I apologize if this is a dumb question but I haven't been > > able to find > > > the answer anywhere. Is there a way to get Bayes to ignore > > the {spam} > > > tag in the Subject line (without ignoring the entire Subject line)? > > > Alternatively, is there an easy way to remove/replace a text string > > > i.e. {spam} from all the messages in an mbox file? > > > > > > I'd like to have Bayes learn messages in my low scoring > > spam mailbox > > > after I've cleaned out the false positives. > > > > Well, certainly you can use an editor on the mailbox to do > > the vim[1] equivalent of > > > > :1,999999 s/^Subject: {spam}/Subject: / > > >I only just saw this message and havn't been tracing this thread, but this >can be done easier on the command line with sed. Not to discount vi but if >this needs done on mass scale, vi won't work the greatest :o) > >Cat mailbox | sed -e "s/^Subject: {spam}/Subject:/" >> mailbox.tmp; mv >mailbox.tmp mailbox A neater way might be perl -pi -e 's/^(Subject: )\{spam\}/$1/;' mailbox-file >To do on many mailboxes in a directory: >For each in *; do at $each | sed -e "s/^Subject: {spam}/Subject:/" >> >$each.tmp; mv $each.tmp $each; done; > >(capitalization is done by outlook, not by me, don't capitalize anything on >the unix shell > > >Sorry if this is way off track of conversation, but noticed this piece and >figured I'd offer to help ease some pain. > >-Randy > > > > > > > where the line numbers are dependent on the size of the > > mailbox. I think it would be safer to work on a _copy_ of the > > mailbox, rather than on the original, unless it's not needed > > in a pristine state for archival or other purposes. > > > > [1] emacs users will have their own incantation, and will wave a > > totally different object as they chant. > > > > -- > > Mike Andrews > > mikea@mikea.ath.cx > > Tired old sysadmin since 1964 > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 14:59:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning In-Reply-To: References: <5.2.0.9.2.20030507075458.04930f00@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030507075458.04930f00@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030507145903.05492008@imap.ecs.soton.ac.uk> At 14:57 07/05/2003, you wrote: >On Wed, 7 May 2003, Julian Field wrote: > > > Date: Wed, 7 May 2003 07:59:53 +0100 > > From: Julian Field > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: my mail server is drowning > > > > Try > > 1) switch off bayes support in SpamAssassin > >an ugly choice... > > > 2) reduce number of children to 2 > >this make things worse, email stacks up faster... > > > 3) temporarily try f-prot instead of sophossavi > > 4) get rid of your auto-whitelist completely > >How? Isn't is by default on in MS? I don't find the switch/setting... SpamAssassin Auto Whitelist = no in MailScanner.conf. > > If you are doing lots of paging, then memory is surely your problem, not > > CPU. Context switching on SPARC architectures is quite an expensive > > operation, so if it is spending 30% of its CPU doing nothing other than > > context-switching, you have already lost most of 1 CPU. You need to get the > > paging figure down. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dene at DATATECHIE.COM Wed May 7 15:06:53 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:59 2006 Subject: when is Bayes scoring used? In-Reply-To: <67D9E7698329D411936E00508B6590B9027738A3@neelix.lbsltd.co. uk> Message-ID: <5.1.0.14.2.20030507100115.02b3a598@192.168.1.112> When I tried that - the output returned some errors about not being able to parse some whitelist_from and blacklist_from so I commented them out since I have the white and black lists in separate files anyway. Other than that - the output was identical. As far as the bayes_path - I would think that it is set correctly (even though I did not specify in any file anywhere) because when MS is scanning messages - I can see the lock file created and deleted. Also, all of the relevant Bayes files are being modified many times every day. If you feel that specifying the bayes_path will help - I will try it - but the spam.assassin.prefs.conf says that you only need to do that if you move it from the default location... thanks Dene At 02:48 PM 5/7/2003 +0100, you wrote: >Dene, > >How about trying this: > >'sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild' > >Does this show anything different? Also, have you set 'bayes_path' in any of >the prefs files? > >Kind regards, >Steve >-- >Steve Freegard >Systems Manager >Littlehampton Book Services Ltd. > > > ---------- > > From: Dene Ulmschneider > > Reply To: MailScanner mailing list > > Sent: Wednesday, May 7, 2003 2:41 PM > > To: MAILSCANNER@jiscmail.ac.uk > > Subject: Re: when is Bayes scoring used? > > > > Julian- > > > > there was a message that I sent yesterday (clipped it out of last email to > > list) that showed the complete output of the command "sa-learn -D > > --rebuild". That's how I know the system says there are "Only 87 spam(s) > > in > > Bayes_db < 200". > > > > I cannot figure out why the learn.spam.log is always counting "learned > > from" messages but it is not increasing the number when I run the > > "sa-learn > > -D --rebuild". > > > > Any ideas? > > > > Dene > > > > > > At 01:50 PM 5/7/2003 +0100, you wrote: > > >At 13:32 07/05/2003, you wrote: > > >>OK - this is really getting a little confusing... > > >> > > >>I checked my "learn.spam.log" this morning and a found the following > > entries: > > >> > > >>Wed May 7 00:01:01 EDT 2003 > > >>Learned from 4 messages. > > >>Learned from 1 messages. > > >>Wed May 7 01:01:01 EDT 2003 > > >> > > >>The problem is that when I run sa-learn -D --rebuild I still get the > > >>message that says: > > >>Only 87 spam(s) in Bayes_db < 200 > > >>(it should be AT LEAST the 87 form yesterday plus the ones listed above > > - > > >>right?) > > >> > > >>Can anyone tell me how to fix this? The Bayes files on > > /root/.spamassassin > > >>are all being updated multiple times per day so I know it is working, > > >>unless of course the sa-learn command is reading Bayes info from another > > >>directory that really DOES only have 87 spam(s). > > >> > > >>Is there a way to run sa-learn and have it tell you the path that it is > > >>reading the Bayes info from? > > > > > >Have you tried > > > sa-learn -D > > >? I just ran "sa-learn" on its own and it prints the usage for you. > > > > > > > > >>Thank for any assistance. > > >> > > >>Dene > > >> > > >>At 02:38 PM 5/6/2003 -0400, you wrote: > > >>>something else to add... > > >>> > > >>>According the script that Julian provided to run sa-learn through cron, > > >>>my log is called "learn.spam.log" > > >>> > > >>>When I checked that file - I added up all of the "learned form XX > > >>>messages" and the total number was 447. > > >>> > > >>>Is the "learned from" referring to spam and ham? Is it possible that I > > >>>have 87 spam and the rest of them a ham? I thought I was pretty sure > > that > > >>>more spam was getting processed than ham - but I could be wrong. > > >>> > > >>>Can anyone shed a little light? > > >>> > > >>>Dene > > > > > >-- > > >Julian Field > > >www.MailScanner.info > > >MailScanner thanks transtec Computers for their support > > > > > > >********************************************************************** >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote also confirms that this email message has been swept by >MIMEsweeper for the presence of computer viruses. > >www.lbsltd.co.uk >********************************************************************** > >-- >This message has been scanned for viruses and dangerous >content by Data Techie, and is believed to be clean. >Data Techie... always there to protect you! >http://www.datatechie.com Thank You Dene Ulmschneider Data Techie Inc. ------------------------------------------------------------------------- office: 718.738.8859 cell: 646.996.2976 email: dene@datatechie.com pager mail: denenow@datatechie.com website: www.datatechie.com ------------------------------------------------------------------------- "Life is too short...-...you should have dessert first" From carl.boberg at NRM.SE Wed May 7 15:38:48 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:17:59 2006 Subject: Problems with F-secure and MS In-Reply-To: <5.2.0.9.2.20030507142236.048aec20@imap.ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks! It seems to be working now. What was this problem and how did it arise? May 7 16:36:55 smtp MailScanner[23677]: New Batch: Scanning 1 messages, 33216 bytes May 7 16:36:55 smtp MailScanner[23677]: Spam Checks: Starting May 7 16:36:56 smtp MailScanner[23677]: Virus and Content Scanning: Starting May 7 16:36:56 smtp MailScanner[23677]: ./h47Eat2r023690/joke.ex_^Iinfection: W32/Hybris.worm.B May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure found virus W32/Hybris.worm.B May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure found 1 infections May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: Found 1 viruses May 7 16:36:56 smtp MailScanner[23677]: Saved infected "joke.ex_" to /var/spool/MailScanner/quarantine/20030507/h47Eat2r023690 May 7 16:36:56 smtp MailScanner[23677]: Cleaned: Delivered 1 cleaned messages / carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Wednesday, May 07, 2003 15:23 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Problems with F-secure and MS > > >Please apply this patch to SweepViruses.pm and try it again for me: > >--- SweepViruses.pm 2003-05-03 11:10:03.000000000 +0100 >+++ SweepViruses.pm.new 2003-05-07 14:23:13.000000000 +0100 >@@ -1190,7 +1190,8 @@ > #system("echo -n '$line' | od -c"); > > # Lose header >- if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i) { >+ if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i && >+ !$fsecure_Version) { > $fsecure_Version = $1 + 0.0; > #MailScanner::Log::InfoLog("Found F-Secure version >$1=$fsecure_Version\n"); > return 0; > > >At 14:04 07/05/2003, you wrote: >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Are theese sufficient? >> >>May 7 15:02:22 smtp MailScanner[19448]: New Batch: Scanning 1 >>messages, 33216 bytes >>May 7 15:02:22 smtp MailScanner[19448]: Spam Checks: Starting >>May 7 15:02:22 smtp MailScanner[19448]: Virus and Content >>Scanning: Starting >>May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version >>3.11=3.11 >>May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version >>2003=2003 >>May 7 15:02:22 smtp last message repeated 2 times >>May 7 15:02:22 smtp MailScanner[19448]: >>./h47D2Ltq019476/joke.ex_^Iinfection: W32/Hybris.worm.B >>May 7 15:02:22 smtp MailScanner[19448]: Uninfected: Delivered 1 >>messages >> >>/ Carl >> >> >-----Original Message----- >> >From: MailScanner mailing list >> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field >> >Sent: Wednesday, May 07, 2003 14:48 >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >Subject: Re: Problems with F-secure and MS >> > >> > >> >In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will >> >find a function ProcessFSecureOutput. In there, just after a >> >"Lose >> >header" >> >comment, they will be a line commented out that logs the version >> >number. Please remove the # from the start of that line, then >> >restart MailScanner and run an infected message through it. What >> >did it log? >> > >> >At 13:31 07/05/2003, you wrote: >> >> >> >>-----BEGIN PGP SIGNED MESSAGE----- >> >>Hash: SHA1 >> >> >> >>I found this in the maillog: >> >> >> >>May 7 11:47:38 smtp MailScanner[5306]: >> >>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B >> >>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1 >> >>messages >> >> >> >>WHAT! It says it is uninfected and delivers as ususal, but has >> >>found an infection? >> >> >> >>Im confused to what might be the problem here... >> >> >> >>/ Carl >> >> >> >> >-----Original Message----- >> >> >From: MailScanner mailing list >> >> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Carl Boberg >> >> >Sent: Wednesday, May 07, 2003 14:05 >> >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >> >Subject: Problems with F-secure and MS >> >> > >> >> > >> >> > >> >> >-----BEGIN PGP SIGNED MESSAGE----- >> >> >Hash: SHA1 >> >> > >> >> >Hi, >> >> >I have recently noticed that my f-secure ver. 4.15 on linux is >> >> >not working with MS >> >> >anymore... It isnt scanning viruses. I have tested it with >> >> >eicar and a real virus. >> >> >Nothing happens! It just passes through. >> >> > >> >> >It has been working quite well. I think it might have stopped >> >> >when i uppgraded to >> >> >the MS version before last, 4.15 something... I have now >> >> >uppgraded to 4.20 but still >> >> >no function. >> >> > >> >> >I have checked the config and cant see anything strange. I >> >> >checked the wrapper script >> >> >and commented out the check for f-secure 4.50. I tested the >> >> >wrapper-script: >> >> > >> >> >./f-secure-wrapper virus.file >> >> > >> >> >and that works. But it doesnt work when I send email through >> >> >MS... >> >> > >> >> >Any idea what this might bee? I am now running latest sophos >> >> >beta AND f-secure, in that >> >> >order. Headers in mail with virus says: >> >> > >> >> >X-MailScanner: Found to be infected, Found to be clean >> >> > >> >> >Would really appreciate som help on this one :-) >> >> > >> >> >Best regards >> >> >- --------------------------------- >> >> >Carl Boberg >> >> >System & Network Administrator >> >> >Dept. of Information Technology >> >> >Swedish Museum of Natural History >> >> >Frescativ. 40 >> >> >104 05 Stockholm >> >> >carl.boberg@nrm.se >> >> >Phone: 08-519 551 16 >> >> >Mobile: 0701-82 40 55 >> >> >- --------------------------------- >> >> > >> >> >-----BEGIN PGP SIGNATURE----- >> >> >Version: PGPfreeware 7.0.3 for non-commercial use >> >> > >> >> > >> >> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15 >> >> >f Bk36uVPBg7cF9jgCEGKBRW/A >> >> >=XJbq >> >> >-----END PGP SIGNATURE----- >> >> >> >>-----BEGIN PGP SIGNATURE----- >> >>Version: PGPfreeware 7.0.3 for non-commercial use >> >> >> >> >> >>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU >> >>Eu/Ybp4j0uofC5vq/yWwJnAO >> >>=E1IX >> >>-----END PGP SIGNATURE----- >> > >> >-- >> >Julian Field >> >www.MailScanner.info >> >MailScanner thanks transtec Computers for their support >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGPfreeware 7.0.3 for non-commercial use >> >> >>iQA/AwUBPrkERui5vtTaHS+IEQI1+wCgjBpAlCwh8Skzn1q/VUvOtsWprogAoO4E >>vVf1HiDAritxlDdJ/OITC/uT >>=2a9b >>-----END PGP SIGNATURE----- > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPrkac+i5vtTaHS+IEQLSlwCfd2ug16Y0/p65I3P9HiFT5lrp9+AAoNv3 eyajp/3NzpWHrKMaeCm9kQAM =b6hk -----END PGP SIGNATURE----- From jase at SENSIS.COM Wed May 7 15:43:17 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:17:59 2006 Subject: when is Bayes scoring used? Message-ID: Maybe you have different versions of SpamAssassin installed? One version using the files with .db and the end and the other without? Did you upgrade SpamAssassin on 3/28? If you have multiple versions (or older remnants of versions) of SpamAssassin, you could try uninstalling it. Then make sure it is uninstalled, and tools like sa-learn are not still around. Then reinstall and see if that help. Jason > -----Original Message----- > From: Dene Ulmschneider [mailto:dene@DATATECHIE.COM] > Sent: Wednesday, May 07, 2003 10:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] when is Bayes scoring used? > > > When I tried that - the output returned some errors about not > being able to > parse some whitelist_from and blacklist_from so I commented > them out since > I have the white and black lists in separate files anyway. > Other than that > - the output was identical. > > As far as the bayes_path - I would think that it is set > correctly (even > though I did not specify in any file anywhere) because when > MS is scanning > messages - I can see the lock file created and deleted. Also, > all of the > relevant Bayes files are being modified many times every day. > > If you feel that specifying the bayes_path will help - I will > try it - but > the spam.assassin.prefs.conf says that you only need to do > that if you move > it from the default location... > > thanks > > Dene > > At 02:48 PM 5/7/2003 +0100, you wrote: > >Dene, > > > >How about trying this: > > > >'sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild' > > > >Does this show anything different? Also, have you set > 'bayes_path' in any of > >the prefs files? > > > >Kind regards, > >Steve > >-- > >Steve Freegard > >Systems Manager > >Littlehampton Book Services Ltd. > > > > > ---------- > > > From: Dene Ulmschneider > > > Reply To: MailScanner mailing list > > > Sent: Wednesday, May 7, 2003 2:41 PM > > > To: MAILSCANNER@jiscmail.ac.uk > > > Subject: Re: when is Bayes scoring used? > > > > > > Julian- > > > > > > there was a message that I sent yesterday (clipped it out > of last email to > > > list) that showed the complete output of the command "sa-learn -D > > > --rebuild". That's how I know the system says there are > "Only 87 spam(s) > > > in > > > Bayes_db < 200". > > > > > > I cannot figure out why the learn.spam.log is always > counting "learned > > > from" messages but it is not increasing the number when I run the > > > "sa-learn > > > -D --rebuild". > > > > > > Any ideas? > > > > > > Dene > > > > > > > > > At 01:50 PM 5/7/2003 +0100, you wrote: > > > >At 13:32 07/05/2003, you wrote: > > > >>OK - this is really getting a little confusing... > > > >> > > > >>I checked my "learn.spam.log" this morning and a found > the following > > > entries: > > > >> > > > >>Wed May 7 00:01:01 EDT 2003 > > > >>Learned from 4 messages. > > > >>Learned from 1 messages. > > > >>Wed May 7 01:01:01 EDT 2003 > > > >> > > > >>The problem is that when I run sa-learn -D --rebuild I > still get the > > > >>message that says: > > > >>Only 87 spam(s) in Bayes_db < 200 > > > >>(it should be AT LEAST the 87 form yesterday plus the > ones listed above > > > - > > > >>right?) > > > >> > > > >>Can anyone tell me how to fix this? The Bayes files on > > > /root/.spamassassin > > > >>are all being updated multiple times per day so I know > it is working, > > > >>unless of course the sa-learn command is reading Bayes > info from another > > > >>directory that really DOES only have 87 spam(s). > > > >> > > > >>Is there a way to run sa-learn and have it tell you the > path that it is > > > >>reading the Bayes info from? > > > > > > > >Have you tried > > > > sa-learn -D > > > >? I just ran "sa-learn" on its own and it prints the > usage for you. > > > > > > > > > > > >>Thank for any assistance. > > > >> > > > >>Dene > > > >> > > > >>At 02:38 PM 5/6/2003 -0400, you wrote: > > > >>>something else to add... > > > >>> > > > >>>According the script that Julian provided to run > sa-learn through cron, > > > >>>my log is called "learn.spam.log" > > > >>> > > > >>>When I checked that file - I added up all of the > "learned form XX > > > >>>messages" and the total number was 447. > > > >>> > > > >>>Is the "learned from" referring to spam and ham? Is it > possible that I > > > >>>have 87 spam and the rest of them a ham? I thought I > was pretty sure > > > that > > > >>>more spam was getting processed than ham - but I could > be wrong. > > > >>> > > > >>>Can anyone shed a little light? > > > >>> > > > >>>Dene > > > > > > > >-- > > > >Julian Field > > > >www.MailScanner.info > > > >MailScanner thanks transtec Computers for their support > > > > > > > > > > > >************************************************************* > ********* > >This email and any files transmitted with it are confidential and > >intended solely for the use of the individual or entity to whom they > >are addressed. If you have received this email in error please notify > >the system manager. > > > >This footnote also confirms that this email message has been swept by > >MIMEsweeper for the presence of computer viruses. > > > >www.lbsltd.co.uk > >************************************************************* > ********* > > > >-- > >This message has been scanned for viruses and dangerous > >content by Data Techie, and is believed to be clean. > >Data Techie... always there to protect you! > >http://www.datatechie.com > > Thank You > > Dene Ulmschneider > Data Techie Inc. > -------------------------------------------------------------- > ----------- > office: 718.738.8859 > cell: 646.996.2976 > email: dene@datatechie.com > pager mail: denenow@datatechie.com > website: www.datatechie.com > -------------------------------------------------------------- > ----------- > "Life is too short...-...you should have dessert first" > From dot at DOTAT.AT Wed May 7 15:36:10 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning In-Reply-To: Message-ID: "Jeff A. Earickson" wrote: > >Any suggestions for tuning? Are you spamassassinating everything? You only really need to scan incoming messages. Tony. -- f.a.n.finch http://dotat.at/ CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: SOUTHWEST 5 OR 6, BECOMING CYCLONIC 7 OR GALE 8. SHOWERS, THEN RAIN FOR A TIME. MODERATE OR GOOD. MODERATE OR ROUGH. From carl.boberg at NRM.SE Wed May 7 15:47:41 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:17:59 2006 Subject: Problems with F-secure and MS In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Still, Im missing the postmaster notification mail? (In my config an alias called mailscanner who gets all virus/bad filename reports)... / Carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Carl Boberg >Sent: Wednesday, May 07, 2003 16:39 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Problems with F-secure and MS > > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Thanks! >It seems to be working now. What was this problem and how did it >arise? > >May 7 16:36:55 smtp MailScanner[23677]: New Batch: Scanning 1 >messages, 33216 bytes >May 7 16:36:55 smtp MailScanner[23677]: Spam Checks: Starting >May 7 16:36:56 smtp MailScanner[23677]: Virus and Content Scanning: >Starting >May 7 16:36:56 smtp MailScanner[23677]: >./h47Eat2r023690/joke.ex_^Iinfection: W32/Hybris.worm.B >May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure >found virus W32/Hybris.worm.B >May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure >found 1 infections >May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: Found 1 >viruses >May 7 16:36:56 smtp MailScanner[23677]: Saved infected "joke.ex_" >to /var/spool/MailScanner/quarantine/20030507/h47Eat2r023690 >May 7 16:36:56 smtp MailScanner[23677]: Cleaned: Delivered 1 >cleaned messages > >/ carl > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field >>Sent: Wednesday, May 07, 2003 15:23 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Problems with F-secure and MS >> >> >>Please apply this patch to SweepViruses.pm and try it again for me: >> >>--- SweepViruses.pm 2003-05-03 11:10:03.000000000 +0100 >>+++ SweepViruses.pm.new 2003-05-07 14:23:13.000000000 +0100 >>@@ -1190,7 +1190,8 @@ >> #system("echo -n '$line' | od -c"); >> >> # Lose header >>- if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i) { >>+ if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i && >>+ !$fsecure_Version) { >> $fsecure_Version = $1 + 0.0; >> #MailScanner::Log::InfoLog("Found F-Secure version >>$1=$fsecure_Version\n"); >> return 0; >> >> >>At 14:04 07/05/2003, you wrote: >>> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>Are theese sufficient? >>> >>>May 7 15:02:22 smtp MailScanner[19448]: New Batch: Scanning 1 >>>messages, 33216 bytes >>>May 7 15:02:22 smtp MailScanner[19448]: Spam Checks: Starting >>>May 7 15:02:22 smtp MailScanner[19448]: Virus and Content >>>Scanning: Starting >>>May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version >>>3.11=3.11 >>>May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version >>>2003=2003 >>>May 7 15:02:22 smtp last message repeated 2 times >>>May 7 15:02:22 smtp MailScanner[19448]: >>>./h47D2Ltq019476/joke.ex_^Iinfection: W32/Hybris.worm.B >>>May 7 15:02:22 smtp MailScanner[19448]: Uninfected: Delivered 1 >>>messages >>> >>>/ Carl >>> >>> >-----Original Message----- >>> >From: MailScanner mailing list >>> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field >>> >Sent: Wednesday, May 07, 2003 14:48 >>> >To: MAILSCANNER@JISCMAIL.AC.UK >>> >Subject: Re: Problems with F-secure and MS >>> > >>> > >>> >In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will >>> >find a function ProcessFSecureOutput. In there, just after a >>> >"Lose >>> >header" >>> >comment, they will be a line commented out that logs the version >>> >number. Please remove the # from the start of that line, then >>> >restart MailScanner and run an infected message through it. What >>> >did it log? >>> > >>> >At 13:31 07/05/2003, you wrote: >>> >> >>> >>-----BEGIN PGP SIGNED MESSAGE----- >>> >>Hash: SHA1 >>> >> >>> >>I found this in the maillog: >>> >> >>> >>May 7 11:47:38 smtp MailScanner[5306]: >>> >>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B >>> >>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1 >>> >>messages >>> >> >>> >>WHAT! It says it is uninfected and delivers as ususal, but has >>> >>found an infection? >>> >> >>> >>Im confused to what might be the problem here... >>> >> >>> >>/ Carl >>> >> >>> >> >-----Original Message----- >>> >> >From: MailScanner mailing list >>> >> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Carl Boberg >>> >> >Sent: Wednesday, May 07, 2003 14:05 >>> >> >To: MAILSCANNER@JISCMAIL.AC.UK >>> >> >Subject: Problems with F-secure and MS >>> >> > >>> >> > >>> >> > >>> >> >-----BEGIN PGP SIGNED MESSAGE----- >>> >> >Hash: SHA1 >>> >> > >>> >> >Hi, >>> >> >I have recently noticed that my f-secure ver. 4.15 on linux >>> >> >is not working with MS >>> >> >anymore... It isnt scanning viruses. I have tested it with >>> >> >eicar and a real virus. >>> >> >Nothing happens! It just passes through. >>> >> > >>> >> >It has been working quite well. I think it might have stopped >>> >> >when i uppgraded to >>> >> >the MS version before last, 4.15 something... I have now >>> >> >uppgraded to 4.20 but still >>> >> >no function. >>> >> > >>> >> >I have checked the config and cant see anything strange. I >>> >> >checked the wrapper script >>> >> >and commented out the check for f-secure 4.50. I tested the >>> >> >wrapper-script: >>> >> > >>> >> >./f-secure-wrapper virus.file >>> >> > >>> >> >and that works. But it doesnt work when I send email through >>> >> >MS... >>> >> > >>> >> >Any idea what this might bee? I am now running latest sophos >>> >> >beta AND f-secure, in that >>> >> >order. Headers in mail with virus says: >>> >> > >>> >> >X-MailScanner: Found to be infected, Found to be clean >>> >> > >>> >> >Would really appreciate som help on this one :-) >>> >> > >>> >> >Best regards >>> >> >- --------------------------------- >>> >> >Carl Boberg >>> >> >System & Network Administrator >>> >> >Dept. of Information Technology >>> >> >Swedish Museum of Natural History >>> >> >Frescativ. 40 >>> >> >104 05 Stockholm >>> >> >carl.boberg@nrm.se >>> >> >Phone: 08-519 551 16 >>> >> >Mobile: 0701-82 40 55 >>> >> >- --------------------------------- >>> >> > >>> >> >-----BEGIN PGP SIGNATURE----- >>> >> >Version: PGPfreeware 7.0.3 for non-commercial use >>> >> > >>> >> > >>> >> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn1 >>> >> >5 f Bk36uVPBg7cF9jgCEGKBRW/A >>> >> >=XJbq >>> >> >-----END PGP SIGNATURE----- >>> >> >>> >>-----BEGIN PGP SIGNATURE----- >>> >>Version: PGPfreeware 7.0.3 for non-commercial use >>> >> >>> >> >>> >>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU >>> >>Eu/Ybp4j0uofC5vq/yWwJnAO >>> >>=E1IX >>> >>-----END PGP SIGNATURE----- >>> > >>> >-- >>> >Julian Field >>> >www.MailScanner.info >>> >MailScanner thanks transtec Computers for their support >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGPfreeware 7.0.3 for non-commercial use >>> >>> >>>iQA/AwUBPrkERui5vtTaHS+IEQI1+wCgjBpAlCwh8Skzn1q/VUvOtsWprogAoO4E >>>vVf1HiDAritxlDdJ/OITC/uT >>>=2a9b >>>-----END PGP SIGNATURE----- >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 7.0.3 for non-commercial use > > >iQA/AwUBPrkac+i5vtTaHS+IEQLSlwCfd2ug16Y0/p65I3P9HiFT5lrp9+AAoNv3 >eyajp/3NzpWHrKMaeCm9kQAM >=b6hk >-----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPrkciOi5vtTaHS+IEQIpAQCgshpzjR+P/W1akNIEH8FY37IZtBAAnizS qadHf+1Xb3D/NJunPm8UN/qk =XJXM -----END PGP SIGNATURE----- From Kevin.Spicer at BMRB.CO.UK Wed May 7 15:54:24 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD82@pascal.priv.bmrb.co.uk> > Are you spamassassinating everything? Thats a great word!! On a (sort-of) similar vein, are you using RBL's in MailScanner/SpamAssassin/Sendmail? If you're bouncing / deleting spam on the basis of RBL's you might be able to reduce the amount of mail going through your server by getting sendmail to do the RBL checks. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From smhickel at CHARTERMI.NET Wed May 7 15:57:33 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:17:59 2006 Subject: SpamAssassin Timeout In-Reply-To: Message-ID: All, Seems like my SpamAssassin works on a fresh boot of linux, or when the service MailScanner restart is applied but after a bit (few minutes) I get an error that it has timed out. Any thoughts or suggestions? Thanks, Steve Hickel From raymond at PROLOCATION.NET Wed May 7 15:59:29 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:59 2006 Subject: SpamAssassin Timeout In-Reply-To: Message-ID: Hi! > Seems like my SpamAssassin works on a fresh boot of linux, or when the > service MailScanner restart is applied but after a bit (few minutes) I get > an error that it has timed out. Any thoughts or suggestions? Please paste the error. Bye, Raymond. From jaearick at COLBY.EDU Wed May 7 16:03:38 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning In-Reply-To: References: Message-ID: Hi, My spam.whitelist.rules look like: # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. From: 137.146. yes FromTo: default no To: spam@* yes To: abuse@colby.edu yes To: postmaster@colby.edu yes To: career-services yes FromTo: owner-victoria@LISTSERV.INDIANA.EDU yes FromTo: dglusker@pivot.net yes FromTo: lists.worldbank.org yes FromTo: alum.colby.edu yes where the IP numbers for my domain are 137.146.x.x. As I understand it, this whitelists everything outbound from 137.146.x.x, but not inbound. So spamassassin does its thing on everything inbound except the few additions further down the list. Right??? BTW, I turned off auto-whitelist (per Julian's suggestion) and things are holding together a little better today. MailScanner still has a big memory footprint (36 M). I reduced the number of children from 6 to 4, still a lot of memory page activity. --- Jeff Earickson On Wed, 7 May 2003, Tony Finch wrote: > Date: Wed, 7 May 2003 15:36:10 +0100 > From: Tony Finch > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: my mail server is drowning > > "Jeff A. Earickson" wrote: > > > >Any suggestions for tuning? > > Are you spamassassinating everything? You only really need to scan > incoming messages. > > Tony. > -- > f.a.n.finch http://dotat.at/ > CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: SOUTHWEST 5 OR 6, BECOMING > CYCLONIC 7 OR GALE 8. SHOWERS, THEN RAIN FOR A TIME. MODERATE OR GOOD. > MODERATE OR ROUGH. > From smhickel at CHARTERMI.NET Wed May 7 16:07:50 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:17:59 2006 Subject: SpamAssassin Timeout Message-ID: <200305071507.h47F7oO04346@chartermi.net> Raymond Dijkxhoorn wrote .. > Hi! > > > Seems like my SpamAssassin works on a fresh boot of linux, or when the > > service MailScanner restart is applied but after a bit (few minutes) > I get > > an error that it has timed out. Any thoughts or suggestions? > > Please paste the error. > > Bye, > Raymond. Raymond, here is stuff from Maillog: Steve Cleaned: Delivered 1 cleaned messages May 7 10:53:18 mailscan - MailScanner Saved infected "msg-17928-5.html" to /var/spool/MailScanner/quarantine/20030507/h47Eplb5018193 May 7 10:53:17 mailscan - MailScanner Content Checks: Found 1 problems May 7 10:53:17 mailscan - MailScanner Content Checks: Detected Microsoft-specific exploits in h47Eplb5018193 May 7 10:53:17 mailscan - MailScanner Virus and Content Scanning: Starting May 7 10:53:12 mailscan - MailScanner SpamAssassin timed out and was killed, consecutive failure 1 of 20 May 7 10:52:42 mailscan - MailScanner New Batch: Scanning 1 messages, 9614 bytes May 7 10:52:41 mailscan - Msg h47Eplb5018193: to=mike@korehicom.com, delay=00:00:01, mailer=esmtp, pri=30185, stat=queued May 7 10:52:41 mailscan 9024 Msg h47Eplb5018193: from=out@bfiesta02.com, size=9024, class=0, nrcpts=1, msgid=200305071452.h47Eplb5018193@mailscan.korehicom.com, proto=ESMTP, daemon=MTA, relay=ip006.korehicom.com [216.109.198.30] (may be forged) May 7 10:52:23 mailscan - Msg h47Eq7b5018196: to=steve@korehicom.com, delay=00:00:16, xdelay=00:00:01, mailer=esmtp, pri=120434, relay=luna.korehicom.com. [192.168.1.23], dsn=2.0.0, stat=Sent ( 1052319571.3903@150.rb25ex.com Queued mail for delivery) May 7 10:52:22 mailscan - Msg Uninfected: Delivered 1 messages May 7 10:52:22 mailscan - MailScanner Virus and Content Scanning: Starting May 7 10:52:21 mailscan - Msg h47EqLnv018200: to=feelinggreat@savingssentinel.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30151, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] May 7 10:52:21 mailscan 985 Msg h47EqLnv018200: from=, size=985, class=0, nrcpts=1, msgid=200305071452.h47EqLnv018200@mailscan.korehicom.com, relay=root@localhost May 7 10:52:21 mailscan - MailScanner Spam Checks: Found 1 spam messages From mailscanner at ecs.soton.ac.uk Wed May 7 16:18:31 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: SpamAssassin Timeout In-Reply-To: <200305071507.h47F7oO04346@chartermi.net> Message-ID: <5.2.0.9.2.20030507161735.034a1db0@imap.ecs.soton.ac.uk> Try increasing the SA timeout from 30 seconds to 40 seconds (quite seriously). There are some 30 second timeouts internal to the SpamAssassin code. It is quite possible that one of the RBL's used by SpamAssassin appears to be dead for you. At 16:07 07/05/2003, you wrote: >Raymond Dijkxhoorn wrote .. > > Hi! > > > > > Seems like my SpamAssassin works on a fresh boot of linux, or when the > > > service MailScanner restart is applied but after a bit (few minutes) > > I get > > > an error that it has timed out. Any thoughts or suggestions? > > > > Please paste the error. > > > > Bye, > > Raymond. >Raymond, > >here is stuff from Maillog: > >Steve > >Cleaned: Delivered 1 cleaned messages >May 7 10:53:18 mailscan - MailScanner Saved infected "msg-17928-5.html" to >/var/spool/MailScanner/quarantine/20030507/h47Eplb5018193 >May 7 10:53:17 mailscan - MailScanner Content Checks: Found 1 problems >May 7 10:53:17 mailscan - MailScanner Content Checks: Detected >Microsoft-specific exploits in h47Eplb5018193 >May 7 10:53:17 mailscan - MailScanner Virus and Content Scanning: Starting >May 7 10:53:12 mailscan - MailScanner SpamAssassin timed out and was >killed, consecutive failure 1 of 20 >May 7 10:52:42 mailscan - MailScanner New Batch: Scanning 1 messages, 9614 >bytes >May 7 10:52:41 mailscan - Msg h47Eplb5018193: to=mike@korehicom.com, >delay=00:00:01, mailer=esmtp, pri=30185, stat=queued >May 7 10:52:41 mailscan 9024 Msg h47Eplb5018193: from=out@bfiesta02.com, >size=9024, class=0, nrcpts=1, >msgid=200305071452.h47Eplb5018193@mailscan.korehicom.com, proto=ESMTP, >daemon=MTA, relay=ip006.korehicom.com [216.109.198.30] (may be forged) >May 7 10:52:23 mailscan - Msg h47Eq7b5018196: to=steve@korehicom.com, >delay=00:00:16, xdelay=00:00:01, mailer=esmtp, pri=120434, >relay=luna.korehicom.com. [192.168.1.23], dsn=2.0.0, stat=Sent ( >1052319571.3903@150.rb25ex.com Queued mail for delivery) >May 7 10:52:22 mailscan - Msg Uninfected: Delivered 1 messages >May 7 10:52:22 mailscan - MailScanner Virus and Content Scanning: Starting >May 7 10:52:21 mailscan - Msg h47EqLnv018200: >to=feelinggreat@savingssentinel.com, delay=00:00:00, xdelay=00:00:00, >mailer=relay, pri=30151, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, >stat=Deferred: Connection refused by [127.0.0.1] >May 7 10:52:21 mailscan 985 Msg h47EqLnv018200: from=, size=985, class=0, >nrcpts=1, msgid=200305071452.h47EqLnv018200@mailscan.korehicom.com, >relay=root@localhost >May 7 10:52:21 mailscan - MailScanner Spam Checks: Found 1 spam messages -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 15:51:17 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: Problems with F-secure and MS In-Reply-To: References: <5.2.0.9.2.20030507142236.048aec20@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030507154630.0493e550@imap.ecs.soton.ac.uk> At 15:38 07/05/2003, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Thanks! >It seems to be working now. What was this problem and how did it >arise? It was a bug in my code for detecting whether you had version 4.50 installed or not. 4.50 has a completely different output from previous versions. >May 7 16:36:55 smtp MailScanner[23677]: New Batch: Scanning 1 >messages, 33216 bytes >May 7 16:36:55 smtp MailScanner[23677]: Spam Checks: Starting >May 7 16:36:56 smtp MailScanner[23677]: Virus and Content Scanning: >Starting >May 7 16:36:56 smtp MailScanner[23677]: >./h47Eat2r023690/joke.ex_^Iinfection: W32/Hybris.worm.B >May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure >found virus W32/Hybris.worm.B >May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure >found 1 infections >May 7 16:36:56 smtp MailScanner[23677]: Virus Scanning: Found 1 >viruses >May 7 16:36:56 smtp MailScanner[23677]: Saved infected "joke.ex_" to >/var/spool/MailScanner/quarantine/20030507/h47Eat2r023690 >May 7 16:36:56 smtp MailScanner[23677]: Cleaned: Delivered 1 cleaned >messages > >/ carl > > >-----Original Message----- > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >Behalf Of Julian Field > >Sent: Wednesday, May 07, 2003 15:23 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Problems with F-secure and MS > > > > > >Please apply this patch to SweepViruses.pm and try it again for me: > > > >--- SweepViruses.pm 2003-05-03 11:10:03.000000000 +0100 > >+++ SweepViruses.pm.new 2003-05-07 14:23:13.000000000 +0100 > >@@ -1190,7 +1190,8 @@ > > #system("echo -n '$line' | od -c"); > > > > # Lose header > >- if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i) { > >+ if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i && > >+ !$fsecure_Version) { > > $fsecure_Version = $1 + 0.0; > > #MailScanner::Log::InfoLog("Found F-Secure version > >$1=$fsecure_Version\n"); > > return 0; > > > > > >At 14:04 07/05/2003, you wrote: > >> > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>Are theese sufficient? > >> > >>May 7 15:02:22 smtp MailScanner[19448]: New Batch: Scanning 1 > >>messages, 33216 bytes > >>May 7 15:02:22 smtp MailScanner[19448]: Spam Checks: Starting > >>May 7 15:02:22 smtp MailScanner[19448]: Virus and Content > >>Scanning: Starting > >>May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version > >>3.11=3.11 > >>May 7 15:02:22 smtp MailScanner[19448]: Found F-Secure version > >>2003=2003 > >>May 7 15:02:22 smtp last message repeated 2 times > >>May 7 15:02:22 smtp MailScanner[19448]: > >>./h47D2Ltq019476/joke.ex_^Iinfection: W32/Hybris.worm.B > >>May 7 15:02:22 smtp MailScanner[19448]: Uninfected: Delivered 1 > >>messages > >> > >>/ Carl > >> > >> >-----Original Message----- > >> >From: MailScanner mailing list > >> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field > >> >Sent: Wednesday, May 07, 2003 14:48 > >> >To: MAILSCANNER@JISCMAIL.AC.UK > >> >Subject: Re: Problems with F-secure and MS > >> > > >> > > >> >In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will > >> >find a function ProcessFSecureOutput. In there, just after a > >> >"Lose > >> >header" > >> >comment, they will be a line commented out that logs the version > >> >number. Please remove the # from the start of that line, then > >> >restart MailScanner and run an infected message through it. What > >> >did it log? > >> > > >> >At 13:31 07/05/2003, you wrote: > >> >> > >> >>-----BEGIN PGP SIGNED MESSAGE----- > >> >>Hash: SHA1 > >> >> > >> >>I found this in the maillog: > >> >> > >> >>May 7 11:47:38 smtp MailScanner[5306]: > >> >>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B > >> >>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1 > >> >>messages > >> >> > >> >>WHAT! It says it is uninfected and delivers as ususal, but has > >> >>found an infection? > >> >> > >> >>Im confused to what might be the problem here... > >> >> > >> >>/ Carl > >> >> > >> >> >-----Original Message----- > >> >> >From: MailScanner mailing list > >> >> >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Carl Boberg > >> >> >Sent: Wednesday, May 07, 2003 14:05 > >> >> >To: MAILSCANNER@JISCMAIL.AC.UK > >> >> >Subject: Problems with F-secure and MS > >> >> > > >> >> > > >> >> > > >> >> >-----BEGIN PGP SIGNED MESSAGE----- > >> >> >Hash: SHA1 > >> >> > > >> >> >Hi, > >> >> >I have recently noticed that my f-secure ver. 4.15 on linux is > >> >> >not working with MS > >> >> >anymore... It isnt scanning viruses. I have tested it with > >> >> >eicar and a real virus. > >> >> >Nothing happens! It just passes through. > >> >> > > >> >> >It has been working quite well. I think it might have stopped > >> >> >when i uppgraded to > >> >> >the MS version before last, 4.15 something... I have now > >> >> >uppgraded to 4.20 but still > >> >> >no function. > >> >> > > >> >> >I have checked the config and cant see anything strange. I > >> >> >checked the wrapper script > >> >> >and commented out the check for f-secure 4.50. I tested the > >> >> >wrapper-script: > >> >> > > >> >> >./f-secure-wrapper virus.file > >> >> > > >> >> >and that works. But it doesnt work when I send email through > >> >> >MS... > >> >> > > >> >> >Any idea what this might bee? I am now running latest sophos > >> >> >beta AND f-secure, in that > >> >> >order. Headers in mail with virus says: > >> >> > > >> >> >X-MailScanner: Found to be infected, Found to be clean > >> >> > > >> >> >Would really appreciate som help on this one :-) > >> >> > > >> >> >Best regards > >> >> >- --------------------------------- > >> >> >Carl Boberg > >> >> >System & Network Administrator > >> >> >Dept. of Information Technology > >> >> >Swedish Museum of Natural History > >> >> >Frescativ. 40 > >> >> >104 05 Stockholm > >> >> >carl.boberg@nrm.se > >> >> >Phone: 08-519 551 16 > >> >> >Mobile: 0701-82 40 55 > >> >> >- --------------------------------- > >> >> > > >> >> >-----BEGIN PGP SIGNATURE----- > >> >> >Version: PGPfreeware 7.0.3 for non-commercial use > >> >> > > >> >> > > >> >> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15 > >> >> >f Bk36uVPBg7cF9jgCEGKBRW/A > >> >> >=XJbq > >> >> >-----END PGP SIGNATURE----- > >> >> > >> >>-----BEGIN PGP SIGNATURE----- > >> >>Version: PGPfreeware 7.0.3 for non-commercial use > >> >> > >> >> > >> >>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU > >> >>Eu/Ybp4j0uofC5vq/yWwJnAO > >> >>=E1IX > >> >>-----END PGP SIGNATURE----- > >> > > >> >-- > >> >Julian Field > >> >www.MailScanner.info > >> >MailScanner thanks transtec Computers for their support > >> > >>-----BEGIN PGP SIGNATURE----- > >>Version: PGPfreeware 7.0.3 for non-commercial use > >> > >> > >>iQA/AwUBPrkERui5vtTaHS+IEQI1+wCgjBpAlCwh8Skzn1q/VUvOtsWprogAoO4E > >>vVf1HiDAritxlDdJ/OITC/uT > >>=2a9b > >>-----END PGP SIGNATURE----- > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 7.0.3 for non-commercial use > >iQA/AwUBPrkac+i5vtTaHS+IEQLSlwCfd2ug16Y0/p65I3P9HiFT5lrp9+AAoNv3 >eyajp/3NzpWHrKMaeCm9kQAM >=b6hk >-----END PGP SIGNATURE----- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 16:17:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning In-Reply-To: References: Message-ID: <5.2.0.9.2.20030507161501.034da6d8@imap.ecs.soton.ac.uk> At 16:03 07/05/2003, you wrote: >Hi, > My spam.whitelist.rules look like: > ># This is where you can build a Spam WhiteList ># Addresses matching in here, with the value ># "yes" will never be marked as spam. >From: 137.146. yes >FromTo: default no >To: spam@* yes >To: abuse@colby.edu yes >To: postmaster@colby.edu yes >To: career-services yes >FromTo: owner-victoria@LISTSERV.INDIANA.EDU yes >FromTo: dglusker@pivot.net yes >FromTo: lists.worldbank.org yes >FromTo: alum.colby.edu yes > >where the IP numbers for my domain are 137.146.x.x. As I understand it, >this whitelists everything outbound from 137.146.x.x, but not inbound. >So spamassassin does its thing on everything inbound except the few >additions further down the list. Right??? Correct. But make sure you *don't* have Always Include SpamAssassin Report = yes set, otherwise it will spamassassinate everything just to produce the report you asked for. >BTW, I turned off auto-whitelist (per Julian's suggestion) and things >are holding together a little better today. MailScanner still has a >big memory footprint (36 M). I reduced the number of children from 6 >to 4, still a lot of memory page activity. 4 * 36MB = 144MB. So where is the rest of your 2048 MB going? Not on MailScanner, according to your figure. >On Wed, 7 May 2003, Tony Finch wrote: > > > Date: Wed, 7 May 2003 15:36:10 +0100 > > From: Tony Finch > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: my mail server is drowning > > > > "Jeff A. Earickson" wrote: > > > > > >Any suggestions for tuning? > > > > Are you spamassassinating everything? You only really need to scan > > incoming messages. > > > > Tony. > > -- > > f.a.n.finch http://dotat.at/ > > CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: SOUTHWEST 5 OR 6, BECOMING > > CYCLONIC 7 OR GALE 8. SHOWERS, THEN RAIN FOR A TIME. MODERATE OR GOOD. > > MODERATE OR ROUGH. > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From smhickel at CHARTERMI.NET Wed May 7 16:30:29 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:17:59 2006 Subject: SpamAssassin Timeout In-Reply-To: <5.2.0.9.2.20030507161735.034a1db0@imap.ecs.soton.ac.uk> Message-ID: Julian, It was set to 30 and I have increased it to 40. Thanks, Steve On Wed, 7 May 2003, Julian Field wrote: > Try increasing the SA timeout from 30 seconds to 40 seconds (quite > seriously). There are some 30 second timeouts internal to the SpamAssassin > code. > It is quite possible that one of the RBL's used by SpamAssassin appears to > be dead for you. > > At 16:07 07/05/2003, you wrote: > >Raymond Dijkxhoorn wrote .. > > > Hi! > > > > > > > Seems like my SpamAssassin works on a fresh boot of linux, or when the > > > > service MailScanner restart is applied but after a bit (few minutes) > > > I get > > > > an error that it has timed out. Any thoughts or suggestions? > > > > > > Please paste the error. > > > > > > Bye, > > > Raymond. > >Raymond, > > > >here is stuff from Maillog: > > > >Steve > > > >Cleaned: Delivered 1 cleaned messages > >May 7 10:53:18 mailscan - MailScanner Saved infected "msg-17928-5.html" to > >/var/spool/MailScanner/quarantine/20030507/h47Eplb5018193 > >May 7 10:53:17 mailscan - MailScanner Content Checks: Found 1 problems > >May 7 10:53:17 mailscan - MailScanner Content Checks: Detected > >Microsoft-specific exploits in h47Eplb5018193 > >May 7 10:53:17 mailscan - MailScanner Virus and Content Scanning: Starting > >May 7 10:53:12 mailscan - MailScanner SpamAssassin timed out and was > >killed, consecutive failure 1 of 20 > >May 7 10:52:42 mailscan - MailScanner New Batch: Scanning 1 messages, 9614 > >bytes > >May 7 10:52:41 mailscan - Msg h47Eplb5018193: to=mike@korehicom.com, > >delay=00:00:01, mailer=esmtp, pri=30185, stat=queued > >May 7 10:52:41 mailscan 9024 Msg h47Eplb5018193: from=out@bfiesta02.com, > >size=9024, class=0, nrcpts=1, > >msgid=200305071452.h47Eplb5018193@mailscan.korehicom.com, proto=ESMTP, > >daemon=MTA, relay=ip006.korehicom.com [216.109.198.30] (may be forged) > >May 7 10:52:23 mailscan - Msg h47Eq7b5018196: to=steve@korehicom.com, > >delay=00:00:16, xdelay=00:00:01, mailer=esmtp, pri=120434, > >relay=luna.korehicom.com. [192.168.1.23], dsn=2.0.0, stat=Sent ( > >1052319571.3903@150.rb25ex.com Queued mail for delivery) > >May 7 10:52:22 mailscan - Msg Uninfected: Delivered 1 messages > >May 7 10:52:22 mailscan - MailScanner Virus and Content Scanning: Starting > >May 7 10:52:21 mailscan - Msg h47EqLnv018200: > >to=feelinggreat@savingssentinel.com, delay=00:00:00, xdelay=00:00:00, > >mailer=relay, pri=30151, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, > >stat=Deferred: Connection refused by [127.0.0.1] > >May 7 10:52:21 mailscan 985 Msg h47EqLnv018200: from=, size=985, class=0, > >nrcpts=1, msgid=200305071452.h47EqLnv018200@mailscan.korehicom.com, > >relay=root@localhost > >May 7 10:52:21 mailscan - MailScanner Spam Checks: Found 1 spam messages > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From jaearick at COLBY.EDU Wed May 7 16:45:17 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning In-Reply-To: <5.2.0.9.2.20030507161501.034da6d8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030507161501.034da6d8@imap.ecs.soton.ac.uk> Message-ID: On Wed, 7 May 2003, Julian Field wrote: > > Correct. But make sure you *don't* have > Always Include SpamAssassin Report = yes > set, otherwise it will spamassassinate everything just to produce the > report you asked for. > Yes, turned off. > >BTW, I turned off auto-whitelist (per Julian's suggestion) and things > >are holding together a little better today. MailScanner still has a > >big memory footprint (36 M). I reduced the number of children from 6 > >to 4, still a lot of memory page activity. > > 4 * 36MB = 144MB. > So where is the rest of your 2048 MB going? Not on MailScanner, according > to your figure. Here is what the output of "top -u -osize" shows (first few lines): load averages: 5.62, 5.20, 5.57 11:42:20 95 processes: 85 sleeping, 8 running, 2 on cpu CPU states: 0.0% idle, 64.2% user, 35.8% kernel, 0.0% iowait, 0.0% swap Memory: 2048M real, 1296M free, 644M swap in use, 1987M swap free PID UID THR PRI NICE SIZE RES STATE TIME CPU COMMAND 199 76 7 58 0 121M 118M sleep 6:33 3.03% named 26225 0 1 52 0 38M 17M run 0:01 2.59% MailScanner 17182 0 1 33 0 38M 37M sleep 2:25 0.99% MailScanner 26259 0 1 52 0 38M 9072K run 0:00 0.55% MailScanner 17199 0 1 51 0 37M 36M run 2:32 1.67% MailScanner 26269 0 1 52 0 37M 7176K cpu/0 0:00 0.19% MailScanner 17230 0 1 25 0 37M 36M sleep 2:32 1.05% MailScanner 17259 0 1 43 0 37M 36M sleep 2:34 0.78% MailScanner 26250 0 1 51 0 37M 24M run 0:00 1.42% MailScanner 586 0 52 30 0 25M 23M sleep 0:42 0.24% dced 8944 0 8 60 0 12M 7208K sleep 0:00 0.00% sshd 8987 9897 3 58 0 12M 4136K sleep 0:00 0.00% sshd 758 0 9 34 0 12M 6544K sleep 0:00 0.00% sshd 588 0 9 60 0 12M 6312K sleep 0:00 0.00% sshd 386 0 8 18 0 12M 6168K sleep 0:00 0.00% sshd 687 0 8 34 0 12M 6312K sleep 0:00 0.00% sshd 610 13462 3 58 0 12M 3912K sleep 0:00 0.00% sshd 808 13462 3 58 0 12M 4008K sleep 0:00 0.00% sshd 704 13462 3 58 0 12M 3936K sleep 0:00 0.00% sshd 415 13462 3 58 0 12M 3832K sleep 0:02 0.00% sshd 17181 0 1 57 0 11M 2720K sleep 0:00 0.00% MailScanner 780 0 14 58 0 10M 8112K sleep 0:01 0.00% cdsclerk 26264 0 8 28 0 10M 7056K sleep 0:00 0.48% popper 26235 17491 8 58 0 9976K 6984K sleep 0:00 0.70% popper 26220 17624 8 41 0 9976K 6984K sleep 0:00 0.43% popper 26236 18638 8 58 0 9968K 6976K sleep 0:00 0.60% popper I don't think it is lack of memory, just a high number of processes and a lot of process switching that is causing the "pi" number to be high in "vmstat". --- Jeff From mkettler at EVI-INC.COM Wed May 7 17:01:16 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:17:59 2006 Subject: RBL's In-Reply-To: <000101c3149a$28fb9000$fc32000a@4> Message-ID: <5.2.0.9.0.20030507115257.0194b8c0@xanadu.evi-inc.com> At 02:11 PM 5/7/2003 +0100, Paul Hamilton wrote: >Hi All, > >We are just about to include RBL's to our MS.conf file, >but we are a little unsure of what exactly to enter. There should be examples of this already in your mailscanner.conf In 4.05-3 the syntax is (copied straight from the default. conf file): Spam List Definitions = /opt/MailScanner/etc/spam.lists.conf Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk) Note that spam.lists.conf contains the definition of what address to use for the RBL: ORDB-RBL relays.ordb.org. See the FAQ as well: http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.3.html#Definitions%20of%20virus%20scanners%20and%20spam%20detectors http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.3.html#Spam%20detection%20and%20spam%20lists%20(DNS%20blocklists) From Peter.Bates at LSHTM.AC.UK Wed May 7 17:01:11 2003 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:17:59 2006 Subject: SpamAssassin Timeout Message-ID: Hello all... > mailscanner@ECS.SOTON.AC.UK 07/05/03 16:18:31 >>> >It is quite possible that one of the RBL's used by SpamAssassin appears >to be dead for you. Still straddling the world of MS and amavisd at the moment as I am, I've noticed today that the RBL tests involving 'habeas.com' are a bit rubbish, or rather tcpdump'ing th exchange shows that the domain is mostly 'refusing' our requests. I've added the following lines to my SA configuration today to try and settle things: # Habeas.com looks rubbish score HABEAS_SWE 0 score HABEAS_HIL 0 score HABEAS_VIOLATOR 0 # And to help with above rbl_timeout 10 ... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From Kevin.Spicer at BMRB.CO.UK Wed May 7 17:28:45 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF577@pascal.priv.bmrb.co.uk> > Memory: 2048M real, 1296M free, 644M swap in use, 1987M swap free > > If you're okay for memory have you tried putting the MailScanner work dir in tmpfs? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From nfeasey at UTPRESS.UTORONTO.CA Wed May 7 17:39:45 2003 From: nfeasey at UTPRESS.UTORONTO.CA (Feasey, Nicholas) Date: Thu Jan 12 21:17:59 2006 Subject: spam/notspam w/sa-learn Message-ID: Many thanks to you for all your help. I really appreciate it. This should work nicely for us and my users will find the feature very nice. I'm still, when I get some time, going to work on a little script that runs on my Linux box that does the same thing as I think this feature would be highly desireable for many MailScanner/SpamAssassin users. Using your script will probably give me some good ideas. N -----Original Message----- From: Andrea Cogliati [mailto:AndreaC@GOTECH.IT] Sent: 7-May-03 5:01 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn Nicholas, I see the problem. My solution is not using Forwarding at all. I created two Public Folders on Exchange (2K) where users can copy (or move) spam & ham messages. Then I use a very quick & dirty perl script (I'm not a perl guru either) to feed the spam and notspam accounts on the MailScanner gateway where another script (Julian's one) runs sa_learn. I'm attaching my script to this message: it's really dumb and completely uncommented but it's working for us. Should you find it useful, please feel free to use it. Bye, Andrea -----Original Message----- From: Feasey, Nicholas [mailto:nfeasey@UTPRESS.UTORONTO.CA] Sent: Tuesday, May 06, 2003 5:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn The improvement that we are discussing is the ability to merely allow any mail user to FORWARD a message to spam or notspam and have it processed through SpamAssassin's sa-learn script and treated accordingly. The original problem, as Julian stated, is that Outlook, Outlook Express remove the headers when a message is forwarded so instead of the message being marked as spam or ham, depending on which email address (spam/notspam) you sent it to, it would incorrectly mark the end user. This is not the desired affect. I was mulling over the possibility of any user sending a email to either spam or notspam which merely contains an address (or series of addresses). Then a script runs which processes this messages through the sa-learn script which, in turn, teaches SpamAssassin about them. Unfortunately, although I pretty good in C and PHP, I'm not much of a Perl wizard. Perhaps what I describe above is exactly what your perl script does? If so, why not share it with the rest of us so we don't have to re-invent the wheel :) Many thanks. N -----Original Message----- From: Andrea Cogliati [mailto:AndreaC@GOTECH.IT] Sent: 6-May-03 4:14 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn Kevin, I'm currently using Exchange 2K Public Folders exactly for this purpose and I wrote a very simple Perl script for getting spam&ham from there. What 'improvement' are you talking about? Am I missing something? Bye, Andrea -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: Monday, May 05, 2003 9:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn A couple of us on the list have been experimenting with ways of using the 'public folders' feature in Exchange to get round this problem with Outlook. I understand this works with Exchange 5.5. But due to an 'improvement' Microsoft made in Exchange 2000 it doesn't work with that (which I personally find damn annoying). The basic way it works is by creating two public folders for spam and ham then using a script on the MailScanner machine to grab the messages using IMAP. The most important thing when feeding messages to sa-learn is that the message ID should not be changed (since sa-learn tracks which messages it has learned using this). Should the message ID change, which is likely to happen when forwarding, SA may well learn the same message as both ham and spam! On Mon, 2003-05-05 at 19:33, Feasey, Nicholas wrote: Hmm? So then, by forwarding I would place my address in the spam/notspam mailboxes and be identified as such. Any ideas on how to "fool" the app so that it will work with Outlook or am I going to have to try to write some sort of script - if, in fact, that is possible. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 19:16 05/05/2003, you wrote: Forgive my ignorance/stupidity on this subject but what do you mean by redirect? Different mail apps call it different things, but it is usually bounce or redirect. It sends the message on with the headers intact, so that replies go back to the original sender and not the person who redirected it. Outlook and Outlook Express cannot do it. Why, I don't know, it's the simplest job in the book :-( Yes, the cron job is in place, just want to give my users CORRECT instructions on using the "auto-learn" feature. N -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 5-May-03 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam/notspam w/sa-learn At 18:40 05/05/2003, you wrote: I just want to be clear on the usage of the spam and not spam accounts used in conjunction with the sa-learn script. I can have my users forward any message received to either spam (to have it identified as spam) or notspam (to have it identified as ham) and it will be automatcially learned (sa-learn)?? It is important that they "redirect" and not "forward" their mail to the addresses, as forwarding will destroy the headers and make it appear that your users are the spammers. Is this correct? You do, of course, need my cron job script to do the actual work, mailboxes aren't magic :-) I don't want my users showing up as spammers because they are listed as the forwarder. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From dot at DOTAT.AT Wed May 7 17:48:38 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:17:59 2006 Subject: my mail server is drowning In-Reply-To: References: <5.2.0.9.2.20030507161501.034da6d8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030507161501.034da6d8@imap.ecs.soton.ac.uk> Message-ID: "Jeff A. Earickson" wrote: > >I don't think it is lack of memory, just a high number of processes and >a lot of process switching that is causing the "pi" number to be high >in "vmstat". The pi number also counts pages being read in from files. Tony. -- f.a.n.finch http://dotat.at/ THE WASH TO NORTH FORELAND: WEST OR NORTHWEST 2 OR 3, BACKING SOUTH 4 OR 5, VEERING SOUTHWEST LATER, AND LOCALLY EASING 3. FAIR. GOOD. SLIGHT. From gerry at dorfam.ca Wed May 7 19:02:56 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:17:59 2006 Subject: New F-Prot 3.13a Message-ID: <45871.129.80.22.133.1052330576.squirrel@tiger.dorfam.ca> I noticed that there is now a new version of F-Prot available. Has anyone tried version 3.13a with MailScanner yet? Gerry From gerry at dorfam.ca Wed May 7 19:04:32 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:17:59 2006 Subject: Use of DCC Clarification In-Reply-To: <5.2.0.9.2.20030507083518.03217e18@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030507083518.03217e18@imap.ecs.soton.ac.uk> Message-ID: <50010.129.80.22.133.1052330672.squirrel@tiger.dorfam.ca> > Can you just do a quick test for me, and set dcc_path to a path that > *doesn't* exist please? > > I want to make sure that no error messages are logged anywhere, as > otherwise the logging is going to get very noisy if it gets an error for > every message. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support I'll try this tonight when I get home. Gerry From jaearick at COLBY.EDU Wed May 7 19:34:32 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:17:59 2006 Subject: OS versus anti-virus chart? Message-ID: Julian, Do you have a chart of which anti-virus product can be used on which flavor of UNIX (AIX, BSD, Solaris, Linux, HP, etc)? --- Jeff From raymond at PROLOCATION.NET Wed May 7 19:48:37 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:59 2006 Subject: New F-Prot 3.13a In-Reply-To: <45871.129.80.22.133.1052330576.squirrel@tiger.dorfam.ca> Message-ID: Hi! > I noticed that there is now a new version of F-Prot available. Has anyone > tried version 3.13a with MailScanner yet? Uhm, the 3.13a is Windows as far as i can see, on their site they offer 3.13 for *nix only or am i missing something ? Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed May 7 19:40:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: OS versus anti-virus chart? In-Reply-To: Message-ID: <5.2.1.1.2.20030507193907.02824518@imap.ecs.soton.ac.uk> At 19:34 07/05/2003, you wrote: >Julian, > Do you have a chart of which anti-virus product can be used on >which flavor of UNIX (AIX, BSD, Solaris, Linux, HP, etc)? No, sorry. But if you happen to compile one, I would be happy to publish it. :) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From paul.hamilton at sme-ecom.co.uk Wed May 7 19:53:34 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:59 2006 Subject: Filename Rules and double extensions In-Reply-To: <010a01c314af$2aeea0e0$fd32000a@4> Message-ID: <000201c314c9$f877f920$fc32000a@4> Julian, With reference to our recent question and your reply (see below ***********)we have implimented as shown directly below but messages are still being caught by MS as unacceptable. allow customername\.com\.xls - - allow customername\.com\.doc - - allow customername\.com\.dbf - - allow customername\.com\.mdx - - allow customername\.com\.pdf - - allow customername\.com\.gif - - allow customername\.com\.jpg - - allow customername\.com\.zip - - To read the above information we have set up a rule in the filename.rules file to point off to the customers specific filename rules: FromTo *@domainname.xxx /opt/ms_bydomain/domainname/filename.rules.conf Can you see the error of our ways? Thanks in advance Paul H ****************************************************************** At 15:20 02/05/2003, you wrote: >You could then use a rule that looked like >Allow customername\.com - - >That would allow all filenames which contained "customername.com" anywhere >in the filename, which might be enough. If you just want to allow >"customername.com.xxx" where "xxx" is "doc" or "ppt" or something like >that, then you could do >allow customername\.com\..{3,4} - - >This would allow the "xxx" to be 3 or 4 characters long, which you really >need to do as not all Windows filename extensions are 3 characters long >(e.g. "html" is 4). > >Would it also work if we named the specific file endings? i.e. >allow customername.com.doc >allow customername.com.xls >etc........ >Just feel this ties it down a bit tighter. Remember to put a '\' in front of each '.' as it is actually a regular expression, and a '.' on its own means "any character". And remember to add the 2 '-' signs on the end of the line so that there are 4 fields on each line, which should be separated by tab characters and not just spaces. >Are we right in thinking that these attachments will still be scanned for >known viruses by MS? Yes, indeed. It only affects the filename matching. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mark at TIPPINGMAR.COM Wed May 7 19:14:08 2003 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:17:59 2006 Subject: Bayes Probability In-Reply-To: <000001c3147d$2a120f40$fc32000a@4> Message-ID: <3EB8EA80.6925.4F1D14F@localhost> That's not the way it works. Bayes just returns a score, like all of the other spamassassin tests. The Bayes score is added to the other scores and compared to whatever you set your limits to. Here are the default scores from "/usr/share/spamassassin/50_scores.cf". They are negative for probabilities less than 40% and positive for probabilities greater than 60%. They are zero for the probabilities near 50%. score BAYES_00 0 0 -6.400 -6.400 score BAYES_01 0 0 -6.600 -6.600 score BAYES_10 0 0 -6.400 -5.801 score BAYES_20 0 0 -5.801 -3.101 score BAYES_30 0 0 -1.246 -1.604 score BAYES_40 0 score BAYES_44 0 score BAYES_50 0 score BAYES_56 0 score BAYES_60 0 0 2.002 1.160 score BAYES_70 0 0 2.637 2.188 score BAYES_80 0 0 4.300 2.807 score BAYES_90 0 0 4.126 2.854 score BAYES_99 0 0 4.300 2.791 On 7 May 2003 at 10:43, Paul Hamilton wrote: > Hi All, > > Could someone advise us what level of percentage probability > does Bayes have to reach before it deems a message to be Spam? > > Thanks in advance > > Paul H. -- Mark W. Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave, Berkeley, CA 94704 visit our website at http://www.tippingmar.com From paul.hamilton at sme-ecom.co.uk Wed May 7 20:23:02 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:59 2006 Subject: Spamassassin only Message-ID: <000401c314ce$14bc2940$fc32000a@4> Hi all, After setting up RBL's in MS.conf we now notice that domains that require virus scanning only are now also having mail marked for spam after RBL checks. Is there any way we can prevent domains that require virus scanning only, having RBL's checks performed on them. Thanks in advance Paul H. From mailscanner at ecs.soton.ac.uk Wed May 7 20:27:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: Spamassassin only In-Reply-To: <000401c314ce$14bc2940$fc32000a@4> Message-ID: <5.2.1.1.2.20030507202614.0269b540@imap.ecs.soton.ac.uk> At 20:23 07/05/2003, you wrote: >Hi all, > >After setting up RBL's in MS.conf we now notice that domains >that require virus scanning only are now also having mail marked >for spam after RBL checks. > >Is there any way we can prevent domains that require virus >scanning only, having RBL's checks performed on them. Can you check your MailScanner.conf file to check you aren't using the same ruleset for both? Or perhaps not reloading MailScanner after changing rules files? As far as I am aware no-one else has reported this happening. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From paul.hamilton at sme-ecom.co.uk Wed May 7 20:51:36 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:59 2006 Subject: FW: Spamassassin only Message-ID: <000501c314d2$11cf6cc0$fc32000a@4> Julian, Our ms.conf setup is a follows: # Spam Detection and Spam Lists (DNS blocklists) # ---------------------------------------------- # # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam Checks = yes # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = ORDB-RBL spamcop.net Infinite-Monkeys osirusoft.com # This is the list of spam domain blacklists which you are using # (such as the "rfc-ignorant" domains). See the "Spam List Definitions" # file for more information about what you can put here. # This can also be the filename of a ruleset. Spam Domain List = We have got "# skip_rbl_checks 0" in our spam.assassin.prefs.conf If we remove the RBL's from the MS.conf we do not see any reference in our logs to RBL checking. We only want Spamassassin to do the spam detection through RBL's and others, we ideally do not want MS to any spam checking so we can truly separate the two services - is this possible? Thanks Paul H. >Hi all, > >After setting up RBL's in MS.conf we now notice that domains >that require virus scanning only are now also having mail marked >for spam after RBL checks. > >Is there any way we can prevent domains that require virus >scanning only, having RBL's checks performed on them. Can you check your MailScanner.conf file to check you aren't using the same ruleset for both? Or perhaps not reloading MailScanner after changing rules files? As far as I am aware no-one else has reported this happening. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 7 21:05:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: FW: Spamassassin only In-Reply-To: <000501c314d2$11cf6cc0$fc32000a@4> Message-ID: <5.2.1.1.2.20030507210459.028362e0@imap.ecs.soton.ac.uk> At 20:51 07/05/2003, you wrote: >Julian, > >Our ms.conf setup is a follows: > ># Spam Detection and Spam Lists (DNS blocklists) ># ---------------------------------------------- ># > ># Do you want to check messages to see if they are spam? ># This can also be the filename of a ruleset. >Spam Checks = yes > ># This is the list of spam blacklists (RBLs) which you are using. ># See the "Spam List Definitions" file for more information about what ># you can put here. ># This can also be the filename of a ruleset. >Spam List = ORDB-RBL spamcop.net Infinite-Monkeys osirusoft.com > ># This is the list of spam domain blacklists which you are using ># (such as the "rfc-ignorant" domains). See the "Spam List Definitions" ># file for more information about what you can put here. ># This can also be the filename of a ruleset. >Spam Domain List = > >We have got "# skip_rbl_checks 0" in our spam.assassin.prefs.conf > >If we remove the RBL's from the MS.conf we do not see any reference >in our logs to RBL checking. > >We only want Spamassassin to do the spam detection through RBL's >and others, we ideally do not want MS to any spam checking >so we can truly separate the two services - is this possible? Just set Spam List = and it won't do any RBL checking itself. >Thanks > >Paul H. > > > >Hi all, > > > >After setting up RBL's in MS.conf we now notice that domains > >that require virus scanning only are now also having mail marked > >for spam after RBL checks. > > > >Is there any way we can prevent domains that require virus > >scanning only, having RBL's checks performed on them. > >Can you check your MailScanner.conf file to check you aren't using the same >ruleset for both? >Or perhaps not reloading MailScanner after changing rules files? >As far as I am aware no-one else has reported this happening. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From dene at DATATECHIE.COM Wed May 7 21:20:47 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:17:59 2006 Subject: when is Bayes scoring used? In-Reply-To: Message-ID: <5.1.0.14.2.20030507161808.00ba88b0@192.168.1.112> I have checked, double checked and triple checked the system. They I uninstalled and reinstalled SpamAssassin. I will see what happens now with the number of messages reported when I run 'sa-learn -D --rebuild' in a day or two. Once thing I did notice is that there are 2 directories with the bayes files in it (bayes_seen, bayes_toks, and bayes_msgcount). Are those files supposed to be in /root/.spamassassin as well as /.spamassassin? I thought it was supposed to be one or the other? Dene At 10:43 AM 5/7/2003 -0400, you wrote: >Maybe you have different versions of SpamAssassin installed? One version >using the files with .db and the end and the other without? Did you upgrade >SpamAssassin on 3/28? If you have multiple versions (or older remnants of >versions) of SpamAssassin, you could try uninstalling it. Then make sure it >is uninstalled, and tools like sa-learn are not still around. Then >reinstall and see if that help. > >Jason > > > -----Original Message----- > > From: Dene Ulmschneider [mailto:dene@DATATECHIE.COM] > > Sent: Wednesday, May 07, 2003 10:07 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] when is Bayes scoring used? > > > > > > When I tried that - the output returned some errors about not > > being able to > > parse some whitelist_from and blacklist_from so I commented > > them out since > > I have the white and black lists in separate files anyway. > > Other than that > > - the output was identical. > > > > As far as the bayes_path - I would think that it is set > > correctly (even > > though I did not specify in any file anywhere) because when > > MS is scanning > > messages - I can see the lock file created and deleted. Also, > > all of the > > relevant Bayes files are being modified many times every day. > > > > If you feel that specifying the bayes_path will help - I will > > try it - but > > the spam.assassin.prefs.conf says that you only need to do > > that if you move > > it from the default location... > > > > thanks > > > > Dene > > > > At 02:48 PM 5/7/2003 +0100, you wrote: > > >Dene, > > > > > >How about trying this: > > > > > >'sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild' > > > > > >Does this show anything different? Also, have you set > > 'bayes_path' in any of > > >the prefs files? > > > > > >Kind regards, > > >Steve > > >-- > > >Steve Freegard > > >Systems Manager > > >Littlehampton Book Services Ltd. > > > > > > > ---------- > > > > From: Dene Ulmschneider > > > > Reply To: MailScanner mailing list > > > > Sent: Wednesday, May 7, 2003 2:41 PM > > > > To: MAILSCANNER@jiscmail.ac.uk > > > > Subject: Re: when is Bayes scoring used? > > > > > > > > Julian- > > > > > > > > there was a message that I sent yesterday (clipped it out > > of last email to > > > > list) that showed the complete output of the command "sa-learn -D > > > > --rebuild". That's how I know the system says there are > > "Only 87 spam(s) > > > > in > > > > Bayes_db < 200". > > > > > > > > I cannot figure out why the learn.spam.log is always > > counting "learned > > > > from" messages but it is not increasing the number when I run the > > > > "sa-learn > > > > -D --rebuild". > > > > > > > > Any ideas? > > > > > > > > Dene > > > > > > > > > > > > At 01:50 PM 5/7/2003 +0100, you wrote: > > > > >At 13:32 07/05/2003, you wrote: > > > > >>OK - this is really getting a little confusing... > > > > >> > > > > >>I checked my "learn.spam.log" this morning and a found > > the following > > > > entries: > > > > >> > > > > >>Wed May 7 00:01:01 EDT 2003 > > > > >>Learned from 4 messages. > > > > >>Learned from 1 messages. > > > > >>Wed May 7 01:01:01 EDT 2003 > > > > >> > > > > >>The problem is that when I run sa-learn -D --rebuild I > > still get the > > > > >>message that says: > > > > >>Only 87 spam(s) in Bayes_db < 200 > > > > >>(it should be AT LEAST the 87 form yesterday plus the > > ones listed above > > > > - > > > > >>right?) > > > > >> > > > > >>Can anyone tell me how to fix this? The Bayes files on > > > > /root/.spamassassin > > > > >>are all being updated multiple times per day so I know > > it is working, > > > > >>unless of course the sa-learn command is reading Bayes > > info from another > > > > >>directory that really DOES only have 87 spam(s). > > > > >> > > > > >>Is there a way to run sa-learn and have it tell you the > > path that it is > > > > >>reading the Bayes info from? > > > > > > > > > >Have you tried > > > > > sa-learn -D > > > > >? I just ran "sa-learn" on its own and it prints the > > usage for you. > > > > > > > > > > > > > > >>Thank for any assistance. > > > > >> > > > > >>Dene > > > > >> > > > > >>At 02:38 PM 5/6/2003 -0400, you wrote: > > > > >>>something else to add... > > > > >>> > > > > >>>According the script that Julian provided to run > > sa-learn through cron, > > > > >>>my log is called "learn.spam.log" > > > > >>> > > > > >>>When I checked that file - I added up all of the > > "learned form XX > > > > >>>messages" and the total number was 447. > > > > >>> > > > > >>>Is the "learned from" referring to spam and ham? Is it > > possible that I > > > > >>>have 87 spam and the rest of them a ham? I thought I > > was pretty sure > > > > that > > > > >>>more spam was getting processed than ham - but I could > > be wrong. > > > > >>> > > > > >>>Can anyone shed a little light? > > > > >>> > > > > >>>Dene > > > > > > > > > >-- > > > > >Julian Field > > > > >www.MailScanner.info > > > > >MailScanner thanks transtec Computers for their support > > > > > > > > > > > > > > > > >************************************************************* > > ********* > > >This email and any files transmitted with it are confidential and > > >intended solely for the use of the individual or entity to whom they > > >are addressed. If you have received this email in error please notify > > >the system manager. > > > > > >This footnote also confirms that this email message has been swept by > > >MIMEsweeper for the presence of computer viruses. > > > > > >www.lbsltd.co.uk > > >************************************************************* > > ********* > > > > > >-- > > >This message has been scanned for viruses and dangerous > > >content by Data Techie, and is believed to be clean. > > >Data Techie... always there to protect you! > > >http://www.datatechie.com > > > > Thank You > > > > Dene Ulmschneider > > Data Techie Inc. > > -------------------------------------------------------------- > > ----------- > > office: 718.738.8859 > > cell: 646.996.2976 > > email: dene@datatechie.com > > pager mail: denenow@datatechie.com > > website: www.datatechie.com > > -------------------------------------------------------------- > > ----------- > > "Life is too short...-...you should have dessert first" > > > >-- >This message has been scanned for viruses and dangerous >content by Data Techie, and is believed to be clean. >Data Techie... always there to protect you! >http://www.datatechie.com Thank You Dene Ulmschneider Data Techie Inc. ------------------------------------------------------------------------- office: 718.738.8859 cell: 646.996.2976 email: dene@datatechie.com pager mail: denenow@datatechie.com website: www.datatechie.com ------------------------------------------------------------------------- "Life is too short...-...you should have dessert first" From paul.hamilton at sme-ecom.co.uk Wed May 7 22:00:06 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:59 2006 Subject: FW: FW: Spamassassin only Message-ID: <000701c314db$a5aa4a60$fc32000a@4> Julian, This is no doubt a dumb question but where within its config does SA determine which RBL lists to use, do we need to specify them somewhere? By removing the RBL's from "Spam List =" in MS, should we see the RBL checking appear in our logs, when SA performs them? Paul H. At 20:51 07/05/2003, you wrote: >Julian, > >Our ms.conf setup is a follows: > ># Spam Detection and Spam Lists (DNS blocklists) ># ---------------------------------------------- ># > ># Do you want to check messages to see if they are spam? ># This can also be the filename of a ruleset. >Spam Checks = yes > ># This is the list of spam blacklists (RBLs) which you are using. ># See the "Spam List Definitions" file for more information about what ># you can put here. ># This can also be the filename of a ruleset. >Spam List = ORDB-RBL spamcop.net Infinite-Monkeys osirusoft.com > ># This is the list of spam domain blacklists which you are using ># (such as the "rfc-ignorant" domains). See the "Spam List Definitions" ># file for more information about what you can put here. ># This can also be the filename of a ruleset. >Spam Domain List = > >We have got "# skip_rbl_checks 0" in our spam.assassin.prefs.conf > >If we remove the RBL's from the MS.conf we do not see any reference >in our logs to RBL checking. > >We only want Spamassassin to do the spam detection through RBL's >and others, we ideally do not want MS to any spam checking >so we can truly separate the two services - is this possible? Just set Spam List = and it won't do any RBL checking itself. >Thanks > >Paul H. > > > >Hi all, > > > >After setting up RBL's in MS.conf we now notice that domains > >that require virus scanning only are now also having mail marked > >for spam after RBL checks. > > > >Is there any way we can prevent domains that require virus > >scanning only, having RBL's checks performed on them. > >Can you check your MailScanner.conf file to check you aren't using the same >ruleset for both? >Or perhaps not reloading MailScanner after changing rules files? >As far as I am aware no-one else has reported this happening. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From paul.hamilton at sme-ecom.co.uk Wed May 7 22:21:05 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:17:59 2006 Subject: FW: FW: Spamassassin only Message-ID: <000801c314de$941671e0$fc32000a@4> Please ignore our last message, we have now seen RBL entries in our logs and assume that SA reads from RBL's spam.lists.conf. Hands up, were dumb!! Julian, This is no doubt a dumb question but where within its config does SA determine which RBL lists to use, do we need to specify them somewhere? By removing the RBL's from "Spam List =" in MS, should we see the RBL checking appear in our logs, when SA performs them? Paul H. At 20:51 07/05/2003, you wrote: >Julian, > >Our ms.conf setup is a follows: > ># Spam Detection and Spam Lists (DNS blocklists) ># ---------------------------------------------- ># > ># Do you want to check messages to see if they are spam? ># This can also be the filename of a ruleset. >Spam Checks = yes > ># This is the list of spam blacklists (RBLs) which you are using. ># See the "Spam List Definitions" file for more information about what ># you can put here. ># This can also be the filename of a ruleset. >Spam List = ORDB-RBL spamcop.net Infinite-Monkeys osirusoft.com > ># This is the list of spam domain blacklists which you are using ># (such as the "rfc-ignorant" domains). See the "Spam List Definitions" ># file for more information about what you can put here. ># This can also be the filename of a ruleset. >Spam Domain List = > >We have got "# skip_rbl_checks 0" in our spam.assassin.prefs.conf > >If we remove the RBL's from the MS.conf we do not see any reference >in our logs to RBL checking. > >We only want Spamassassin to do the spam detection through RBL's >and others, we ideally do not want MS to any spam checking >so we can truly separate the two services - is this possible? Just set Spam List = and it won't do any RBL checking itself. >Thanks > >Paul H. > > > >Hi all, > > > >After setting up RBL's in MS.conf we now notice that domains > >that require virus scanning only are now also having mail marked > >for spam after RBL checks. > > > >Is there any way we can prevent domains that require virus > >scanning only, having RBL's checks performed on them. > >Can you check your MailScanner.conf file to check you aren't using the same >ruleset for both? >Or perhaps not reloading MailScanner after changing rules files? >As far as I am aware no-one else has reported this happening. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From peter at UCGBOOK.COM Wed May 7 22:50:48 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? Message-ID: <1052344248.14506.54.camel@rocco.bonivart.home> As I understand it MS checks for spam with help from databases, it also uses blacklists and whitelists. Detected spam can be marked and delivered or deleted. Am I right so far? I would like to keep it simple so what do I need SA for? It's more "advanced" but what does it mean to me? Will I get a lot of spam without it? Is it worth the added complexity? Also, the mail system I want MS in uses Exchange on the inside and they have anti-virus scanners for that database and also on every desktop. Is there any point for me to scan mail for viruses at the MTA (Sendmail) level as well? Isn't the virus scan more resource demanding than the spam and attachment checks? I'm running Solaris and not all companies offer scanners for that platform. Any advice? Sorry for all the newbie questions but I'm really interested in using this. I have a chance of replacing a commercial Windows-based system that costs $20.000 a year in licensing alone and I really want to show what open source can do but this is new to me so I need help. Thanks. /Peter Bonivart --Unix lovers do it in the Sun From baldguy33165 at YAHOO.COM Wed May 7 23:04:33 2003 From: baldguy33165 at YAHOO.COM (Juan Quesada) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052344248.14506.54.camel@rocco.bonivart.home> Message-ID: <20030507220433.24809.qmail@web20803.mail.yahoo.com> If you want a very good scoring system, I would use it. --- Peter Bonivart wrote: > As I understand it MS checks for spam with help from > databases, it also > uses blacklists and whitelists. Detected spam can be > marked and > delivered or deleted. Am I right so far? > > I would like to keep it simple so what do I need SA > for? It's more > "advanced" but what does it mean to me? Will I get a > lot of spam without > it? Is it worth the added complexity? > > Also, the mail system I want MS in uses Exchange on > the inside and they > have anti-virus scanners for that database and also > on every desktop. > > Is there any point for me to scan mail for viruses > at the MTA (Sendmail) > level as well? Isn't the virus scan more resource > demanding than the > spam and attachment checks? I'm running Solaris and > not all companies > offer scanners for that platform. Any advice? > > Sorry for all the newbie questions but I'm really > interested in using > this. I have a chance of replacing a commercial > Windows-based system > that costs $20.000 a year in licensing alone and I > really want to show > what open source can do but this is new to me so I > need help. Thanks. > > /Peter Bonivart > > --Unix lovers do it in the Sun __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com From raymond at PROLOCATION.NET Wed May 7 23:07:39 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052344248.14506.54.camel@rocco.bonivart.home> Message-ID: Hi! > I would like to keep it simple so what do I need SA for? It's more > "advanced" but what does it mean to me? Will I get a lot of spam without > it? Is it worth the added complexity? Have a look on the SA homepage i would say. I think its worth the trouble, as far as you can call it trouble, for me it was just like installing and enabeling the option. > Is there any point for me to scan mail for viruses at the MTA (Sendmail) > level as well? Isn't the virus scan more resource demanding than the > spam and attachment checks? I'm running Solaris and not all companies > offer scanners for that platform. Any advice? > > Sorry for all the newbie questions but I'm really interested in using > this. I have a chance of replacing a commercial Windows-based system > that costs $20.000 a year in licensing alone and I really want to show > what open source can do but this is new to me so I need help. Thanks. Its serving two goals, to offload mailservers for example, or to offload peoples time reading mail. Its also important how your company sees it... or how you convince them ... :) But in my eyes you still need desktop security also, seperately. Btw, do some tests, for example the ones on GFI, i am allmost sure your current solution doesnt stop all. Bye, Raymond. From andersan at LTKALMAR.SE Wed May 7 23:11:09 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:17:59 2006 Subject: SV: Do I need SpamAssassin? Message-ID: <9F18B7DDBA88E544AB1F1995148916660146F0@lkl63.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: Peter Bonivart [mailto:peter@UCGBOOK.COM] > Skickat: den 7 maj 2003 23:51 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Do I need SpamAssassin? > > > As I understand it MS checks for spam with help from > databases, it also uses blacklists and whitelists. Detected > spam can be marked and delivered or deleted. Am I right so far? Yes > > I would like to keep it simple so what do I need SA for? It's > more "advanced" but what does it mean to me? Will I get a lot > of spam without it? Is it worth the added complexity? Use use it of the box, I do it and it works like a charm =) > > Also, the mail system I want MS in uses Exchange on the > inside and they have anti-virus scanners for that database > and also on every desktop. always add extra security on mail.... biggest reason is that for me is that even if we are coverd on our exchange I dont want viruses even to enter my exchange. > > Is there any point for me to scan mail for viruses at the MTA > (Sendmail) level as well? Isn't the virus scan more resource > demanding than the spam and attachment checks? I'm running > Solaris and not all companies offer scanners for that > platform. Any advice? Not regarding solaris but an extra layer of security is never bad especially if you like me got an exchange site and probably outlook as clients > > Sorry for all the newbie questions but I'm really interested > in using this. I have a chance of replacing a commercial > Windows-based system that costs $20.000 a year in licensing > alone and I really want to show what open source can do but > this is new to me so I need help. Thanks. Go for it, I did it and not a single virus mail entered our system yet. > > /Peter Bonivart > > --Unix lovers do it in the Sun > From gerry at DORFAM.CA Wed May 7 23:31:28 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:17:59 2006 Subject: Use of DCC Clarification In-Reply-To: <5.2.0.9.2.20030507083518.03217e18@imap.ecs.soton.ac.uk> Message-ID: On Wed, 7 May 2003, Julian Field wrote: > Can you just do a quick test for me, and set dcc_path to a path that > *doesn't* exist please? > > I want to make sure that no error messages are logged anywhere, as > otherwise the logging is going to get very noisy if it gets an error for > every message. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support I couldn't find any sign of an error message with an incorrect dcc_path parameter. There's no messages to root, nothing in /var/log/messages or /var/log/maillog and no mention in the headers. DCC checking just doesn't happen. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From kevins at BMRB.CO.UK Wed May 7 23:39:30 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175283@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175283@pascal.priv.bmrb.co.uk> Message-ID: <1052347173.14079.29.camel@bach.kevinspicer.co.uk> On Wed, 2003-05-07 at 22:50, Peter Bonivart wrote: >I would like to keep it simple so what do I need SA for? It's more >"advanced" but what does it mean to me? Will I get a lot of spam >without it? Is it worth the added complexity? In a word I think so [well 3 words then!] Simply using RBL databases will only block a portion of the spam you recieve, mainly that which comes from known open-relays, dial-up-netblocks and shady ISPs. Spam Assassin is far more sophisticated, It actually looks at the content of mail, looking for spam-like content and suspicious headers. It's rule and score based approach is far better than a simple is/isn't spam pattern match. Add to that its self learning Bayes filter which is able to identify features which differentiate spam from your genuine mail using statistical analysis. Then add your pick of Razor2, Pyzor, DCC (All basically checksum clearing houses which store checksums of known spam messages which can then be compared to messages you recieve). This goes far beyond anything you'll find elsewhere. SA is also highly configurable (don't let that put you off - the defaults are Pretty Damn Good). > Also, the mail system I want MS in uses Exchange on the inside and they > have anti-virus scanners for that database and also on every desktop. >Is there any point for me to scan mail for viruses at the MTA (Sendmail) >level as well? Isn't the virus scan more resource demanding than the >spam and attachment checks? I'm running Solaris and not all companies >offer scanners for that platform. Any advice? Don't rely on desktop protection - its never as reliable as you think it will be. Even if exchange is scanning too I'd recommend scanning on your mail gateway too. Sure the exchange stuff will help to protect your internal users from each other, but speaking personally I'd much prefer that virus infected mails never got as far as Exchange. If possible use a different engine on your MailScanner box to give maximum protection. If cost is an issue use the cheaper engines, if cost isn't an issue (and you've got plenty of processor cycles to spare) use Sophos. Even if you can't afford anything(!) run ClamAV, its pretty good for the price (free), although I wouldn't completely rely on it. The only good argument for not running a virus scanner with MailScanner is if your server can't cope (and really thats a better argument for upgrading your server!) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From jwilliam at KCR.UKY.EDU Thu May 8 01:49:59 2003 From: jwilliam at KCR.UKY.EDU (John Williams) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052344248.14506.54.camel@rocco.bonivart.home> Message-ID: <5.1.0.14.2.20030507204224.00b35b98@mail.kcr.uky.edu> At 11:50 PM 5/7/2003 +0200, you wrote: >I would like to keep it simple so what do I need SA for? It's more >"advanced" but what does it mean to me? Will I get a lot of spam without >it? Is it worth the added complexity? Yes, it is worth it. >Also, the mail system I want MS in uses Exchange on the inside and they >have anti-virus scanners for that database and also on every desktop. > >Is there any point for me to scan mail for viruses at the MTA (Sendmail) >level as well? Isn't the virus scan more resource demanding than the >spam and attachment checks? I'm running Solaris and not all companies >offer scanners for that platform. Any advice? I use MailScanner on Solaris 8 with Sophos antivirus at the mail server (Sendmail) and I also use McAfee on the desktops. I find that this dual level of protection is great, although the only viruses that have gotten through are personal accounts outside the company that people check. It was pretty easy to set up and I've found that when I've had problems the people on this list are fast to help with the right answers. Another great thing is the filename filtering. Saved us a lot of trouble... >Sorry for all the newbie questions but I'm really interested in using >this. I have a chance of replacing a commercial Windows-based system >that costs $20.000 a year in licensing alone and I really want to show >what open source can do but this is new to me so I need help. Thanks. > >/Peter Bonivart > >--Unix lovers do it in the Sun Feel confident that this product is a MUCH better value and it runs on very stable operating systems... Unix, Linux, Solaris... --Statement of Confidentiality-- This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Thank you. From danieltan at shopnsave.com.sg Thu May 8 03:45:40 2003 From: danieltan at shopnsave.com.sg (Daniel Tan) Date: Thu Jan 12 21:17:59 2006 Subject: a qn about MS Message-ID: <01b401c3150b$eb174460$3900a8c0@Daniel> hi, i have a question to ask. is mailscanner only scanning incoming emails to the internal accounts? meaning sending a virus email to an internal account and maybe cc to an external account.....then the affected email that is sent to the internal account will be deleted and the external account not..... just want to confirm.... Regards, Daniel Tan 67469188 Ext.665 DID: 68430665 MIS Department Shop N Save Pte Ltd : danieltan@shopnsave.com.sg [This e-mail is confidential and may also be privileged. If you are not the intended recipient, please delete it and notify us immediately; you should not copy or use it for any purpose, nor disclose its contents to any other person. Thank you.] From vlado at CIRUS.DHZ.HR Thu May 8 08:03:45 2003 From: vlado at CIRUS.DHZ.HR (Vladimir =?iso-8859-1?Q?Malovi=E6?=) Date: Thu Jan 12 21:17:59 2006 Subject: OT Regarding SA rpm vs compile with MS In-Reply-To: <5.2.0.9.2.20030507121643.0487fd90@imap.ecs.soton.ac.uk> References: <9F18B7DDBA88E544AB1F1995148916660146E0@lkl63.ltkalmar.se> Message-ID: <5.1.0.14.0.20030508090318.009f9590@posta.dhz.hr> Please, unsuscribe me from mailing list. Thank You and Regards, Vladimir From David.While at UCE.AC.UK Wed May 7 23:31:59 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? Message-ID: If you look at my stats (http://www.boys-brigade.org.uk/mrtg/) you will see that by far the most efficient spam detector is spamassassin followed by some of the RBLs. I'm not sure if this is true of other sites but in my opinion it is well worth the effort to use spamassassin ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 Peter Bonivart cc: Sent by: Subject: Do I need SpamAssassin? MailScanner mailing list 07/05/2003 22:50 Please respond to MAILSCANNER As I understand it MS checks for spam with help from databases, it also uses blacklists and whitelists. Detected spam can be marked and delivered or deleted. Am I right so far? I would like to keep it simple so what do I need SA for? It's more "advanced" but what does it mean to me? Will I get a lot of spam without it? Is it worth the added complexity? Also, the mail system I want MS in uses Exchange on the inside and they have anti-virus scanners for that database and also on every desktop. Is there any point for me to scan mail for viruses at the MTA (Sendmail) level as well? Isn't the virus scan more resource demanding than the spam and attachment checks? I'm running Solaris and not all companies offer scanners for that platform. Any advice? Sorry for all the newbie questions but I'm really interested in using this. I have a chance of replacing a commercial Windows-based system that costs $20.000 a year in licensing alone and I really want to show what open source can do but this is new to me so I need help. Thanks. /Peter Bonivart --Unix lovers do it in the Sun From Q.G.Campbell at NEWCASTLE.AC.UK Thu May 8 09:54:40 2003 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? Message-ID: <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> > -----Original Message----- > From: Peter Bonivart [mailto:peter@UCGBOOK.COM] > Sent: 07 May 2003 22:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Do I need SpamAssassin? > > > As I understand it MS checks for spam with help from > databases, it also uses blacklists and whitelists. Detected > spam can be marked and delivered or deleted. Am I right so far? Yes, but most of the spam we receive at this site is not from RBLd sites so is missed without SA. > > I would like to keep it simple so what do I need SA for? It's > more "advanced" but what does it mean to me? Will I get a lot > of spam without it? Is it worth the added complexity? It is definitely worth running SA with MS. You will get more spam without it (see comment above). You can pretty well install SA out of the box and run it immediately with MS without changes. You only need to set the Low/High spam socres in MS and possibly disable some/all the RBL checks that SA does. This site makes heavy use of local SA rules but I suspect we are in a very small minority. Perhaps rather more sites tweak the scores for some standard SA rules. > > Also, the mail system I want MS in uses Exchange on the > inside and they have anti-virus scanners for that database > and also on every desktop. > > Is there any point for me to scan mail for viruses at the MTA > (Sendmail) level as well? Isn't the virus scan more resource > demanding than the spam and attachment checks? I'm running > Solaris and not all companies offer scanners for that > platform. Any advice? One advantage of doing A-V scanning via MailScanner on your Mail Hubs (MTA level) is that you can run each message through multiple A-V products. We currently use Sophos and McAfee with MS. This has the advantage that if one A-V product fails (database update or engine failure for example) or is not updated with a new virus signature quickly enough, there is a good chance the other A-V scanner will pick up the virus. Running SA is _very_ resource intensive. Just running Sendmail and MS plus one A-V product will demand more resources but not so significant that you should have to upgrade your platforms. We originally ran Sendmail + MS + McAfee (for A-V) on Solaris boxes. Note that Sophos also runs on Solaris. Our Ultra-5 boxes could not cope with the additional load of SA so we upgraded all of our Mail Hubs to generously resouced dual-processor Dell boxes and now run Linux rather than Solaris. Our MTA configuration runs Sendmail + MS + Sophos + McAfee + SA and still they are more than 50% idle. We have 18,000 users and handle more than 500,000 incoming messages per week. > > Sorry for all the newbie questions but I'm really interested > in using this. I have a chance of replacing a commercial > Windows-based system that costs $20.000 a year in licensing > alone and I really want to show what open source can do but > this is new to me so I need help. Thanks. You can chose cheaper A-V products than we run so your only outlay then is the one-off cost of upgrading your MTA to a decently specified Intel box on which to run Linux + Sendmail (or Exim) + MS + SA + one/two A-V products. For example a 2.5GHz dual-processor Dell box with 2GB memory and 4 x large capacity SCSI disks will cost you less than ?5,000. Go for 4 x SCSI disks with two separate controllers so that you can use software mirroring (RAID1) for resilience; one disk of a mirror set is your system and log disk, the other disk of the mirror set is your spool disk. Even better if you can duplicate that configuration and run with two MTA's which become equal precedence MX hosts for your domain. This not only gives you additional site resilience but also means you should never have capacity problems for a very long time to come! Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From andy.wright at BARDSEY.DEMON.CO.UK Thu May 8 10:41:31 2003 From: andy.wright at BARDSEY.DEMON.CO.UK (Andy Wright) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? In-Reply-To: Message-ID: I'll second David's opinion here.... I'm running MailScanner at home (!) on Linux. Take a look at www.bardsey.demon.co.uk/mailstats and www.bardsey.demon.co.uk/stats and you'll see that spamassassin is by far the most effective trap. Andy. PS, David if you read this, I notice on your site there is a breakdown of spam source by country - is that a new version you are working on? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk]On Behalf Of David While Sent: 07 May 2003 23:32 To: MAILSCANNER@jiscmail.ac.uk Subject: Re: Do I need SpamAssassin? If you look at my stats (http://www.boys-brigade.org.uk/mrtg/) you will see that by far the most efficient spam detector is spamassassin followed by some of the RBLs. I'm not sure if this is true of other sites but in my opinion it is well worth the effort to use spamassassin ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 From raymond at PROLOCATION.NET Thu May 8 07:54:18 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:59 2006 Subject: a qn about MS In-Reply-To: <01b401c3150b$eb174460$3900a8c0@Daniel> Message-ID: Hi! > to the internal accounts? meaning sending a virus email to an internal > account and maybe cc to an external account.....then the affected email that > is sent to the internal account will be deleted and the external account > not..... just want to confirm.... Thats totally depending on your own setup. IT cleans what you feeds it. Bye, Raymond. From tony.johansson at SVENSKAKYRKAN.SE Thu May 8 12:24:48 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:17:59 2006 Subject: inoculan/inoculate/e-trust from CA Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0C7E@nt.svenskakyrkan.se> Hello, I just heard that CA's E-trust is licensed per server, much like F-Prot. Supposedly its even cheaper than F-prot (imagine that) Now the confusion starts... CA seemingly has three products for linux: inoculan, inoculate and e-trust I gather inoculan and inoculate is supported by MailScanner, what about e-trust? Can anyone elaborate what the difference between these products is? regards, Tony From andersan at LTKALMAR.SE Thu May 8 12:50:44 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:17:59 2006 Subject: Regarding silent virus delete Message-ID: <9F18B7DDBA88E544AB1F1995148916660146FC@lkl63.ltkalmar.se> Hi I just got a short question regrding silently delete of virus mail. Im currently running 2 av-progs on mailscanner mcafee and f-prot. They dont seem to have the same virus names when I look at the viruwarning.txt. Do I need to add both version or do you think its enough with one of them? For the moment we got to many stupid swedes reading their mail and we are getting flodded for the moment and Im considering starting silent deletetion. exampel: Report: class.exe Infection: W32/Klez.H@mm class.exe Found the W32/Klez.h@MM virus !!! Executable DOS/Windows programs are dangerous in email (class.exe) Report: xx.scr Infection: W32/Ganda.A@mm xx.scr Found the W32/Ganda@MM virus !!! Windows Screensavers are often used to hide viruses (xx.scr) Kind regards /Anders From raymond at PROLOCATION.NET Thu May 8 12:54:11 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:17:59 2006 Subject: Regarding silent virus delete In-Reply-To: <9F18B7DDBA88E544AB1F1995148916660146FC@lkl63.ltkalmar.se> Message-ID: Hi! > Report: class.exe Infection: W32/Klez.H@mm > class.exe Found the W32/Klez.h@MM virus !!! > Executable DOS/Windows programs are dangerous in email (class.exe) > > Report: xx.scr Infection: W32/Ganda.A@mm > xx.scr Found the W32/Ganda@MM virus !!! > Windows Screensavers are often used to hide viruses (xx.scr) Just add Ganda and Klez and it will match all off the above. Bye, Raymond. From andersan at LTKALMAR.SE Thu May 8 12:57:48 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:17:59 2006 Subject: SV: Regarding silent virus delete Message-ID: <9F18B7DDBA88E544AB1F1995148916660146FD@lkl63.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Skickat: den 8 maj 2003 13:54 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: Regarding silent virus delete > > > Hi! > > > Report: class.exe Infection: W32/Klez.H@mm > > class.exe Found the W32/Klez.h@MM virus !!! > > Executable DOS/Windows programs are dangerous in email (class.exe) > > > > Report: xx.scr Infection: W32/Ganda.A@mm > > xx.scr Found the W32/Ganda@MM virus !!! > > Windows Screensavers are often used to hide viruses (xx.scr) > > Just add Ganda and Klez and it will match all off the above. Oh, its smarter then I thought.... thanks > > Bye, > Raymond. > From mailscanner at ecs.soton.ac.uk Thu May 8 14:02:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: inoculan/inoculate/e-trust from CA In-Reply-To: <3C4F5084EF16D4119CE700508B6B8B10058D0C7E@nt.svenskakyrkan. se> Message-ID: <5.2.0.9.2.20030508140156.04358c90@imap.ecs.soton.ac.uk> At 12:24 08/05/2003, you wrote: >Hello, > > >I just heard that CA's E-trust is licensed per server, much like F-Prot. >Supposedly its even cheaper than F-prot (imagine that) > >Now the confusion starts... CA seemingly has three products for linux: >inoculan, inoculate and e-trust > >I gather inoculan and inoculate is supported by MailScanner, what about >e-trust? No, it's not. >Can anyone elaborate what the difference between these products is? Not a clue... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 8 13:58:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: FW: FW: Spamassassin only In-Reply-To: <000801c314de$941671e0$fc32000a@4> Message-ID: <5.2.0.9.2.20030508135652.042a41e8@imap.ecs.soton.ac.uk> At 22:21 07/05/2003, you wrote: >Please ignore our last message, we have now seen RBL entries in our >logs and assume that SA reads from RBL's spam.lists.conf. >Hands up, were dumb!! The SA rbl checks are defined in /usr/share/spamassassin/50_scores.cf If you want to kill any of them, set the score for that rule to 0 (in your spam.assassin.prefs.conf file). SA does *not* use spam.lists.conf, only MS's own RBL checking uses that. Acronym city :-) >Julian, > >This is no doubt a dumb question but where within its config >does SA determine which RBL lists to use, do we need to >specify them somewhere? > >By removing the RBL's from "Spam List =" in MS, should we see the >RBL checking appear in our logs, when SA performs them? > >Paul H. > > >At 20:51 07/05/2003, you wrote: > >Julian, > > > >Our ms.conf setup is a follows: > > > ># Spam Detection and Spam Lists (DNS blocklists) > ># ---------------------------------------------- > ># > > > ># Do you want to check messages to see if they are spam? > ># This can also be the filename of a ruleset. > >Spam Checks = yes > > > ># This is the list of spam blacklists (RBLs) which you are using. > ># See the "Spam List Definitions" file for more information about what > ># you can put here. > ># This can also be the filename of a ruleset. > >Spam List = ORDB-RBL spamcop.net Infinite-Monkeys osirusoft.com > > > ># This is the list of spam domain blacklists which you are using > ># (such as the "rfc-ignorant" domains). See the "Spam List Definitions" > ># file for more information about what you can put here. > ># This can also be the filename of a ruleset. > >Spam Domain List = > > > >We have got "# skip_rbl_checks 0" in our spam.assassin.prefs.conf > > > >If we remove the RBL's from the MS.conf we do not see any reference > >in our logs to RBL checking. > > > >We only want Spamassassin to do the spam detection through RBL's > >and others, we ideally do not want MS to any spam checking > >so we can truly separate the two services - is this possible? > >Just set >Spam List = >and it won't do any RBL checking itself. > > > >Thanks > > > >Paul H. > > > > > > >Hi all, > > > > > >After setting up RBL's in MS.conf we now notice that domains > > >that require virus scanning only are now also having mail marked > > >for spam after RBL checks. > > > > > >Is there any way we can prevent domains that require virus > > >scanning only, having RBL's checks performed on them. > > > >Can you check your MailScanner.conf file to check you aren't using the same > >ruleset for both? > >Or perhaps not reloading MailScanner after changing rules files? > >As far as I am aware no-one else has reported this happening. > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 8 13:56:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:17:59 2006 Subject: Do I need SpamAssassin? In-Reply-To: References: <1052344248.14506.54.camel@rocco.bonivart.home> Message-ID: <5.2.0.9.2.20030508135519.02fbecc0@imap.ecs.soton.ac.uk> At 23:07 07/05/2003, you wrote: >Btw, do some tests, for example the ones on GFI, i am allmost sure your >current solution doesnt stop all. Please bear in mind that the GFI tests are specifically created to show that their products will pass them. They are not representative of the attacks you are likely to see in practice. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 8 13:59:31 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: References: <5.2.0.9.2.20030507083518.03217e18@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030508135909.044c6700@imap.ecs.soton.ac.uk> At 23:31 07/05/2003, you wrote: >On Wed, 7 May 2003, Julian Field wrote: > > Can you just do a quick test for me, and set dcc_path to a path that > > *doesn't* exist please? > > > > I want to make sure that no error messages are logged anywhere, as > > otherwise the logging is going to get very noisy if it gets an error for > > every message. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > >I couldn't find any sign of an error message with an incorrect dcc_path >parameter. There's no messages to root, nothing in /var/log/messages or >/var/log/maillog and no mention in the headers. DCC checking just doesn't >happen. I have changed the spam.assassin.prefs.conf file for the next release so that this rule is no longer set to 0. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Thu May 8 14:34:37 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <5.2.0.9.2.20030508135519.02fbecc0@imap.ecs.soton.ac.uk> Message-ID: Hi! > >Btw, do some tests, for example the ones on GFI, i am allmost sure your > >current solution doesnt stop all. > Please bear in mind that the GFI tests are specifically created to show > that their products will pass them. They are not representative of the > attacks you are likely to see in practice. I know, but its nice MS stops them anyway :)) Bye, Raymond. From Kevin.Spicer at BMRB.CO.UK Thu May 8 14:25:46 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF57B@pascal.priv.bmrb.co.uk> Nessus has some tests to find holes in mail servers (and everythuing else!) > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: 08 May 2003 13:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Do I need SpamAssassin? > > > At 23:07 07/05/2003, you wrote: > >Btw, do some tests, for example the ones on GFI, i am > allmost sure your > >current solution doesnt stop all. > > Please bear in mind that the GFI tests are specifically > created to show > that their products will pass them. They are not representative of the > attacks you are likely to see in practice. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From gerry at dorfam.ca Thu May 8 17:37:29 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: <5.2.0.9.2.20030508135909.044c6700@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030507083518.03217e18@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030508135909.044c6700@imap.ecs.soton.ac.uk> Message-ID: <50052.129.80.22.143.1052411849.squirrel@tiger.dorfam.ca> > At 23:31 07/05/2003, you wrote: >>On Wed, 7 May 2003, Julian Field wrote: >> > Can you just do a quick test for me, and set dcc_path to a path that >> > *doesn't* exist please? >> > >> > I want to make sure that no error messages are logged anywhere, as >> > otherwise the logging is going to get very noisy if it gets an error >> for >> > every message. >> > -- >> > Julian Field >> > www.MailScanner.info >> > MailScanner thanks transtec Computers for their support >> >>I couldn't find any sign of an error message with an incorrect dcc_path >>parameter. There's no messages to root, nothing in /var/log/messages or >>/var/log/maillog and no mention in the headers. DCC checking just >> doesn't >>happen. > > I have changed the spam.assassin.prefs.conf file for the next release so > that this rule is no longer set to 0. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support Just so we're clear on this... You're going to change the existing DCC rule so that it isn't set to 0 and you're going to add the dcc_path statement? Both of those seem to be required to make DCC work. Gerry From mailscanner at ecs.soton.ac.uk Thu May 8 18:18:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: <50052.129.80.22.143.1052411849.squirrel@tiger.dorfam.ca> References: <5.2.0.9.2.20030508135909.044c6700@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030507083518.03217e18@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030508135909.044c6700@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030508181657.02442e50@imap.ecs.soton.ac.uk> At 17:37 08/05/2003, Gerry Doris wrote: > > At 23:31 07/05/2003, you wrote: > >>On Wed, 7 May 2003, Julian Field wrote: > >> > Can you just do a quick test for me, and set dcc_path to a path that > >> > *doesn't* exist please? > >> > > >> > I want to make sure that no error messages are logged anywhere, as > >> > otherwise the logging is going to get very noisy if it gets an error > >> for > >> > every message. > >> > -- > >> > Julian Field > >> > www.MailScanner.info > >> > MailScanner thanks transtec Computers for their support > >> > >>I couldn't find any sign of an error message with an incorrect dcc_path > >>parameter. There's no messages to root, nothing in /var/log/messages or > >>/var/log/maillog and no mention in the headers. DCC checking just > >> doesn't > >>happen. > > > > I have changed the spam.assassin.prefs.conf file for the next release so > > that this rule is no longer set to 0. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > >Just so we're clear on this... > >You're going to change the existing DCC rule so that it isn't set to 0 Done. > and >you're going to add the dcc_path statement? Both of those seem to be >required to make DCC work. Haven't done that yet. What should I set it to for a normal dcc installation? (I don't use dcc myself yet) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Thu May 8 18:20:20 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: <5.2.1.1.2.20030508181657.02442e50@imap.ecs.soton.ac.uk> Message-ID: <000901c31586$1aece6c0$9b01a8c0@home.middlefinger.net> /usr/local/bin on my systems -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 08, 2003 12:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Use of DCC Clarification At 17:37 08/05/2003, Gerry Doris wrote: > > At 23:31 07/05/2003, you wrote: > >>On Wed, 7 May 2003, Julian Field wrote: > >> > Can you just do a quick test for me, and set dcc_path to a path > >> > that > >> > *doesn't* exist please? > >> > > >> > I want to make sure that no error messages are logged anywhere, > >> > as otherwise the logging is going to get very noisy if it gets an > >> > error > >> for > >> > every message. > >> > -- > >> > Julian Field > >> > www.MailScanner.info > >> > MailScanner thanks transtec Computers for their support > >> > >>I couldn't find any sign of an error message with an incorrect > >>dcc_path parameter. There's no messages to root, nothing in > >>/var/log/messages or /var/log/maillog and no mention in the headers. > >>DCC checking just doesn't happen. > > > > I have changed the spam.assassin.prefs.conf file for the next > > release so that this rule is no longer set to 0. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > >Just so we're clear on this... > >You're going to change the existing DCC rule so that it isn't set to 0 Done. > and >you're going to add the dcc_path statement? Both of those seem to be >required to make DCC work. Haven't done that yet. What should I set it to for a normal dcc installation? (I don't use dcc myself yet) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 8 18:33:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: <000901c31586$1aece6c0$9b01a8c0@home.middlefinger.net> References: <5.2.1.1.2.20030508181657.02442e50@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030508183254.02873d48@imap.ecs.soton.ac.uk> At 18:20 08/05/2003, you wrote: >/usr/local/bin on my systems But should the entry read dcc_path /usr/local/bin or dcc_path /usr/local/bin/dccproc ? >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of >Julian Field >Sent: Thursday, May 08, 2003 12:19 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Use of DCC Clarification > > >At 17:37 08/05/2003, Gerry Doris wrote: > > > At 23:31 07/05/2003, you wrote: > > >>On Wed, 7 May 2003, Julian Field wrote: > > >> > Can you just do a quick test for me, and set dcc_path to a path > > >> > that > > >> > *doesn't* exist please? > > >> > > > >> > I want to make sure that no error messages are logged anywhere, > > >> > as otherwise the logging is going to get very noisy if it gets an > > >> > error > > >> for > > >> > every message. > > >> > -- > > >> > Julian Field > > >> > www.MailScanner.info > > >> > MailScanner thanks transtec Computers for their support > > >> > > >>I couldn't find any sign of an error message with an incorrect > > >>dcc_path parameter. There's no messages to root, nothing in > > >>/var/log/messages or /var/log/maillog and no mention in the headers. > > >>DCC checking just doesn't happen. > > > > > > I have changed the spam.assassin.prefs.conf file for the next > > > release so that this rule is no longer set to 0. > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > >Just so we're clear on this... > > > >You're going to change the existing DCC rule so that it isn't set to 0 > >Done. > > > and > >you're going to add the dcc_path statement? Both of those seem to be > >required to make DCC work. > >Haven't done that yet. >What should I set it to for a normal dcc installation? (I don't use dcc myself >yet) > > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz MailScanner thanks >transtec >Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Thu May 8 18:47:13 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: <5.2.1.1.2.20030508183254.02873d48@imap.ecs.soton.ac.uk> Message-ID: <001401c31589$dc174040$9b01a8c0@home.middlefinger.net> Hard for me to say. Creating a symlink from /usr/local/bin/dccproc to /usr/bin/dccproc makes it all work. I guess it depends on how MailScanner makes the call. I'm no programmer, so don't make me lie to you :) Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Thursday, May 08, 2003 12:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Use of DCC Clarification > > > At 18:20 08/05/2003, you wrote: > >/usr/local/bin on my systems > > But should the entry read > dcc_path /usr/local/bin > or > dcc_path /usr/local/bin/dccproc > ? > > > >-----Original Message----- > >From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >Behalf Of Julian Field > >Sent: Thursday, May 08, 2003 12:19 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Use of DCC Clarification > > > > > >At 17:37 08/05/2003, Gerry Doris wrote: > > > > At 23:31 07/05/2003, you wrote: > > > >>On Wed, 7 May 2003, Julian Field wrote: > > > >> > Can you just do a quick test for me, and set > dcc_path to a path > > > >> > that > > > >> > *doesn't* exist please? > > > >> > > > > >> > I want to make sure that no error messages are > logged anywhere, > > > >> > as otherwise the logging is going to get very noisy > if it gets > > > >> > an error > > > >> for > > > >> > every message. > > > >> > -- > > > >> > Julian Field > > > >> > www.MailScanner.info > > > >> > MailScanner thanks transtec Computers for their support > > > >> > > > >>I couldn't find any sign of an error message with an incorrect > > > >>dcc_path parameter. There's no messages to root, nothing in > > > >>/var/log/messages or /var/log/maillog and no mention in the > > > >>headers. DCC checking just doesn't happen. > > > > > > > > I have changed the spam.assassin.prefs.conf file for the next > > > > release so that this rule is no longer set to 0. > > > > -- > > > > Julian Field > > > > www.MailScanner.info > > > > MailScanner thanks transtec Computers for their support > > > > > >Just so we're clear on this... > > > > > >You're going to change the existing DCC rule so that it > isn't set to > > >0 > > > >Done. > > > > > and > > >you're going to add the dcc_path statement? Both of those > seem to be > > >required to make DCC work. > > > >Haven't done that yet. > >What should I set it to for a normal dcc installation? (I > don't use dcc > >myself > >yet) > > > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > MailScanner thanks > >transtec Computers for their support > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From gerry at dorfam.ca Thu May 8 20:04:31 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: <5.2.1.1.2.20030508183254.02873d48@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030508181657.02442e50@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030508183254.02873d48@imap.ecs.soton.ac.uk> Message-ID: <61561.129.80.22.133.1052420671.squirrel@tiger.dorfam.ca> > At 18:20 08/05/2003, you wrote: >>/usr/local/bin on my systems > > But should the entry read > dcc_path /usr/local/bin > or > dcc_path /usr/local/bin/dccproc > ? I put in "dcc_path /usr/local/bin/dccproc" and it worked. I didn't try it without dccproc?? Gerry From mailscanner at ecs.soton.ac.uk Thu May 8 19:48:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Use of DCC Clarification In-Reply-To: <001401c31589$dc174040$9b01a8c0@home.middlefinger.net> References: <5.2.1.1.2.20030508183254.02873d48@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030508194744.026f8528@imap.ecs.soton.ac.uk> Sorted. Will all be set in the next release. At 18:47 08/05/2003, you wrote: >Hard for me to say. Creating a symlink from /usr/local/bin/dccproc to >/usr/bin/dccproc makes it all work. I guess it depends on how MailScanner >makes >the call. I'm no programmer, so don't make me lie to you :) > >Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > > Sent: Thursday, May 08, 2003 12:33 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Use of DCC Clarification > > > > > > At 18:20 08/05/2003, you wrote: > > >/usr/local/bin on my systems > > > > But should the entry read > > dcc_path /usr/local/bin > > or > > dcc_path /usr/local/bin/dccproc > > ? > > > > > > >-----Original Message----- > > >From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > >Behalf Of Julian Field > > >Sent: Thursday, May 08, 2003 12:19 PM > > >To: MAILSCANNER@JISCMAIL.AC.UK > > >Subject: Re: Use of DCC Clarification > > > > > > > > >At 17:37 08/05/2003, Gerry Doris wrote: > > > > > At 23:31 07/05/2003, you wrote: > > > > >>On Wed, 7 May 2003, Julian Field wrote: > > > > >> > Can you just do a quick test for me, and set > > dcc_path to a path > > > > >> > that > > > > >> > *doesn't* exist please? > > > > >> > > > > > >> > I want to make sure that no error messages are > > logged anywhere, > > > > >> > as otherwise the logging is going to get very noisy > > if it gets > > > > >> > an error > > > > >> for > > > > >> > every message. > > > > >> > -- > > > > >> > Julian Field > > > > >> > www.MailScanner.info > > > > >> > MailScanner thanks transtec Computers for their support > > > > >> > > > > >>I couldn't find any sign of an error message with an incorrect > > > > >>dcc_path parameter. There's no messages to root, nothing in > > > > >>/var/log/messages or /var/log/maillog and no mention in the > > > > >>headers. DCC checking just doesn't happen. > > > > > > > > > > I have changed the spam.assassin.prefs.conf file for the next > > > > > release so that this rule is no longer set to 0. > > > > > -- > > > > > Julian Field > > > > > www.MailScanner.info > > > > > MailScanner thanks transtec Computers for their support > > > > > > > >Just so we're clear on this... > > > > > > > >You're going to change the existing DCC rule so that it > > isn't set to > > > >0 > > > > > >Done. > > > > > > > and > > > >you're going to add the dcc_path statement? Both of those > > seem to be > > > >required to make DCC work. > > > > > >Haven't done that yet. > > >What should I set it to for a normal dcc installation? (I > > don't use dcc > > >myself > > >yet) > > > > > > > > >-- > > >Julian Field > > >www.MailScanner.info > > >Professional Support Services at www.MailScanner.biz > > MailScanner thanks > > >transtec Computers for their support > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From peter at UCGBOOK.COM Thu May 8 21:06:04 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> References: <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> Message-ID: <1052424364.14506.78.camel@rocco.bonivart.home> Thanks for all the help! It's just that I've been lurking on this mail list for a month and the combination of MS and SA seems to create some problems when one of them upgrades. I thought I could save myself some trouble but all of you seem to think SA is the way to go. I will try to read more about it. So, if I use SA can I turn off MS spam features and only use it for attachment filtering then? Will I gain any speed by that? I don't get the scoring system either, why do I need a score? Isn't the mail supposed to be marked as spam so the client (Outlook in my case) can decide what to do with it? Does Outlook use the score, I haven't used it for a while? Finally, a question about performance. If I have an MTA box in a DMZ running Bind and Sendmail (sending and receiving mail on the internet) and the load is really light (we average about 5.000 messages/day) would a similar box be sufficient for MS, SA and anti-virus scanning to be placed between the MTA and Exchange? The box I'm referring to is a Sun Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need more CPU and/or RAM? /Peter Bonivart --Unix lovers do it in the Sun On Thu, 2003-05-08 at 10:54, Quentin Campbell wrote: > > -----Original Message----- > > From: Peter Bonivart [mailto:peter@UCGBOOK.COM] > > Sent: 07 May 2003 22:51 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Do I need SpamAssassin? > > > > > > As I understand it MS checks for spam with help from > > databases, it also uses blacklists and whitelists. Detected > > spam can be marked and delivered or deleted. Am I right so far? > > Yes, but most of the spam we receive at this site is not from RBLd sites so is missed without SA. > > > > > I would like to keep it simple so what do I need SA for? It's > > more "advanced" but what does it mean to me? Will I get a lot > > of spam without it? Is it worth the added complexity? > > It is definitely worth running SA with MS. You will get more spam without it (see comment above). > > You can pretty well install SA out of the box and run it immediately with MS without changes. You only need to set the Low/High spam socres in MS and possibly disable some/all the RBL checks that SA does. > > This site makes heavy use of local SA rules but I suspect we are in a very small minority. Perhaps rather more sites tweak the scores for some standard SA rules. > > > > > Also, the mail system I want MS in uses Exchange on the > > inside and they have anti-virus scanners for that database > > and also on every desktop. > > > > Is there any point for me to scan mail for viruses at the MTA > > (Sendmail) level as well? Isn't the virus scan more resource > > demanding than the spam and attachment checks? I'm running > > Solaris and not all companies offer scanners for that > > platform. Any advice? > > One advantage of doing A-V scanning via MailScanner on your Mail Hubs (MTA level) is that you can run each message through multiple A-V products. We currently use Sophos and McAfee with MS. This has the advantage that if one A-V product fails (database update or engine failure for example) or is not updated with a new virus signature quickly enough, there is a good chance the other A-V scanner will pick up the virus. > > Running SA is _very_ resource intensive. Just running Sendmail and MS plus one A-V product will demand more resources but not so significant that you should have to upgrade your platforms. > > We originally ran Sendmail + MS + McAfee (for A-V) on Solaris boxes. Note that Sophos also runs on Solaris. > > Our Ultra-5 boxes could not cope with the additional load of SA so we upgraded all of our Mail Hubs to generously resouced dual-processor Dell boxes and now run Linux rather than Solaris. Our MTA configuration runs Sendmail + MS + Sophos + McAfee + SA and still they are more than 50% idle. We have 18,000 users and handle more than 500,000 incoming messages per week. > > > > > Sorry for all the newbie questions but I'm really interested > > in using this. I have a chance of replacing a commercial > > Windows-based system that costs $20.000 a year in licensing > > alone and I really want to show what open source can do but > > this is new to me so I need help. Thanks. > > You can chose cheaper A-V products than we run so your only outlay then is the one-off cost of upgrading your MTA to a decently specified Intel box on which to run Linux + Sendmail (or Exim) + MS + SA + one/two A-V products. > > For example a 2.5GHz dual-processor Dell box with 2GB memory and 4 x large capacity SCSI disks will cost you less than ?5,000. Go for 4 x SCSI disks with two separate controllers so that you can use software mirroring (RAID1) for resilience; one disk of a mirror set is your system and log disk, the other disk of the mirror set is your spool disk. > > Even better if you can duplicate that configuration and run with two MTA's which become equal precedence MX hosts for your domain. This not only gives you additional site resilience but also means you should never have capacity problems for a very long time to come! > > Quentin > --- > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." From kevins at BMRB.CO.UK Thu May 8 21:28:31 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011752A1@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011752A1@pascal.priv.bmrb.co.uk> Message-ID: <1052425715.4832.19.camel@bach.kevinspicer.co.uk> >So, if I use SA can I turn off MS spam features and only use it for >attachment filtering then? Will I gain any speed by that? MailScanners spam features (apart from SA integration) are just RBL lists. Normally you would either use RBL's in MS _or_ SA (not both) - personally I favour using it within SA (That way you can use the less reliable RBLS and just assign them a low score so they contribute, but aren't the only criteria). Alternatively (if you have a big spam problem) you can set sendmail up to use the RBLS to block all mail from those addresses and turn off RBLS in MS and SA. >I don't get the scoring system either, why do I need a score? Isn't the >mail supposed to be marked as spam so the client (Outlook in my case) >can decide what to do with it? Does Outlook use the score, I haven't >used it for a while? SA passes each mail past a series of 'rules' or tests. These can be tests of the headers, common phrases or formatting tricks in the body, RBL tests, DCC Razor or Pyzor tests etc. etc. Each rule carries a score, if a mail triggers the rule then the rules score is added to the score for the mail. Therefore the higher the score the more likely a mail is spam. You pick a threshold score above which you wish to tag a mail as {SPAM?} - you can set this as low or as high as you wish (although I don't personally deviate far from the default setting of 5). >Finally, a question about performance. If I have an MTA box in a DMZ >running Bind and Sendmail (sending and receiving mail on the internet) >and the load is really light (we average about 5.000 messages/day) > would a similar box be sufficient for MS, SA and anti-virus scanning > to be placed between the MTA and Exchange? The box I'm referring to is >a Sun Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need > more CPU and/or RAM? I ran a similar load for months on a desktop Pentium 500 with 256M of RAM, running Linux with no load problems at all (that said I tend to really strip my machines back, no X or anything like that) I was also running bind but only as a caching nameserver, purely for the benefit of sendmail. So I'd guess you'd be fine. I don't see why you need to put MS on a seperate box though. Its probably easier to use your existing box since MS doesn't interfere with your sendmail configuration. One its installed you stop sendmail and start MailScanner (MailScanner will kick off sendmail with the correct command line arguments for you). If you have problems stop MailScanner and start sendmail. Easy as that. If you do have performance issues try put the mailscanner work directory in tmpfs. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mikea at MIKEA.ATH.CX Thu May 8 21:38:19 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052424364.14506.78.camel@rocco.bonivart.home>; from peter@UCGBOOK.COM on Thu, May 08, 2003 at 10:06:04PM +0200 References: <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> <1052424364.14506.78.camel@rocco.bonivart.home> Message-ID: <20030508153819.A88931@mikea.ath.cx> On Thu, May 08, 2003 at 10:06:04PM +0200, Peter Bonivart wrote: > Thanks for all the help! > > It's just that I've been lurking on this mail list for a month and the > combination of MS and SA seems to create some problems when one of them > upgrades. I thought I could save myself some trouble but all of you seem > to think SA is the way to go. I will try to read more about it. > > So, if I use SA can I turn off MS spam features and only use it for > attachment filtering then? Will I gain any speed by that? > > I don't get the scoring system either, why do I need a score? Isn't the > mail supposed to be marked as spam so the client (Outlook in my case) > can decide what to do with it? Does Outlook use the score, I haven't > used it for a while? > > Finally, a question about performance. If I have an MTA box in a DMZ > running Bind and Sendmail (sending and receiving mail on the internet) > and the load is really light (we average about 5.000 messages/day) would > a similar box be sufficient for MS, SA and anti-virus scanning to be > placed between the MTA and Exchange? The box I'm referring to is a Sun > Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need more > CPU and/or RAM? I run MS and SA on a 233 MHz P-III with 64 MBytes of RAM. The OS is FreeBSD 4.3. It sees maybe 6K E-mails per day, of which (*sigh*) about 40% are spam, and keeps up pretty well except for peaks and the rare mailbombing. It has IDE disks, which hamper it somewhat. A SunFire V120 with 550 MHz UltraSparc and 512 MBytes RAM ought to do quite nicely, and if you have a spare to donate, I'll be happy to accept it. The score is what decides whether it gets marked as spam or not. From that, MailScanner decides whether to deliver the spam to the intended recipient, to divert it to another mailbox, to bounce it, or just to drop it in the bit-bucket. See the "Spam Actions" and "High Scoring Spam Actions" lines in /opt/MailScanner/etc/MailScanner.conf. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mbowman at UDCOM.COM Thu May 8 21:37:33 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? Message-ID: FWIW. With regards to letting users do as this wish with SPAM via outlook then yes I guess they can use Outlook's not overly impressive Blocked Senders and Mail Rules tools. I'd rather a server do the tagging then pass it on. If a client was the address/domain whitelisted then its added to spam.whitelist.rules. I'd sooner have server side filtering than spend all day setting up mail rules and blocked senders list. I've got mailscanner running on a dell poweredge server with dual processors and 1gb of RAM, averaging about 12K messages/day and the load is very low. I have mrtg running locally which does slow it down but apart from that it runs like charm. Matthew mikea Sent by: MailScanner mailing list 05/08/2003 04:38 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Do I need SpamAssassin? On Thu, May 08, 2003 at 10:06:04PM +0200, Peter Bonivart wrote: > Thanks for all the help! > > It's just that I've been lurking on this mail list for a month and the > combination of MS and SA seems to create some problems when one of them > upgrades. I thought I could save myself some trouble but all of you seem > to think SA is the way to go. I will try to read more about it. > > So, if I use SA can I turn off MS spam features and only use it for > attachment filtering then? Will I gain any speed by that? > > I don't get the scoring system either, why do I need a score? Isn't the > mail supposed to be marked as spam so the client (Outlook in my case) > can decide what to do with it? Does Outlook use the score, I haven't > used it for a while? > > Finally, a question about performance. If I have an MTA box in a DMZ > running Bind and Sendmail (sending and receiving mail on the internet) > and the load is really light (we average about 5.000 messages/day) would > a similar box be sufficient for MS, SA and anti-virus scanning to be > placed between the MTA and Exchange? The box I'm referring to is a Sun > Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need more > CPU and/or RAM? I run MS and SA on a 233 MHz P-III with 64 MBytes of RAM. The OS is FreeBSD 4.3. It sees maybe 6K E-mails per day, of which (*sigh*) about 40% are spam, and keeps up pretty well except for peaks and the rare mailbombing. It has IDE disks, which hamper it somewhat. A SunFire V120 with 550 MHz UltraSparc and 512 MBytes RAM ought to do quite nicely, and if you have a spare to donate, I'll be happy to accept it. The score is what decides whether it gets marked as spam or not. From that, MailScanner decides whether to deliver the spam to the intended recipient, to divert it to another mailbox, to bounce it, or just to drop it in the bit-bucket. See the "Spam Actions" and "High Scoring Spam Actions" lines in /opt/MailScanner/etc/MailScanner.conf. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From smohan at VSNL.COM Thu May 8 21:59:00 2003 From: smohan at VSNL.COM (S Mohan) Date: Thu Jan 12 21:18:00 2006 Subject: encrypted mails handling Message-ID: <000801c315a4$ae428240$0300a8c0@rajnb> I now that there is an option to block encrypted mail in Mailscanner.conf. However, in a real environment as a service provider or as a corporate mailing system, this cannot be enforced. We will need to skip scanning and skip addition of any text by MailScanner to the body so that the message does not show up as tampered enroute. How does one achieve this? I've a mail signature rule domain-wise. Another thought: This kind of generic handling can be done if we can use any mail header in the rules file instead of just From and To. Mohan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030508/e5ba81cb/attachment.html From mikea at MIKEA.ATH.CX Thu May 8 22:04:07 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:00 2006 Subject: encrypted mails handling In-Reply-To: <000801c315a4$ae428240$0300a8c0@rajnb>; from smohan@VSNL.COM on Thu, May 08, 2003 at 04:59:00PM -0400 References: <000801c315a4$ae428240$0300a8c0@rajnb> Message-ID: <20030508160407.A89426@mikea.ath.cx> On Thu, May 08, 2003 at 04:59:00PM -0400, S Mohan wrote: > I now that there is an option to block encrypted mail in > Mailscanner.conf. However, in a real environment as a service > provider or as a corporate mailing system, this cannot be enforced. > We will need to skip scanning and skip addition of any text by > MailScanner to the body so that the message does not show up as > tampered enroute. > How does one achieve this? I've a mail signature rule domain-wise. > Another thought: This kind of generic handling can be done if we can > use any mail header in the rules file instead of just From and To. I don't recall that MailScanner has *ever* added text to a body or attachment here. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mailscanner at ecs.soton.ac.uk Thu May 8 21:59:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052424364.14506.78.camel@rocco.bonivart.home> References: <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> Message-ID: <5.2.1.1.2.20030508215613.02526c78@imap.ecs.soton.ac.uk> At 21:06 08/05/2003, you wrote: >Finally, a question about performance. If I have an MTA box in a DMZ >running Bind and Sendmail (sending and receiving mail on the internet) >and the load is really light (we average about 5.000 messages/day) would >a similar box be sufficient for MS, SA and anti-virus scanning to be >placed between the MTA and Exchange? The box I'm referring to is a Sun >Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need more >CPU and/or RAM? I have a SunFire V120 with 2GB RAM on order at the moment at work. Not sure when it is going to be delivered but no-one will notice if I hijack it to setup a speed test on it. I'll use a sendmail setup probably with SuperSafe=False, otherwise sendmail crawls. I'll put Sophos on it for the virus scanning. I will let the list know how many messages per day it should be able to handle. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 8 22:10:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: encrypted mails handling In-Reply-To: <000801c315a4$ae428240$0300a8c0@rajnb> Message-ID: <5.2.1.1.2.20030508220838.03bfa510@imap.ecs.soton.ac.uk> At 21:59 08/05/2003, you wrote: >I now that there is an option to block encrypted mail in Mailscanner.conf. >However, in a real environment as a service provider or as a corporate >mailing system, this cannot be enforced. We will need to skip scanning and >skip addition of any text by MailScanner to the body so that the message >does not show up as tampered enroute. The optional signature added to the end of a message by MailScanner should get added after the main MIME body text. So, for example, it is safe with PGP signatures and things like that. Can you give me more details of what you are trying to achieve? >How does one achieve this? I've a mail signature rule domain-wise. > >Another thought: This kind of generic handling can be done if we can use >any mail header in the rules file instead of just From and To. What sort of a rule would you like to see? The "From" and "To" options at the moment work on the envelope, not on the headers. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030508/6c0fdfd0/attachment.html From peter at UCGBOOK.COM Thu May 8 22:12:21 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052425715.4832.19.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011752A1@pascal.priv.bmrb.co.uk> <1052425715.4832.19.camel@bach.kevinspicer.co.uk> Message-ID: <1052428341.14506.88.camel@rocco.bonivart.home> On Thu, 2003-05-08 at 22:28, Kevin Spicer wrote: > >So, if I use SA can I turn off MS spam features and only use it for > >attachment filtering then? Will I gain any speed by that? > > MailScanners spam features (apart from SA integration) are just RBL > lists. Normally you would either use RBL's in MS _or_ SA (not both) - > personally I favour using it within SA (That way you can use the less > reliable RBLS and just assign them a low score so they contribute, but > aren't the only criteria). Alternatively (if you have a big spam > problem) you can set sendmail up to use the RBLS to block all mail from > those addresses and turn off RBLS in MS and SA. OK, I will only use attachment filtering then and do all spam handling in SA. > >I don't get the scoring system either, why do I need a score? Isn't the > >mail supposed to be marked as spam so the client (Outlook in my case) > >can decide what to do with it? Does Outlook use the score, I haven't > >used it for a while? > > SA passes each mail past a series of 'rules' or tests. These can be > tests of the headers, common phrases or formatting tricks in the body, > RBL tests, DCC Razor or Pyzor tests etc. etc. Each rule carries a > score, if a mail triggers the rule then the rules score is added to the > score for the mail. Therefore the higher the score the more likely a > mail is spam. You pick a threshold score above which you wish to tag a > mail as {SPAM?} - you can set this as low or as high as you wish > (although I don't personally deviate far from the default setting of 5). Thank you, that was a very good explanation. Sorry for asking another question, can you mark and deliver a message with a score of 5 and delete a message with a score of let's say 10 which is surely spam? The question is really if there's several thresholds with their own action associated? > >Finally, a question about performance. If I have an MTA box in a DMZ > >running Bind and Sendmail (sending and receiving mail on the internet) > >and the load is really light (we average about 5.000 messages/day) > > would a similar box be sufficient for MS, SA and anti-virus scanning > > to be placed between the MTA and Exchange? The box I'm referring to is > >a Sun Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need > > more CPU and/or RAM? > > I ran a similar load for months on a desktop Pentium 500 with 256M of > RAM, running Linux with no load problems at all (that said I tend to > really strip my machines back, no X or anything like that) I was also > running bind but only as a caching nameserver, purely for the benefit of > sendmail. So I'd guess you'd be fine. I don't see why you need to put > MS on a seperate box though. Its probably easier to use your existing > box since MS doesn't interfere with your sendmail configuration. One > its installed you stop sendmail and start MailScanner (MailScanner will > kick off sendmail with the correct command line arguments for you). If > you have problems stop MailScanner and start sendmail. Easy as that. > If you do have performance issues try put the mailscanner work directory > in tmpfs. I want to keep the boxes available from the outside as simple as possible to get the best uptimes and easiest upgrading for good security. The box between the MTA and Exchange is on the inside and can be more complex needing more upgrades and so on. From mike at CAMAROSS.NET Thu May 8 22:14:42 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <5.2.1.1.2.20030508215613.02526c78@imap.ecs.soton.ac.uk> Message-ID: <000401c315a6$d851f4b0$9b01a8c0@home.middlefinger.net> I can run more than 20,000/day on a Proliant 1850R with dual PIII-600's and a gig of RAM and not break a sweat. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Thursday, May 08, 2003 4:00 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Do I need SpamAssassin? > > > At 21:06 08/05/2003, you wrote: > >Finally, a question about performance. If I have an MTA box in a DMZ > >running Bind and Sendmail (sending and receiving mail on the > internet) > >and the load is really light (we average about 5.000 messages/day) > >would a similar box be sufficient for MS, SA and anti-virus > scanning to > >be placed between the MTA and Exchange? The box I'm > referring to is a > >Sun Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need > >more CPU and/or RAM? > > I have a SunFire V120 with 2GB RAM on order at the moment at > work. Not sure when it is going to be delivered but no-one > will notice if I hijack it to setup a speed test on it. > > I'll use a sendmail setup probably with SuperSafe=False, > otherwise sendmail crawls. I'll put Sophos on it for the > virus scanning. I will let the list know how many messages > per day it should be able to handle. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From mailscanner at ecs.soton.ac.uk Thu May 8 22:17:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052428341.14506.88.camel@rocco.bonivart.home> References: <1052425715.4832.19.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB0011752A1@pascal.priv.bmrb.co.uk> <1052425715.4832.19.camel@bach.kevinspicer.co.uk> Message-ID: <5.2.1.1.2.20030508221447.02529430@imap.ecs.soton.ac.uk> At 22:12 08/05/2003, you wrote: >Thank you, that was a very good explanation. Sorry for asking another >question, can you mark and deliver a message with a score of 5 and >delete a message with a score of let's say 10 which is surely spam? The >question is really if there's several thresholds with their own action >associated? There are 2 thresholds built-in, with different sets of actions for mail exceeding each of the 2 thresholds. If you want more than 2 thresholds, you can implement it very simply using a Custom Function in CustomConfig.pm. 2 thresholds is enough for most people. So you would need to set Required SpamAssassin Score = 5 High SpamAssassin Score = 10 Spam Actions = deliver High Scoring Spam Actions = delete Spam Modify Subject = yes Spam Subject Text = {Spam?} -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From ree at THUNDERSTAR.NET Thu May 8 14:31:51 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: Dear All, Just wondering if anyone out there has any suggestions for improving/tweaking SpamAssassin (2.53) settings -- I am running MailScanner & SpamAssassin 2.53 but still getting a fair amount of spam not over the default score of 5, or sometimes even with a negative score. I'm running a pretty busy system that handles about 15-20k messages per day. I have tried lowering the score threshold but of course then I get more false positives. I've seen mention that SpamAssassin 2.60 is much improved but I hesitate to use it at this point. One idea I had was enabling Vipul's Razor, but I've never used it. Any input would be of interest. Thanks! -Ron From ree at THUNDERSTAR.NET Thu May 8 16:23:17 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: Message-ID: On Thu, 8 May 2003, Gerry Doris wrote: > On Thu, 8 May 2003, Ron E. wrote: > > > Dear All, > > > > Just wondering if anyone out there has any suggestions for > > improving/tweaking SpamAssassin (2.53) settings -- I am running > > MailScanner & SpamAssassin 2.53 but still getting a fair amount of spam > > not over the default score of 5, or sometimes even with a negative score. > > > > I'm running a pretty busy system that handles about 15-20k messages per > > day. > > > > I have tried lowering the score threshold but of course then I get more > > false positives. I've seen mention that SpamAssassin 2.60 is much improved > > but I hesitate to use it at this point. > > > > One idea I had was enabling Vipul's Razor, but I've never used it. Any > > input would be of interest. > > > > Thanks! > > > > -Ron > > I'd install razor and dcc. They're both trival to install and > spamassassin uses them automagically if they're available. They can give > a large hit to spam (I've seen 1-3 points each) which can really separate > the spam and ham! I also haven't noticed any false positives from these > services. > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > That sounds pretty good, Gerry -- I just have one question - is there any risk with either one of these of rejecting legitimate mail? That is one reason why I don't have the various RBLs enabled.... Thanks! -Ron From ree at THUNDERSTAR.NET Thu May 8 19:25:30 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:00 2006 Subject: Urgent: MailScanner apparently stopped processing... Message-ID: I'm hoping someone can shed some light on this one - recently I had MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, abruptly stop processing mail. I only happened to notice as the only indication was that no mail was passing through to my internal mail/pop servers, etc. When I checked the maillog I found only entries from the postfix demon that receives incoming mail, nothing from MailScanner or the postfix demon that then delivers what MailScanner gives it. All processes including the MailScanner processes were running - in fact, MailScanner was using a majority of cpu time. I tried manually starting up MailScanner and found that this fact of "MailScanner starting" and "xxx messages found to be scanned" did show up in the maillog, however, no other change, mail did not start to flow. I finally restarted the server and then everything started to move. So, based on this I have a few questions: 1. Any ideas why this happened and how can I prevent it and also does anyone have any scripts out there that detect this kindof thing and then cleanly shut down mailscanner and restart it? 2. I realized I don't even know how to cleanly shut down MailScanner manually. This may seem a stupid question but if someone could answer it that would be great. 3. I noticed that one of my postfixes (the one that handles the incoming smtp traffic) is logging in UTC instead of my timezone, while MailScanner and the other postfix is in my timezone. The config files for the postfixes are nearly identical - anyone know how to fix this? 4. I have an error message repeatedly showing up in the maillog that I have been unable to discover the cause of. It is: smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx Thanks in advance. -Ron From mailscanner at ecs.soton.ac.uk Thu May 8 22:20:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <000401c315a6$d851f4b0$9b01a8c0@home.middlefinger.net> References: <5.2.1.1.2.20030508215613.02526c78@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030508221941.03bf7138@imap.ecs.soton.ac.uk> At 22:14 08/05/2003, you wrote: >I can run more than 20,000/day on a Proliant 1850R with dual PIII-600's and a >gig of RAM and not break a sweat. Would you like to add a section to the Faq-o-matic containing all these performance test results? Then we can easily keep the results together in one place so they are more easily found than searching the list archives. Thanks! > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > > Sent: Thursday, May 08, 2003 4:00 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Do I need SpamAssassin? > > > > > > At 21:06 08/05/2003, you wrote: > > >Finally, a question about performance. If I have an MTA box in a DMZ > > >running Bind and Sendmail (sending and receiving mail on the > > internet) > > >and the load is really light (we average about 5.000 messages/day) > > >would a similar box be sufficient for MS, SA and anti-virus > > scanning to > > >be placed between the MTA and Exchange? The box I'm > > referring to is a > > >Sun Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need > > >more CPU and/or RAM? > > > > I have a SunFire V120 with 2GB RAM on order at the moment at > > work. Not sure when it is going to be delivered but no-one > > will notice if I hijack it to setup a speed test on it. > > > > I'll use a sendmail setup probably with SuperSafe=False, > > otherwise sendmail crawls. I'll put Sophos on it for the > > virus scanning. I will let the list know how many messages > > per day it should be able to handle. > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From peter at UCGBOOK.COM Thu May 8 22:49:48 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <5.2.1.1.2.20030508215613.02526c78@imap.ecs.soton.ac.uk> References: <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> <52E50E4D595DDE4D861117A1FB62E79D3DBCE3@bond.ncl.ac.uk> <5.2.1.1.2.20030508215613.02526c78@imap.ecs.soton.ac.uk> Message-ID: <1052430587.14507.98.camel@rocco.bonivart.home> This list is really good! Quick and friendly answers. Anyone watching the qmail list..? ;-) Thanks for publishing speed tests. I was just wondering about disabling supersafe, isn't that a little too risky? Is it common to tune Sendmail like that? Could you perhaps test with and without supersafe? And with and without SA? And with and without anti-virus? That would be extremely interesting to see what really is hogging the resources. On Thu, 2003-05-08 at 22:59, Julian Field wrote: > At 21:06 08/05/2003, you wrote: > >Finally, a question about performance. If I have an MTA box in a DMZ > >running Bind and Sendmail (sending and receiving mail on the internet) > >and the load is really light (we average about 5.000 messages/day) would > >a similar box be sufficient for MS, SA and anti-virus scanning to be > >placed between the MTA and Exchange? The box I'm referring to is a Sun > >Fire V120 with 550 MHz UltraSparc-II and 512 MB RAM. Will I need more > >CPU and/or RAM? > > I have a SunFire V120 with 2GB RAM on order at the moment at work. Not sure > when it is going to be delivered but no-one will notice if I hijack it to > setup a speed test on it.MAILSCANNER@JISCMAIL.AC.UK > > I'll use a sendmail setup probably with SuperSafe=False, otherwise sendmail > crawls. I'll put Sophos on it for the virus scanning. I will let the list > know how many messages per day it should be able to handle. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Thu May 8 22:56:04 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:00 2006 Subject: Do I need SpamAssassin? In-Reply-To: <1052430587.14507.98.camel@rocco.bonivart.home> Message-ID: Hi! > Could you perhaps test with and without supersafe? And with and without > SA? And with and without anti-virus? That would be extremely interesting > to see what really is hogging the resources. I allready tested this, for sendmail supersafe is really tearing down performance. As most mailscanners as just in-out-scanner boxes there is very little effort in running with supersafe enabled. Bye, Raymond. From mike at CAMAROSS.NET Thu May 8 23:31:08 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: Message-ID: <000401c315b1$85b76810$9b01a8c0@home.middlefinger.net> I just installed DCC yesterday and am already seeing improved results. You might give that a shot. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > Sent: Thursday, May 08, 2003 8:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: spamassassin 2.53 & MailScanner > > > Dear All, > > Just wondering if anyone out there has any suggestions for > improving/tweaking SpamAssassin (2.53) settings -- I am > running MailScanner & SpamAssassin 2.53 but still getting a > fair amount of spam not over the default score of 5, or > sometimes even with a negative score. > > I'm running a pretty busy system that handles about 15-20k > messages per day. > > I have tried lowering the score threshold but of course then > I get more false positives. I've seen mention that > SpamAssassin 2.60 is much improved but I hesitate to use it > at this point. > > One idea I had was enabling Vipul's Razor, but I've never > used it. Any input would be of interest. > > Thanks! > > -Ron > From marco at MUW.EDU Fri May 9 00:23:11 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:00 2006 Subject: Trouble with Redhat 9 In-Reply-To: References: Message-ID: <1052436190.3ebae6df0060a@webmail.MUW.Edu> Hello all, Has anyone run into trouble installing Perl Modules on Redhat 9? I have a freshly installed machine with Redhat 9. I am not able to install any modules from CPAN using: perl -MCPAN -e shell o conf prerequisites_policy ask install module::name The common error is this: Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' I checked and pod2man is in the PATH. Is this an issue with Redhat 9? Thank you for any hints Marco This is an example when I tried to install Net::SSLeay: ******************************************************* cpan> install Net::SSLeay Running install for module Net::SSLeay Running make for S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz Checksum for /root/.cpan/sources/authors/id/S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz ok Net_SSLeay.pm-1.22/ Net_SSLeay.pm-1.22/ptrcasttst.c Net_SSLeay.pm-1.22/MANIFEST Net_SSLeay.pm-1.22/RECIPE.Win32 Net_SSLeay.pm-1.22/Changes Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/ Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Makefile.PL Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/MANIFEST Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/test.pl Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Handle.pm Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Changes Net_SSLeay.pm-1.22/examples/ Net_SSLeay.pm-1.22/examples/get_page.pl Net_SSLeay.pm-1.22/examples/bio.pl Net_SSLeay.pm-1.22/examples/makecert.pl Net_SSLeay.pm-1.22/examples/cb-testi.pl Net_SSLeay.pm-1.22/examples/ephemeral.pl Net_SSLeay.pm-1.22/examples/cli-cert.pl Net_SSLeay.pm-1.22/examples/bulk.pl Net_SSLeay.pm-1.22/examples/get_page_cert.pl Net_SSLeay.pm-1.22/examples/req.conf Net_SSLeay.pm-1.22/examples/sslecho.pl Net_SSLeay.pm-1.22/examples/https-proxy-snif.pl Net_SSLeay.pm-1.22/examples/ssl_diff.pl Net_SSLeay.pm-1.22/examples/sslcat.pl Net_SSLeay.pm-1.22/examples/get_authenticated_page.pl Net_SSLeay.pm-1.22/examples/passwd-cb.pl Net_SSLeay.pm-1.22/examples/ssl-inetd-serv.pl Net_SSLeay.pm-1.22/examples/minicli.pl Net_SSLeay.pm-1.22/examples/stdio_bulk.pl Net_SSLeay.pm-1.22/examples/callback.pl Net_SSLeay.pm-1.22/examples/server_key.pem Net_SSLeay.pm-1.22/SSLeay.pm Net_SSLeay.pm-1.22/.rnd Net_SSLeay.pm-1.22/README Net_SSLeay.pm-1.22/SSLeay.xs Net_SSLeay.pm-1.22/test.pl Net_SSLeay.pm-1.22/Makefile.PL Net_SSLeay.pm-1.22/QuickRef Net_SSLeay.pm-1.22/README.Win32 Net_SSLeay.pm-1.22/ptrtstrun.pl Net_SSLeay.pm-1.22/Credits Net_SSLeay.pm-1.22/typemap Removing previously used /root/.cpan/build/Net_SSLeay.pm-1.22 CPAN.pm: Going to build S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz Checking for OpenSSL-0.9.6g or newer... You have OpenSSL-0.9.7a installed in /usr That's is newer than what this module was tested with (0.9.6g). You should consider checking if there is a newer release of this module available. Everything will probably work OK, though. *** Could not figure out which C compiler was used to compile /usr/bin/openssl. It is essentiall that OpenSSL, perl, and Net::SSLeay are compiled with the same compiler and flags. Mixing and matching compilers is not supported. at Makefile.PL line 132. Checking if your kit is complete... Looks good Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Net::SSLeay::Handle Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Net::SSLeay Makefile:88: *** missing separator. Stop. /usr/bin/make -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible ***************************************************************************** _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From andy.wright at BARDSEY.DEMON.CO.UK Fri May 9 00:44:21 2003 From: andy.wright at BARDSEY.DEMON.CO.UK (Andy Wright) Date: Thu Jan 12 21:18:00 2006 Subject: Trouble with Redhat 9 In-Reply-To: <1052436190.3ebae6df0060a@webmail.MUW.Edu> Message-ID: I had the same problems, and I think I solved it by changing the lang setting. (It seems Redhat 9 has problems with UTF-8). Try.... LANG=en_US export $LANG Andy. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk]On Behalf Of Marco Obaid Sent: 09 May 2003 00:23 To: MAILSCANNER@jiscmail.ac.uk Subject: Trouble with Redhat 9 Hello all, Has anyone run into trouble installing Perl Modules on Redhat 9? I have a freshly installed machine with Redhat 9. I am not able to install any modules from CPAN using: perl -MCPAN -e shell o conf prerequisites_policy ask install module::name The common error is this: Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' I checked and pod2man is in the PATH. Is this an issue with Redhat 9? Thank you for any hints Marco This is an example when I tried to install Net::SSLeay: ******************************************************* cpan> install Net::SSLeay Running install for module Net::SSLeay Running make for S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz Checksum for /root/.cpan/sources/authors/id/S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz ok Net_SSLeay.pm-1.22/ Net_SSLeay.pm-1.22/ptrcasttst.c Net_SSLeay.pm-1.22/MANIFEST Net_SSLeay.pm-1.22/RECIPE.Win32 Net_SSLeay.pm-1.22/Changes Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/ Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Makefile.PL Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/MANIFEST Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/test.pl Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Handle.pm Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Changes Net_SSLeay.pm-1.22/examples/ Net_SSLeay.pm-1.22/examples/get_page.pl Net_SSLeay.pm-1.22/examples/bio.pl Net_SSLeay.pm-1.22/examples/makecert.pl Net_SSLeay.pm-1.22/examples/cb-testi.pl Net_SSLeay.pm-1.22/examples/ephemeral.pl Net_SSLeay.pm-1.22/examples/cli-cert.pl Net_SSLeay.pm-1.22/examples/bulk.pl Net_SSLeay.pm-1.22/examples/get_page_cert.pl Net_SSLeay.pm-1.22/examples/req.conf Net_SSLeay.pm-1.22/examples/sslecho.pl Net_SSLeay.pm-1.22/examples/https-proxy-snif.pl Net_SSLeay.pm-1.22/examples/ssl_diff.pl Net_SSLeay.pm-1.22/examples/sslcat.pl Net_SSLeay.pm-1.22/examples/get_authenticated_page.pl Net_SSLeay.pm-1.22/examples/passwd-cb.pl Net_SSLeay.pm-1.22/examples/ssl-inetd-serv.pl Net_SSLeay.pm-1.22/examples/minicli.pl Net_SSLeay.pm-1.22/examples/stdio_bulk.pl Net_SSLeay.pm-1.22/examples/callback.pl Net_SSLeay.pm-1.22/examples/server_key.pem Net_SSLeay.pm-1.22/SSLeay.pm Net_SSLeay.pm-1.22/.rnd Net_SSLeay.pm-1.22/README Net_SSLeay.pm-1.22/SSLeay.xs Net_SSLeay.pm-1.22/test.pl Net_SSLeay.pm-1.22/Makefile.PL Net_SSLeay.pm-1.22/QuickRef Net_SSLeay.pm-1.22/README.Win32 Net_SSLeay.pm-1.22/ptrtstrun.pl Net_SSLeay.pm-1.22/Credits Net_SSLeay.pm-1.22/typemap Removing previously used /root/.cpan/build/Net_SSLeay.pm-1.22 CPAN.pm: Going to build S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz Checking for OpenSSL-0.9.6g or newer... You have OpenSSL-0.9.7a installed in /usr That's is newer than what this module was tested with (0.9.6g). You should consider checking if there is a newer release of this module available. Everything will probably work OK, though. *** Could not figure out which C compiler was used to compile /usr/bin/openssl. It is essentiall that OpenSSL, perl, and Net::SSLeay are compiled with the same compiler and flags. Mixing and matching compilers is not supported. at Makefile.PL line 132. Checking if your kit is complete... Looks good Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Net::SSLeay::Handle Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Net::SSLeay Makefile:88: *** missing separator. Stop. /usr/bin/make -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible **************************************************************************** * _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From jurness at TOMSAWYER.COM Fri May 9 00:48:48 2003 From: jurness at TOMSAWYER.COM (John Urness) Date: Thu Jan 12 21:18:00 2006 Subject: config Error: Cannot match against destination IP Message-ID: Hi, I am getting this error from MailScanner in the syslog: mailscanner[6739]: Config Error: Cannot match against destination IP address when resolving configuration option "spamwhitelist" I have 4.14-9 and spamassassin 2.60. This is running an a Solaris 5.8 box with sendmail 8.12.9. I killed spamassassin thinking it was the problem, but I get the error weather or not the spamd is running. There is no reference to "spamwhitelist" in the mailscanner.conf file. Also notice a funning thing in the error: there are two spaces between "against" and "destination". I thought that clue would help me find the source of this error, but alas... Any ideas? John Urness System Administrator Tom Sawyer Software www.tomsawyer.com From gerry at DORFAM.CA Fri May 9 01:07:14 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: Message-ID: On Thu, 8 May 2003, Ron E. wrote: > Dear All, > > Just wondering if anyone out there has any suggestions for > improving/tweaking SpamAssassin (2.53) settings -- I am running > MailScanner & SpamAssassin 2.53 but still getting a fair amount of spam > not over the default score of 5, or sometimes even with a negative score. > > I'm running a pretty busy system that handles about 15-20k messages per > day. > > I have tried lowering the score threshold but of course then I get more > false positives. I've seen mention that SpamAssassin 2.60 is much improved > but I hesitate to use it at this point. > > One idea I had was enabling Vipul's Razor, but I've never used it. Any > input would be of interest. > > Thanks! > > -Ron I'd install razor and dcc. They're both trival to install and spamassassin uses them automagically if they're available. They can give a large hit to spam (I've seen 1-3 points each) which can really separate the spam and ham! I also haven't noticed any false positives from these services. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Fri May 9 01:51:20 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: References: Message-ID: <1052441479.1394.12.camel@jaguar.dorfam.ca> On Thu, 2003-05-08 at 11:23, Ron E. wrote: > On Thu, 8 May 2003, Gerry Doris wrote: > > > On Thu, 8 May 2003, Ron E. wrote: > > > > > Dear All, > > > > > > Just wondering if anyone out there has any suggestions for > > > improving/tweaking SpamAssassin (2.53) settings -- I am running > > > MailScanner & SpamAssassin 2.53 but still getting a fair amount of spam > > > not over the default score of 5, or sometimes even with a negative score. > > > > > > I'm running a pretty busy system that handles about 15-20k messages per > > > day. > > > > > > I have tried lowering the score threshold but of course then I get more > > > false positives. I've seen mention that SpamAssassin 2.60 is much improved > > > but I hesitate to use it at this point. > > > > > > One idea I had was enabling Vipul's Razor, but I've never used it. Any > > > input would be of interest. > > > > > > Thanks! > > > > > > -Ron > > > > I'd install razor and dcc. They're both trival to install and > > spamassassin uses them automagically if they're available. They can give > > a large hit to spam (I've seen 1-3 points each) which can really separate > > the spam and ham! I also haven't noticed any false positives from these > > services. > > > > -- > > Gerry > > > > "The lyfe so short, the craft so long to learne" Chaucer > > > > That sounds pretty good, Gerry -- I just have one question - is there any > risk with either one of these of rejecting legitimate mail? > > That is one reason why I don't have the various RBLs enabled.... > > Thanks! > > -Ron No risk. SpamAssassin/razor/dcc only score messages. They don't delete/reject anything. Once the total score breaks over a preset threshold it's flagged as spam. What to do with these messages is left up to the admin/user. By the way, when RBL's are used with either MailScanner or SpamAssassin (don't use them with both!) they also are used only for scoring. They don't reject/block messages. I believe using them with sendmail will actually reject the message but that isn't what happens when called from MailScanner/Spamassassin. The problem is that some of the RBL's are a little suspect and may score a ham message enough to have it flagged as spam ie a false positive. -- Gerry Doris From mailscanner at ecs.soton.ac.uk Fri May 9 01:54:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: config Error: Cannot match against destination IP In-Reply-To: Message-ID: <5.2.1.1.2.20030509015201.023192e0@imap.ecs.soton.ac.uk> At 00:48 09/05/2003, you wrote: >Hi, >I am getting this error from MailScanner in the syslog: > >mailscanner[6739]: Config Error: Cannot match against destination IP >address when resolving configuration option "spamwhitelist" > >I have 4.14-9 and spamassassin 2.60. > >This is running an a Solaris 5.8 box with sendmail 8.12.9. I killed >spamassassin thinking it was the problem, but I get the error weather or >not the spamd is running. > >There is no reference to "spamwhitelist" in the mailscanner.conf file. The reason for that is that MailScanner (probably incorrectly) gives you the internal name of the option that caused the error, not the external name. It is referring to your "Is Definitely Not Spam" setting. What you have done is put an IP address-based rule in the ruleset, and you are matching it with "FromOrTo:" or "To:". You can only match IP addresses that the message came *From*, not where it is going "To". The simple reason for that is you don't know the destination IP address until you have delivered the message, there is no way of accurately predicting it. >Also notice a funning thing in the error: there are two spaces >between "against" and "destination". I thought that clue would help me >find the source of this error, but alas... > >Any ideas? > >John Urness >System Administrator >Tom Sawyer Software >www.tomsawyer.com -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Fri May 9 01:58:18 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: Message-ID: <000e01c315c6$165e69e0$9b01a8c0@home.middlefinger.net> I use multiple RBL's on all of my servers. In the rare event that a legitimate email is blocked, the affected sender may contact the intended recipient who then contacts me for help. At that point, I try to educate the sender AND their email admin of the problems on their end. I usually give them two weeks before I remove their entry from my access file. If enough users lean on their email admins to fix their holes and get off the RBL's, maybe there will be a few less spams in the world. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > Sent: Thursday, May 08, 2003 10:23 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spamassassin 2.53 & MailScanner > > > On Thu, 8 May 2003, Gerry Doris wrote: > > > On Thu, 8 May 2003, Ron E. wrote: > > > > > Dear All, > > > > > > Just wondering if anyone out there has any suggestions for > > > improving/tweaking SpamAssassin (2.53) settings -- I am running > > > MailScanner & SpamAssassin 2.53 but still getting a fair > amount of > > > spam not over the default score of 5, or sometimes even with a > > > negative score. > > > > > > I'm running a pretty busy system that handles about > 15-20k messages > > > per day. > > > > > > I have tried lowering the score threshold but of course > then I get > > > more false positives. I've seen mention that SpamAssassin 2.60 is > > > much improved but I hesitate to use it at this point. > > > > > > One idea I had was enabling Vipul's Razor, but I've never > used it. > > > Any input would be of interest. > > > > > > Thanks! > > > > > > -Ron > > > > I'd install razor and dcc. They're both trival to install and > > spamassassin uses them automagically if they're available. > They can > > give a large hit to spam (I've seen 1-3 points each) which > can really > > separate the spam and ham! I also haven't noticed any > false positives > > from these services. > > > > -- > > Gerry > > > > "The lyfe so short, the craft so long to learne" Chaucer > > > > That sounds pretty good, Gerry -- I just have one question - > is there any risk with either one of these of rejecting > legitimate mail? > > That is one reason why I don't have the various RBLs enabled.... > > Thanks! > > -Ron > From henker at SHCOM.US Fri May 9 02:09:16 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <1052441479.1394.12.camel@jaguar.dorfam.ca> References: <1052441479.1394.12.camel@jaguar.dorfam.ca> Message-ID: On Thu, 8 May 2003, Gerry Doris wrote: > don't reject/block messages. I believe using them with sendmail will > actually reject the message but that isn't what happens when called from > MailScanner/Spamassassin. > The problem is that some of the RBL's are a little suspect and may score > a ham message enough to have it flagged as spam ie a false positive. Yep, I guess every admin has to figure out which RBL to use and which to avoid. I've been using list.dsbl.org, sbl.spamhaus.org and relays.ordb.org for 6 months - so far, I got ONE complaint from a user. That user had a dial-up-account that was blacklisted as an open relay. He disconnected, reconnected, got a new IP and could send emails again. Regards, Steffan From mike at CAMAROSS.NET Fri May 9 04:10:41 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:00 2006 Subject: spam: block it or tag it? In-Reply-To: Message-ID: <001c01c315d8$92f4c5a0$9b01a8c0@home.middlefinger.net> I don't block these bastids at my firewalls. I'd rather them see in their logs that their connection to my boxes was explicitly REJECTED...whether it be by one of the RBL's or just my access file. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson > Sent: Thursday, May 08, 2003 9:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: spam: block it or tag it? > > > Gang, > I don't hesitate to use sendmail RBLs, the Discard mailer, > and local IP/domain/spammer sendmail access-deny lists. I > seldom get complaints about legit blocked email. I've used > RBL+ for over two years, spamcop.net for over a year, > spamhaus.org for 3 or 4 months. Of these, spamcop is the best > and blocks the most spam. > > This week, I looked thru my syslogs at the email tagged by > the Discard mailer. I seldom add sites to the Discard list, > and very judiciously. Most of the domains in my Discard list > have been there for months. Those sites that have been > hitting my machine steadily for the past month got > "promoted". I studied the IP number and/or netblocks of > these domains, and then added them to my ipfilter settings as > IP-level blocks. The mailer software at these domains now > see my mail server as down -- not a peep of response, no > connection, nada. FYI, here are the netblocks that got > promoted to ipfilter blockage: > > #---block chronic spam sites > #---doubleclick.net > block in quick on hme0 proto tcp from 216.73.80.0/20 to any > port = 25 #---mindshare design, mb00.net block in quick on > hme0 proto tcp from 216.39.112.0/20 to any port = 25 > #---flowgo.com block in quick on hme0 proto tcp from > 12.129.205.0/24 to any port = 25 #---dartmail.net block in > quick on hme0 proto tcp from 146.82.220.0/24 to any port = 25 > #---sendmoreinfo.com block in quick on hme0 proto tcp from > 65.168.206.0/24 to any port = 25 #---crushlink.com block in > quick on hme0 proto tcp from 129.250.134.0/24 to any port = > 25 #---yourmailsource.com block in quick on hme0 proto tcp > from 216.109.73.35 to any port = 25 > > May they rot in hell. > > Yes, I also use the spam tagging (score=4) and high-spam > discard (score=8) features of MailScanner. Still, the spam comes... > > --- Jeff Earickson > Colby College > > On Fri, 9 May 2003, Steffan Henke wrote: > > > Date: Fri, 9 May 2003 03:09:16 +0200 > > From: Steffan Henke > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: spamassassin 2.53 & MailScanner > > > > On Thu, 8 May 2003, Gerry Doris wrote: > > > > > don't reject/block messages. I believe using them with sendmail > > > will actually reject the message but that isn't what happens when > > > called from MailScanner/Spamassassin. The problem is that some of > > > the RBL's are a little suspect and may score a ham > message enough to > > > have it flagged as spam ie a false positive. > > > > Yep, I guess every admin has to figure out which RBL to use > and which > > to avoid. I've been using list.dsbl.org, sbl.spamhaus.org and > > relays.ordb.org for 6 months - so far, I got ONE complaint from a > > user. That user had a dial-up-account that was blacklisted > as an open > > relay. He disconnected, reconnected, got a new IP and could send > > emails again. > > > > > > Regards, > > > > Steffan > > > From kevins at BMRB.CO.UK Fri May 9 08:06:58 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> Message-ID: <1052464022.4934.9.camel@bach.kevinspicer.co.uk> >By the way, when RBL's are used with either MailScanner or SpamAssassin >(don't use them with both!) they also are used only for scoring. They >don't reject/block messages. I believe using them with sendmail will >actually reject the message but that isn't what happens when called >from MailScanner/Spamassassin. That wasn't quite my understanding... I'm pretty sure that... RBLS with sendmail reject mail (as you said.) On a busy server choosing a good RBL to use with sendmail can be very worthwhile since the mails are blocked before being received in full, which saves cpu cycles and bandwidth. RBLs with SpamAssassin just contribute to the scores. Incidentally, the fact that some RBLs are better than others is reflected in the scores that SA gives each of them - if worried about this causing false positives then just tweak the scores a bit lower. RBLs with MailScanner simply switch the SPAM flag on, match one RBL and your mail is tagged as SPAM. IMHO using RBLS directly within MailScanner is only useful if you don't have SA installed. I use razor2, DCC and pyzor, as well as RBLS within SA, The hardest part of the install was setting up appropriate firewall rules to allow DCC etc. out (and even that is trivial once you find out the port numbers). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From jaearick at COLBY.EDU Fri May 9 03:37:16 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:00 2006 Subject: spam: block it or tag it? In-Reply-To: References: <1052441479.1394.12.camel@jaguar.dorfam.ca> Message-ID: Gang, I don't hesitate to use sendmail RBLs, the Discard mailer, and local IP/domain/spammer sendmail access-deny lists. I seldom get complaints about legit blocked email. I've used RBL+ for over two years, spamcop.net for over a year, spamhaus.org for 3 or 4 months. Of these, spamcop is the best and blocks the most spam. This week, I looked thru my syslogs at the email tagged by the Discard mailer. I seldom add sites to the Discard list, and very judiciously. Most of the domains in my Discard list have been there for months. Those sites that have been hitting my machine steadily for the past month got "promoted". I studied the IP number and/or netblocks of these domains, and then added them to my ipfilter settings as IP-level blocks. The mailer software at these domains now see my mail server as down -- not a peep of response, no connection, nada. FYI, here are the netblocks that got promoted to ipfilter blockage: #---block chronic spam sites #---doubleclick.net block in quick on hme0 proto tcp from 216.73.80.0/20 to any port = 25 #---mindshare design, mb00.net block in quick on hme0 proto tcp from 216.39.112.0/20 to any port = 25 #---flowgo.com block in quick on hme0 proto tcp from 12.129.205.0/24 to any port = 25 #---dartmail.net block in quick on hme0 proto tcp from 146.82.220.0/24 to any port = 25 #---sendmoreinfo.com block in quick on hme0 proto tcp from 65.168.206.0/24 to any port = 25 #---crushlink.com block in quick on hme0 proto tcp from 129.250.134.0/24 to any port = 25 #---yourmailsource.com block in quick on hme0 proto tcp from 216.109.73.35 to any port = 25 May they rot in hell. Yes, I also use the spam tagging (score=4) and high-spam discard (score=8) features of MailScanner. Still, the spam comes... --- Jeff Earickson Colby College On Fri, 9 May 2003, Steffan Henke wrote: > Date: Fri, 9 May 2003 03:09:16 +0200 > From: Steffan Henke > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spamassassin 2.53 & MailScanner > > On Thu, 8 May 2003, Gerry Doris wrote: > > > don't reject/block messages. I believe using them with sendmail will > > actually reject the message but that isn't what happens when called from > > MailScanner/Spamassassin. > > The problem is that some of the RBL's are a little suspect and may score > > a ham message enough to have it flagged as spam ie a false positive. > > Yep, I guess every admin has to figure out which RBL to use and which to > avoid. I've been using list.dsbl.org, sbl.spamhaus.org and relays.ordb.org > for 6 months - so far, I got ONE complaint from a user. That user had a > dial-up-account that was blacklisted as an open relay. He disconnected, > reconnected, got a new IP and could send emails again. > > > Regards, > > Steffan > From radislav.vrnata at PORCELA.CZ Fri May 9 08:41:57 2003 From: radislav.vrnata at PORCELA.CZ (Radislav Vrnata) Date: Thu Jan 12 21:18:00 2006 Subject: noticeheading string, filename.rules.conf Message-ID: <3EBB77E5.10962.9D28D0@localhost> Hi, I have still problem on RH 8.0, MailScanner 4.20-3 with NoticeHeading string for non english language version: The following e-mail messages were found to have viruses in them: ### This text is from ../en/languages.conf instead of ../cz/languages.conf which I have in my MailScanner.conf ### ... Sender: inventionchannel@your-picks.com ... Cele hlavicky jsou: ### This text is correctly from ../cz/languages.conf ### Return-Path: ... And I have another question. filename.rules.conf file contains text, which is well translate. Is it possible by default place this file in ../reports/"language" ? Radislav. From mailscanner at ecs.soton.ac.uk Fri May 9 08:38:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <1052464022.4934.9.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> Message-ID: <5.2.0.9.2.20030509083619.03497038@imap.ecs.soton.ac.uk> At 08:06 09/05/2003, you wrote: >IMHO using RBLS directly within >MailScanner is only useful if you don't have SA installed. I would probably agree with you there. If I had come across SpamAssassin when I wrote the MailScanner RBL code, I doubt I would have bothered writing it. I still find it comes in useful sometimes though, as otherwise I would probably have to tweak the SpamAssassin scores for the RBLs I use high enough to always trap messages. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 9 08:46:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: Message-ID: <5.2.0.9.2.20030509083940.04309d40@imap.ecs.soton.ac.uk> At 19:25 08/05/2003, you wrote: >I'm hoping someone can shed some light on this one - recently I had >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, >abruptly stop processing mail. > >I only happened to notice as the only indication was that no mail was >passing through to my internal mail/pop servers, etc. > >When I checked the maillog I found only entries from the postfix demon >that receives incoming mail, nothing from MailScanner or the postfix demon >that then delivers what MailScanner gives it. All processes including the >MailScanner processes were running - in fact, MailScanner was using a >majority of cpu time. I tried manually starting up MailScanner and found >that this fact of "MailScanner starting" and "xxx messages found to be >scanned" did show up in the maillog, however, no other change, mail did >not start to flow. > >I finally restarted the server and then everything started to move. But was it scanning after you restarted? Have you use redhat-switchmail-nox to set which email system RedHat thinks it is trying to run? >So, based on this I have a few questions: > >1. Any ideas why this happened and how can I prevent it and also does >anyone have any scripts out there that detect this kindof thing and then >cleanly shut down mailscanner and restart it? > >2. I realized I don't even know how to cleanly shut down MailScanner >manually. This may seem a stupid question but if someone could answer it >that would be great. service MailScanner stop You can do "service MailScanner" to get a list of the command options you can give it. Does "service MailScanner start" work cleanly, or does it output any errors? >4. I have an error message repeatedly showing up in the maillog that I >have been unable to discover the cause of. It is: >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx For some reason it thinks one of your incoming queue files is corrupt. It needs to be able to find the sender and recipient addresses, and the last hop IP address, in the file it lifts from the queue. Can you send me one of the files from /var/spool/postfix.in/deferred that exhibits this problem. Then I can improve the Postfix parser to stop it happening again. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From paul.hamilton at sme-ecom.co.uk Fri May 9 09:41:52 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:18:00 2006 Subject: Spamassassin & RBL's Message-ID: <000901c31606$d92c9ba0$fc32000a@4> Hi all, We've been trying to get our head around defining the use of RBL's in Spamassassin and just need some reassurance of how we go about it. Do we need to define additional RBL's in /usr/share/spamassassin/50_scores.cf.? Currently we have the following defined: score RCVD_IN_BL_SPAMCOP_NET 0 score RCVD_IN_DUL 0 score RCVD_IN_DUL_FH 0 score RCVD_IN_RBL 0 score RCVD_IN_RSS 0 Our understanding that '0' means that none are being utilised, so we need to give them a score for them to be used. If we wanted to use any of the following: ORDB-RBL relays.ordb.org. Infinite-Monkeys proxies.relays.monkeys.com. osirusoft.com relays.osirusoft.com. would we need to define them in 50_scores.cf.? Finally is anybody willing to share their experiences on spam cop, ordb, infinate-monkeys and osirusoft, does any one use all 4? Thanks in advance Paul H. From jaearick at COLBY.EDU Fri May 9 11:29:00 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:00 2006 Subject: Survey: OS, chipset, anti-virus software Message-ID: Gang, Please drop me a note, telling me what operating systems, hardware chipsets (eg i386, alpha, ia64, mips, sparc, etc), and anti-virus software products you use with MailScanner. Please reply to me, not the list. In my case, the answer would be: Solaris 8, sparc, Sophos I am building a table of what anti-virus products are available for various OS/chipset combinations, so Julian can include this information on his webpage. The webpages for the various anti-virus products are not very helpful in answering the question: "What anti-virus products can I use with my computer?" I would also like to know if any anti-virus product is available in build-it-yourself source-code form. Thanks. --- Jeff Earickson From raymond at PROLOCATION.NET Fri May 9 11:35:37 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:00 2006 Subject: Survey: OS, chipset, anti-virus software In-Reply-To: Message-ID: Hi! > Please drop me a note, telling me what operating systems, > hardware chipsets (eg i386, alpha, ia64, mips, sparc, etc), > and anti-virus software products you use with MailScanner. > Please reply to me, not the list. In my case, the answer > would be: > > Solaris 8, sparc, Sophos And also please include the number of messages processed daily. Thanks, Raymond. From mdunder at GE.UCL.AC.UK Fri May 9 11:43:25 2003 From: mdunder at GE.UCL.AC.UK (Mike Dunderdale) Date: Thu Jan 12 21:18:00 2006 Subject: Survey: OS, chipset, anti-virus software In-Reply-To: References: Message-ID: and 3-6000 messages a day. M. ------------------------------------------------------------------------- Mike Dunderdale | tel: ++44 20 7679 2756 IT Systems Manager, Geomatic Engineering | fax: ++44 20 7380 0453 mike.dunderdale@ge.ucl.ac.uk | mob: ++44 7939 455 245 From Peter.Bates at LSHTM.AC.UK Fri May 9 12:08:43 2003 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: It's teetering on OT for this list, but I'm using SA 2.53 and MS (4.20-3) quite happily... As with others on the list, I'm using DCC and Razor (2) and RBL-checking in SA to add to the overall 'score', before tagging and delivering. I do however reject some things at the MTA by other means. Yesterday or so I added the following refinement to my spam.assassin.prefs.conf: score MSGID_GOOD_EXCHANGE -2.0 ... as I've been seeing an increasing number of messages being scored low (the score above, being -5+ in the default configuration can work against the other factors identifying the message as 'spam') due to this rule... I'm guessing more people are relaying through Microsoft Exchange servers, or someone has found the mystical incantation to spoof the format of Message-ID. It was only a matter of time, I guess before spammers started using the 'negative' rules in SA to try and reduce their overall scores. I also got one this morning, claiming to have been sent via Emacs which had obviously contributed to it being passed as 'clean'... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From Declan.Grady at NUVOTEM.COM Fri May 9 12:20:16 2003 From: Declan.Grady at NUVOTEM.COM (Declan Grady) Date: Thu Jan 12 21:18:00 2006 Subject: Survey: OS, chipset, anti-virus software In-Reply-To: References: Message-ID: <1052479216.1809.36.camel@declan> RedHat 7, i386, f-prot, 2000 From Declan.Grady at NUVOTEM.COM Fri May 9 12:33:48 2003 From: Declan.Grady at NUVOTEM.COM (Declan Grady) Date: Thu Jan 12 21:18:00 2006 Subject: Survey: OS, chipset, anti-virus software In-Reply-To: <1052479216.1809.36.camel@declan> References: <1052479216.1809.36.camel@declan> Message-ID: <1052480028.1799.43.camel@declan> Ooops, sorry list. On Fri, 2003-05-09 at 12:20, Declan Grady wrote: > RedHat 7, i386, f-prot, 2000 From steve.freegard at LBSLTD.CO.UK Fri May 9 13:20:14 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: <67D9E7698329D411936E00508B6590B9027738B0@neelix.lbsltd.co.uk> I've got SA running the RBL checks (with Razor2 & DCC) - but I found that SA 2.53 doesn't include the Infinite-Monkeys open-proxy RBL, so I have MailScanner doing this RBL check instead - which has already picked up a bit of spam that SA hasn't with no false-positives so far. As an aside, is Pyzor any good? - I notice SA scores higher for Pyzor listings than Razor2, and wondered whether it was worth installing as I already have Razor2?? Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. > ---------- > From: Kevin Spicer > Reply To: MailScanner mailing list > Sent: Friday, May 9, 2003 8:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spamassassin 2.53 & MailScanner > > >By the way, when RBL's are used with either MailScanner or SpamAssassin > >(don't use them with both!) they also are used only for scoring. They > >don't reject/block messages. I believe using them with sendmail will > >actually reject the message but that isn't what happens when called > >from MailScanner/Spamassassin. > > That wasn't quite my understanding... I'm pretty sure that... > RBLS with sendmail reject mail (as you said.) On a busy server choosing > a good RBL to use with sendmail can be very worthwhile since the mails > are blocked before being received in full, which saves cpu cycles and > bandwidth. > RBLs with SpamAssassin just contribute to the scores. Incidentally, the > fact that some RBLs are better than others is reflected in the scores > that SA gives each of them - if worried about this causing false > positives then just tweak the scores a bit lower. > RBLs with MailScanner simply switch the SPAM flag on, match one RBL and > your mail is tagged as SPAM. IMHO using RBLS directly within > MailScanner is only useful if you don't have SA installed. > > I use razor2, DCC and pyzor, as well as RBLS within SA, The hardest part > of the install was setting up appropriate firewall rules to allow DCC > etc. out (and even that is trivial once you find out the port numbers). > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. > > -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From marco at MUW.EDU Fri May 9 14:04:37 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:00 2006 Subject: Trouble with Redhat 9 In-Reply-To: References: Message-ID: <1052485477.3ebba765eb753@webmail.MUW.Edu> That did it. Thank you Marco Quoting Andy Wright : > I had the same problems, and I think I solved it by changing the lang > setting. (It seems Redhat 9 has problems with UTF-8). > > Try.... > > LANG=en_US > export $LANG > > Andy. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk]On > Behalf Of Marco Obaid > Sent: 09 May 2003 00:23 > To: MAILSCANNER@jiscmail.ac.uk > Subject: Trouble with Redhat 9 > > > Hello all, > > Has anyone run into trouble installing Perl Modules on Redhat 9? > > I have a freshly installed machine with Redhat 9. I am not able to install > any > modules from CPAN using: > > perl -MCPAN -e shell > o conf prerequisites_policy ask > install module::name > > The common error is this: > > Warning: I could not locate your pod2man program. Please make sure, > your pod2man program is in your PATH before you execute 'make' > > I checked and pod2man is in the PATH. Is this an issue with Redhat 9? > > Thank you for any hints > Marco > > This is an example when I tried to install Net::SSLeay: > ******************************************************* > cpan> install Net::SSLeay > Running install for module Net::SSLeay > Running make for S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz > Checksum for > /root/.cpan/sources/authors/id/S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz ok > Net_SSLeay.pm-1.22/ > Net_SSLeay.pm-1.22/ptrcasttst.c > Net_SSLeay.pm-1.22/MANIFEST > Net_SSLeay.pm-1.22/RECIPE.Win32 > Net_SSLeay.pm-1.22/Changes > Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/ > Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Makefile.PL > Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/MANIFEST > Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/test.pl > Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Handle.pm > Net_SSLeay.pm-1.22/Net-SSLeay-Handle-0.50/Changes > Net_SSLeay.pm-1.22/examples/ > Net_SSLeay.pm-1.22/examples/get_page.pl > Net_SSLeay.pm-1.22/examples/bio.pl > Net_SSLeay.pm-1.22/examples/makecert.pl > Net_SSLeay.pm-1.22/examples/cb-testi.pl > Net_SSLeay.pm-1.22/examples/ephemeral.pl > Net_SSLeay.pm-1.22/examples/cli-cert.pl > Net_SSLeay.pm-1.22/examples/bulk.pl > Net_SSLeay.pm-1.22/examples/get_page_cert.pl > Net_SSLeay.pm-1.22/examples/req.conf > Net_SSLeay.pm-1.22/examples/sslecho.pl > Net_SSLeay.pm-1.22/examples/https-proxy-snif.pl > Net_SSLeay.pm-1.22/examples/ssl_diff.pl > Net_SSLeay.pm-1.22/examples/sslcat.pl > Net_SSLeay.pm-1.22/examples/get_authenticated_page.pl > Net_SSLeay.pm-1.22/examples/passwd-cb.pl > Net_SSLeay.pm-1.22/examples/ssl-inetd-serv.pl > Net_SSLeay.pm-1.22/examples/minicli.pl > Net_SSLeay.pm-1.22/examples/stdio_bulk.pl > Net_SSLeay.pm-1.22/examples/callback.pl > Net_SSLeay.pm-1.22/examples/server_key.pem > Net_SSLeay.pm-1.22/SSLeay.pm > Net_SSLeay.pm-1.22/.rnd > Net_SSLeay.pm-1.22/README > Net_SSLeay.pm-1.22/SSLeay.xs > Net_SSLeay.pm-1.22/test.pl > Net_SSLeay.pm-1.22/Makefile.PL > Net_SSLeay.pm-1.22/QuickRef > Net_SSLeay.pm-1.22/README.Win32 > Net_SSLeay.pm-1.22/ptrtstrun.pl > Net_SSLeay.pm-1.22/Credits > Net_SSLeay.pm-1.22/typemap > Removing previously used /root/.cpan/build/Net_SSLeay.pm-1.22 > > CPAN.pm: Going to build S/SA/SAMPO/Net_SSLeay.pm-1.22.tar.gz > > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.7a installed in /usr > That's is newer than what this module was tested with (0.9.6g). You should > consider checking if there is a newer release of this module > available. Everything will probably work OK, though. > *** Could not figure out which C compiler was used to compile > /usr/bin/openssl. > It is essentiall that OpenSSL, perl, and Net::SSLeay are compiled with the > same > compiler and flags. Mixing and matching compilers is not supported. at > Makefile.PL line 132. > Checking if your kit is complete... > Looks good > Checking if your kit is complete... > Looks good > > Warning: I could not locate your pod2man program. Please make sure, > your pod2man program is in your PATH before you execute 'make' > > Writing Makefile for Net::SSLeay::Handle > > Warning: I could not locate your pod2man program. Please make sure, > your pod2man program is in your PATH before you execute 'make' > > Writing Makefile for Net::SSLeay > Makefile:88: *** missing separator. Stop. > /usr/bin/make -- NOT OK > Running make test > Can't test without successful make > Running make install > make had returned bad status, install seems impossible > **************************************************************************** > * > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar > ____________________________________________________________ _/ _/ _/ _/ _/ _/ | Marco Obaid _/_/ _/_/ _/ _/ _/ _/ | Network Administrator _/ _/ _/ _/ _/ _/ _/ _/ | McDevitt Hall _/ _/ _/ _/ _/_/ _/_/ | W-Box 1621 _/ _/ _/_/_/ _/ _/ | Columbus MS 39701 ____________________________________________________________ M I S S I S S I P P I U N I V E R S I T Y F O R W O M E N _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From denis at IMSLTD.COM Fri May 9 13:34:41 2003 From: denis at IMSLTD.COM (Denis Croombs) Date: Thu Jan 12 21:18:00 2006 Subject: Installing mailScanner after SpamAssassin Message-ID: <027d01c31627$605d78e0$0e01a8c0@denisy2k.imsltd.com> I have Spamassassin installed on a Redhat 7.3 system and want to add MailScanner, is this possible ? Thanks Denis From gerry at dorfam.ca Fri May 9 13:59:28 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:18:00 2006 Subject: Installing mailScanner after SpamAssassin In-Reply-To: <027d01c31627$605d78e0$0e01a8c0@denisy2k.imsltd.com> References: <027d01c31627$605d78e0$0e01a8c0@denisy2k.imsltd.com> Message-ID: <55188.129.80.22.143.1052485168.squirrel@tiger.dorfam.ca> > I have Spamassassin installed on a Redhat 7.3 system and want to add > MailScanner, is this possible ? > > Thanks > > Denis > Yes. Gerry From mike at ZANKER.ORG Fri May 9 14:02:32 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <1052464022.4934.9.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co .uk> <1052464022.4934.9.camel@bach.kevinspicer.co.uk> Message-ID: <13138812.1052488952@mallard.open.ac.uk> On 09 May 2003 08:06 +0100 Kevin Spicer wrote: > I use razor2, DCC and pyzor, as well as RBLS within SA, The hardest > part of the install was setting up appropriate firewall rules to > allow DCC etc. out (and even that is trivial once you find out the > port numbers). A quick question about installing razor2, if I may... The installation instructions talk about running 'razor-admin -create' to create a default config file in your home directory. Is this necessary if you only intend to use it with SpamAssassin and, if so, should this be run as root? Thanks in advance, Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From mailscanner at ecs.soton.ac.uk Fri May 9 13:45:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:00 2006 Subject: Installing mailScanner after SpamAssassin In-Reply-To: <027d01c31627$605d78e0$0e01a8c0@denisy2k.imsltd.com> Message-ID: <5.2.0.9.2.20030509134411.034ad6f8@imap.ecs.soton.ac.uk> At 13:34 09/05/2003, you wrote: >I have Spamassassin installed on a Redhat 7.3 system and want to add >MailScanner, is this possible ? Yes, just switch off any spamd processes and all that sort of stuff, put your sendmail delivery setup back to how it was before anything had to be changed for however you used to call SpamAssassin, and install MailScanner. Once you have that working, just set Use SpamAssassin = yes in your /etc/MailScanner/MailScanner.conf and restart MailScanner. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Fri May 9 14:14:36 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: <67D9E7698329D411936E00508B6590B902793759@neelix.lbsltd.co.uk> Mike, When I set mine up I ran it as 'root' as that's the UID that MS/SA run under. You don't _have_ to run it at all - it is only used when reporting spam back to Razor using 'razor-report'. Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: 09 May 2003 14:03 To: MAILSCANNER@JISCMAIL.AC.UK On 09 May 2003 08:06 +0100 Kevin Spicer wrote: > I use razor2, DCC and pyzor, as well as RBLS within SA, The hardest > part of the install was setting up appropriate firewall rules to > allow DCC etc. out (and even that is trivial once you find out the > port numbers). A quick question about installing razor2, if I may... The installation instructions talk about running 'razor-admin -create' to create a default config file in your home directory. Is this necessary if you only intend to use it with SpamAssassin and, if so, should this be run as root? Thanks in advance, Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From P.G.M.Peters at civ.utwente.nl Fri May 9 14:30:29 2003 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <1052464022.4934.9.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> <1052464022.4934.9.camel@bach.kevinspicer.co.uk> Message-ID: On Fri, 9 May 2003 08:06:58 +0100, you wrote: >IMHO using RBLS directly within >MailScanner is only useful if you don't have SA installed. Not completely true. We explicitly disabled RBLS in SA. I prefer to include other, new (even my own) RBLS in MS. The e-mail gets the spam-header with the RBL name in it and the final recipient can filter on the RBLS he wants. We have a lot of students from China. They don't want any e-mail from China blocked. But others want to filter out every e-mail from China. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From adkinss at OHIO.EDU Fri May 9 14:28:26 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <5.2.0.9.2.20030509083619.03497038@imap.ecs.soton.ac.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> Message-ID: <1278472075.1052472506@Callisto> <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030509083619.03497038@imap.ecs.soton.ac.uk> X-Mailer: Mulberry/3.0.3 (Win32) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========1278479627==========" --==========1278479627========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Friday, May 09, 2003 8:38 AM +0100 Julian Field=20 wrote: > At 08:06 09/05/2003, you wrote: >> IMHO using RBLS directly within >> MailScanner is only useful if you don't have SA installed. > > I would probably agree with you there. If I had come across SpamAssassin > when I wrote the MailScanner RBL code, I doubt I would have bothered > writing it. > > I still find it comes in useful sometimes though, as otherwise I would > probably have to tweak the SpamAssassin scores for the RBLs I use high > enough to always trap messages. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support Well, I don't know if I fully agree with you guys. I see the following reasons for using RBL's at the sendmail/mailscanner/spamassassin levels: 1) Putting the RBL's at Sendmail level rejects spam immediately, saving lots of cycles in preventing those messages from hitting MailScanner and going through the virus checks and spam marking. 2) Putting RBL's at MailScanner level means that you probably have a policy to not reject email, but only mark it. Virus scanning of the messages still occur, but if one of the RBL's flag it as spam, then you still save a lot of cycles by not pushing the message through Spam Assassin, which IMHO, is the biggest hitter on machine cycles. 3) Putting RBL's at the Spam Assassin level means that you have pleanty of horse power to handle any message that comes through and you want to rely on the scoring aspect to classify spam and not relying on the RBL's along to write a message off as spam. Of course, a lot of admins may use a combination of the above. We don't use RBL's at the sendmail level, but we do immitate it by populating our access.db file with RBL like information. We actually don't use RBL's at any point in the system. We receive easily a half-million messages a day to our system, and we are very cautious about introducing additional side affects where a network will slow down or go away, adding to the time it takes to process email. We can't afford to have mail back up, as it gets us in trouble (politically, for sure) every time. On top of that, our environment seems pushed to the brink a lot of times to handle the email load that comes in... on busy days, we may end up processing a million messages before it is all said and done. Add in the virus scanning and spam marking, as well as the delivery of email to the Cyrus server (running on the same cluster)... well, let's say we kind of watch the system pretty carefully. So, if we decide to add RBL's, it will most likely be at the sendmail level to prevent messages from going through the expensive virus scanning/spam marking route. We are seriously thinking about moving the virus scanning/spam marking to a seperate set of machines, either a bank of Linux boxes, or more likely a blade server that can be easily expanded, and offload all of that from our main email environment. If we do this, then I can easily see us putting the RBL checks at the Spam Assassin level, as we can just add more blades or machines to the environment if we start getting pushed for CPU cycles. But I do see reasons why you would want it at the MailScanner level... especially if you don't want to reject emails but need to save cycles wherever you can... Scott --=20 +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ --==========1278479627========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: Mulberry PGP Plugin v2.0 Comment: processed by Mulberry PGP Plugin iQA/AwUBPrus+6YtNXY159L9EQKskACcCbZGB4CZq4oNWZLk4M7aKdGXC34An33k 2Cj5Qfrgzs+/aVwKniGg99r0 =R24f -----END PGP SIGNATURE----- --==========1278479627==========-- From mike at ZANKER.ORG Fri May 9 14:42:09 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:00 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <67D9E7698329D411936E00508B6590B902793759@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B902793759@neelix.lbsltd.co.u k> Message-ID: <15514250.1052491329@mallard.open.ac.uk> On 09 May 2003 14:14 +0100 Steve Freegard wrote: > When I set mine up I ran it as 'root' as that's the UID that MS/SA run > under. You don't _have_ to run it at all - it is only used when > reporting spam back to Razor using 'razor-report'. Ok, thanks - I'll try it that way. Regards, Mike. From jase at SENSIS.COM Fri May 9 14:46:26 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: I am not a spamassassin expert, but from what I can tell by looking at the list of tests it does (http://spamassassin.rediris.es/tests.html), many tests score lower with "net". I assume that "net" means you do some sort of check over the internet, such as an RBL lookup or a DCC check. So if you only do RBL lookups but not DCC, Razor2, or Pyzor, some tests will score even lower and may result in email not being tagged as spam. I was seeing a lot of spam get through until I installed DCC, Razor2, and Pyzor. Hope this helps. Jason > -----Original Message----- > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > Sent: Thursday, May 08, 2003 6:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > I just installed DCC yesterday and am already seeing improved > results. You > might give that a shot. > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > Sent: Thursday, May 08, 2003 8:32 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: spamassassin 2.53 & MailScanner > > > > > > Dear All, > > > > Just wondering if anyone out there has any suggestions for > > improving/tweaking SpamAssassin (2.53) settings -- I am > > running MailScanner & SpamAssassin 2.53 but still getting a > > fair amount of spam not over the default score of 5, or > > sometimes even with a negative score. > > > > I'm running a pretty busy system that handles about 15-20k > > messages per day. > > > > I have tried lowering the score threshold but of course then > > I get more false positives. I've seen mention that > > SpamAssassin 2.60 is much improved but I hesitate to use it > > at this point. > > > > One idea I had was enabling Vipul's Razor, but I've never > > used it. Any input would be of interest. > > > > Thanks! > > > > -Ron > > > From adkinss at OHIO.EDU Fri May 9 15:02:32 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <1278472075.1052472506@Callisto> References: <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> <1278472075.1052472506@Callisto> Message-ID: <1280518918.1052474552@Callisto> Any reason why my message got munged like this? This is the first time I have seen this happen, and it looks like it starts where the SpamCheck header is inserted... maybe an extra newline or something got added in there, which screwed up the rest of the email headers (particularly the MIME headers), which then caused the rest of the problems... Anyone else see this with MailScanner? Maybe this is unrelated and something else happened... Scott --On Friday, May 09, 2003 9:28 AM -0400 Scott Adkins wrote: > Return-Path: > Received: from redbudcm1a.cats.ohiou.edu (redbudcm1a.cats.ohiou.edu > [132.235.8.34]) by oak2a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) with ESMTP > id h49DbkhP1222050 for ; Fri, 9 May 2003 > 09:37:46 -0400 (EDT) Received: (from root@localhost) > by redbudcm1a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) with X.500 id > h49DbkaH831875 for adkinss@oak.cats.ohiou.edu; Fri, 9 May 2003 09:37:46 > -0400 (EDT) Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk > [130.246.192.48]) by redbudcm1a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) > with ESMTP id h49DbjnN836610 for ; Fri, 9 May 2003 > 09:37:46 -0400 (EDT) > Received: from LISTSERV.JISCMAIL.AC.UK (jiscmail.ac.uk) by > smtp.jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id > <7.0002933C@smtp.jiscmail.ac.uk>; Fri, 9 May 2003 14:37:43 +0100 > Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release > 1.8e) with spool id 21705558 for MAILSCANNER@JISCMAIL.AC.UK; > Fri, 9 May 2003 14:37:42 +0100 > Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0i) with > TCP; Fri, 9 May 2003 14:37:42 +0100 > X-RAL-MFrom: > X-RAL-Connect: > Received: from oak1a.cats.ohiou.edu (oak.cats.ohiou.edu [132.235.8.44]) by > ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id h49DbdS32395 for > ; Fri, 9 May 2003 14:37:40 +0100 > Received: from Callisto (callisto.cns.ohiou.edu [132.235.197.32]) by > oak2a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) with ESMTP id > h49DSOhP1227260 for ; Fri, 9 May > 2003 09:28:24 -0400 (EDT) > References: > <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> > Message-ID: <1278472075.1052472506@Callisto> > Date: Fri, 9 May 2003 09:28:26 -0400 > Reply-To: MailScanner mailing list > Sender: MailScanner mailing list > From: Scott Adkins > Subject: Re: spamassassin 2.53 & MailScanner > To: MAILSCANNER@JISCMAIL.AC.UK > In-Reply-To: <5.2.0.9.2.20030509083619.03497038@imap.ecs.soton.ac.uk> > Precedence: list > X-MailScanner-VirusCheck: Found to be clean > X-MailScanner-Information: http://www.cns.ohiou.edu/email/spam-virus.html > X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.5, required 5, > IN_REP_TO, PGP_SIGNATURE, QUOTED_EMAIL_TEXT, REFERENCES, > SPAM_PHRASE_03_05) > > <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> > <5.2.0.9.2.20030509083619.03497038@imap.ecs.soton.ac.uk> > X-Mailer: Mulberry/3.0.3 (Win32) > MIME-Version: 1.0 > Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; > boundary="==========1278479627==========" > > --==========1278479627========== > Content-Type: text/plain; charset=us-ascii; format=flowed > Content-Transfer-Encoding: quoted-printable > Content-Disposition: inline > > --On Friday, May 09, 2003 8:38 AM +0100 Julian Field=20 > wrote: > >> At 08:06 09/05/2003, you wrote: >>> IMHO using RBLS directly within >>> MailScanner is only useful if you don't have SA installed. >> >> I would probably agree with you there. If I had come across SpamAssassin >> when I wrote the MailScanner RBL code, I doubt I would have bothered >> writing it. >> >> I still find it comes in useful sometimes though, as otherwise I would >> probably have to tweak the SpamAssassin scores for the RBLs I use high >> enough to always trap messages. >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support > > Well, I don't know if I fully agree with you guys. I see the following > reasons for using RBL's at the sendmail/mailscanner/spamassassin levels: > > 1) Putting the RBL's at Sendmail level rejects spam immediately, saving > lots of cycles in preventing those messages from hitting MailScanner > and going through the virus checks and spam marking. > > 2) Putting RBL's at MailScanner level means that you probably have a > policy to not reject email, but only mark it. Virus scanning of the > messages still occur, but if one of the RBL's flag it as spam, then > you still save a lot of cycles by not pushing the message through > Spam Assassin, which IMHO, is the biggest hitter on machine cycles. > > 3) Putting RBL's at the Spam Assassin level means that you have pleanty > of horse power to handle any message that comes through and you want > to rely on the scoring aspect to classify spam and not relying on the > RBL's along to write a message off as spam. > > Of course, a lot of admins may use a combination of the above. We don't > use RBL's at the sendmail level, but we do immitate it by populating our > access.db file with RBL like information. We actually don't use RBL's at > any point in the system. We receive easily a half-million messages a day > to our system, and we are very cautious about introducing additional side > affects where a network will slow down or go away, adding to the time it > takes to process email. We can't afford to have mail back up, as it gets > us in trouble (politically, for sure) every time. > > On top of that, our environment seems pushed to the brink a lot of times > to handle the email load that comes in... on busy days, we may end up > processing a million messages before it is all said and done. Add in the > virus scanning and spam marking, as well as the delivery of email to the > Cyrus server (running on the same cluster)... well, let's say we kind of > watch the system pretty carefully. So, if we decide to add RBL's, it > will most likely be at the sendmail level to prevent messages from going > through the expensive virus scanning/spam marking route. > > We are seriously thinking about moving the virus scanning/spam marking to > a seperate set of machines, either a bank of Linux boxes, or more likely > a blade server that can be easily expanded, and offload all of that from > our main email environment. If we do this, then I can easily see us > putting the RBL checks at the Spam Assassin level, as we can just add > more blades or machines to the environment if we start getting pushed for > CPU cycles. > > But I do see reasons why you would want it at the MailScanner level... > especially if you don't want to reject emails but need to save cycles > wherever you can... > > Scott > --=20 > +-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 > +-----------------------------------------------------------------------+ > PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ > --==========1278479627========== > Content-Type: application/pgp-signature > Content-Transfer-Encoding: 7bit > > -----BEGIN PGP SIGNATURE----- > Version: Mulberry PGP Plugin v2.0 > Comment: processed by Mulberry PGP Plugin > > iQA/AwUBPrus+6YtNXY159L9EQKskACcCbZGB4CZq4oNWZLk4M7aKdGXC34An33k > 2Cj5Qfrgzs+/aVwKniGg99r0 > =R24f > -----END PGP SIGNATURE----- > > --==========1278479627==========-- -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030509/b520c3c8/attachment.bin From mailscanner at ecs.soton.ac.uk Fri May 9 15:18:27 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Broken message - Was Re: spamassassin 2.53 & MailScanner In-Reply-To: <1280518918.1052474552@Callisto> References: <1278472075.1052472506@Callisto> <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> <1278472075.1052472506@Callisto> Message-ID: <5.2.0.9.2.20030509151627.033cfbd0@imap.ecs.soton.ac.uk> At 15:02 09/05/2003, you wrote: >>Return-Path: >>Received: from redbudcm1a.cats.ohiou.edu (redbudcm1a.cats.ohiou.edu >>[132.235.8.34]) by oak2a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) >>with ESMTP >>id h49DbkhP1222050 for ; Fri, 9 May 2003 >>09:37:46 -0400 (EDT) Received: (from root@localhost) >> by redbudcm1a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) with X.500 id >>h49DbkaH831875 for adkinss@oak.cats.ohiou.edu; Fri, 9 May 2003 09:37:46 >>-0400 (EDT) Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk >>[130.246.192.48]) by redbudcm1a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) >>with ESMTP id h49DbjnN836610 for ; Fri, 9 May 2003 >>09:37:46 -0400 (EDT) >>Received: from LISTSERV.JISCMAIL.AC.UK (jiscmail.ac.uk) by >>smtp.jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id >><7.0002933C@smtp.jiscmail.ac.uk>; Fri, 9 May 2003 14:37:43 +0100 >>Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release >>1.8e) with spool id 21705558 for MAILSCANNER@JISCMAIL.AC.UK; >>Fri, 9 May 2003 14:37:42 +0100 >>Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0i) with >>TCP; Fri, 9 May 2003 14:37:42 +0100 >>X-RAL-MFrom: >>X-RAL-Connect: >>Received: from oak1a.cats.ohiou.edu (oak.cats.ohiou.edu [132.235.8.44]) by >> ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id h49DbdS32395 for >> ; Fri, 9 May 2003 14:37:40 +0100 >>Received: from Callisto (callisto.cns.ohiou.edu [132.235.197.32]) by >> oak2a.cats.ohiou.edu (8.12.8-OU/8.12.8-OU) with ESMTP id >> h49DSOhP1227260 for ; Fri, 9 May >>2003 09:28:24 -0400 (EDT) >>References: >><5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> >>Message-ID: <1278472075.1052472506@Callisto> >>Date: Fri, 9 May 2003 09:28:26 -0400 >>Reply-To: MailScanner mailing list >>Sender: MailScanner mailing list >>From: Scott Adkins >>Subject: Re: spamassassin 2.53 & MailScanner >>To: MAILSCANNER@JISCMAIL.AC.UK >>In-Reply-To: <5.2.0.9.2.20030509083619.03497038@imap.ecs.soton.ac.uk> >>Precedence: list >>X-MailScanner-VirusCheck: Found to be clean >>X-MailScanner-Information: http://www.cns.ohiou.edu/email/spam-virus.html >>X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.5, required 5, >> IN_REP_TO, PGP_SIGNATURE, QUOTED_EMAIL_TEXT, REFERENCES, >> SPAM_PHRASE_03_05) >> >> <5C0296D26910694BB9A9BBFC577E7AB0011752B6@pascal.priv.bmrb.co.uk> >> <5.2.0.9.2.20030509083619.03497038@imap.ecs.soton.ac.uk> >>X-Mailer: Mulberry/3.0.3 (Win32) >>MIME-Version: 1.0 >>Content-Type: multipart/signed; micalg=pgp-sha1; >> protocol="application/pgp-signature"; >> boundary="==========1278479627==========" >> >>--==========1278479627========== >>Content-Type: text/plain; charset=us-ascii; format=flowed >>Content-Transfer-Encoding: quoted-printable >>Content-Disposition: inline >> >>--On Friday, May 09, 2003 8:38 AM +0100 Julian Field=20 >> wrote: MailScanner found the first blank line immediately after Precedence: list and therefore took that as the end of the headers. Something else had already screwed your headers by the time it got to MailScanner. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From brad_patterson at USROBOTICS.COM Fri May 9 15:49:42 2003 From: brad_patterson at USROBOTICS.COM (Brad Patterson) Date: Thu Jan 12 21:18:01 2006 Subject: Survey: OS, chipset, anti-virus software In-Reply-To: Message-ID: On 5/9/03 5:29, "Jeff A. Earickson" wrote: > Gang, > Please drop me a note, telling me what operating systems, > hardware chipsets (eg i386, alpha, ia64, mips, sparc, etc), > and anti-virus software products you use with MailScanner. > Please reply to me, not the list. In my case, the answer > would be: > > Solaris 8, sparc, Sophos > > I am building a table of what anti-virus products are available > for various OS/chipset combinations, so Julian can include this > information on his webpage. The webpages for the various > anti-virus products are not very helpful in answering the question: > "What anti-virus products can I use with my computer?" > > I would also like to know if any anti-virus product is available > in build-it-yourself source-code form. Thanks. > > --- Jeff Earickson Solaris 9, sparc, ClamAV On our relay machine we use MailScanner 4.20-3 on Solaris 9, running on a single processor Sun Enterprise 250 with a 400 MHz CPU and 512 MB of RAM. We normally accept 17,000 to 20,000 emails per day with very low load. I used GNU tools to compile ClamAV from the source with no problems. So far, ClamAV has caught all but one virus we have encountered, and our Norton AntiVirus on our Lotus Notes server caught that. Hope this helps. -- Brad Patterson U.S. Robotics From brad_patterson at USROBOTICS.COM Fri May 9 16:11:39 2003 From: brad_patterson at USROBOTICS.COM (Brad Patterson) Date: Thu Jan 12 21:18:01 2006 Subject: Survey: OS, chipset, anti-virus software In-Reply-To: Message-ID: > On 5/9/03 5:29, "Jeff A. Earickson" wrote: >> Please reply to me, not the list. In my case, the answer And of course, I read the "reply to me, not the list" part and still managed to mung it up. Must be Friday and the mind is already elsewhere. From sylvain.phaneuf at IMSU.OXFORD.AC.UK Fri May 9 16:37:38 2003 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:18:01 2006 Subject: virtusertable and mailscanner Message-ID: I am testing our system to use virtusertable. Ultimately we will want mail coming for @xyz.com to be redirected to @xxx.com after mailscanner & spamasssasin & sophos have done their job. Before we get the mail for @xyz.com forwarded to us, I am testing with the existing configuration. I cannot get redirection working. At the moment we get mail for serverA to be scanned by mailscanner, etc. All is working perfectly. If I add an entry in virtusertable and make map, mail arriving for johndoe@serverA.ox.ac.uk is not forwarded to sylvain@somewhere.ox.ac.uk. (johndoe doesnt exist on serveA). The messages are bounced with: >>> RCPT To: <<< 550 No such recipient 550 5.1.1 ... User unknown A tab separate the two fields in virtusertable. Here are the files we have at the moment: [mailertable] serverA.ox.ac.uk esmtp:[serverA.ox.ac.uk] [virtusertable] johndoe@serverA.ox.ac.uk sylvain@somewhere.ox.ac.uk [sendmail.cf] ##### $Id: cfhead.m4,v 8.108.2.2 2003/03/11 21:24:20 ca Exp $ ##### ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### ##### $Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $ ##### ##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ ##### ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ ##### ##### $Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $ ##### ##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ##### ##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### ##### $Id: mailertable.m4,v 8.23 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: virtusertable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: access_db.m4,v 8.24 2002/03/06 21:50:25 ca Exp $ ##### ##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ ##### ##### $Id: proto.m4,v 8.649.2.17 2003/03/28 17:20:53 ca Exp $ ##### What am I doing wrong? Sylvain =========================================================== Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== From sylvain.phaneuf at IMSU.OXFORD.AC.UK Fri May 9 16:47:30 2003 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:18:01 2006 Subject: P.S virtusertable and mailscanner Message-ID: Forgot to mention that testing my tables on sendmail gives me the following results: sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> /map virtuser johndoe@serverA.ox.ac.uk map_lookup: virtuser (johndoe@serverA.ox.ac.uk) returns sylvain@somewhere.ox.ac.uk (0) From ree at THUNDERSTAR.NET Fri May 9 08:01:27 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:01 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <5.2.0.9.2.20030509083940.04309d40@imap.ecs.soton.ac.uk> Message-ID: On Fri, 9 May 2003, Julian Field wrote: > At 19:25 08/05/2003, you wrote: > >I'm hoping someone can shed some light on this one - recently I had > >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, > >abruptly stop processing mail. > > > >I only happened to notice as the only indication was that no mail was > >passing through to my internal mail/pop servers, etc. > > > >When I checked the maillog I found only entries from the postfix demon > >that receives incoming mail, nothing from MailScanner or the postfix demon > >that then delivers what MailScanner gives it. All processes including the > >MailScanner processes were running - in fact, MailScanner was using a > >majority of cpu time. I tried manually starting up MailScanner and found > >that this fact of "MailScanner starting" and "xxx messages found to be > >scanned" did show up in the maillog, however, no other change, mail did > >not start to flow. > > > >I finally restarted the server and then everything started to move. > > But was it scanning after you restarted? > Yes, it was scanning after I restarted, however it was using max of both CPUs in my system. After letting it run that way for awhile, I used check_mailscanner to find it's PIDs, then I killed it and restarted and then the CPU use was more normaly. > Have you use redhat-switchmail-nox to set which email system RedHat thinks > it is trying to run? > Yes, this is set on postfix > >So, based on this I have a few questions: > > > >1. Any ideas why this happened and how can I prevent it and also does > >anyone have any scripts out there that detect this kindof thing and then > >cleanly shut down mailscanner and restart it? > > > >2. I realized I don't even know how to cleanly shut down MailScanner > >manually. This may seem a stupid question but if someone could answer it > >that would be great. > > service MailScanner stop > > You can do "service MailScanner" to get a list of the command options you > can give it. > Does "service MailScanner start" work cleanly, or does it output any errors? > I get: bash: service: command not found This may be because when I first installed MailScanner, it would hang on startup - I had to boot in single user mode, & rename the MailScanner init script in init.d - additionally my incoming postfix was not starting automatically either, so I added the postfix.in startup command and check_mailscanner to rc.local. I think what was happening before that is that MailScanner was trying to start before both postfixes were starting. > >4. I have an error message repeatedly showing up in the maillog that I > >have been unable to discover the cause of. It is: > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx > > For some reason it thinks one of your incoming queue files is corrupt. It > needs to be able to find the sender and recipient addresses, and the last > hop IP address, in the file it lifts from the queue. > > Can you send me one of the files from /var/spool/postfix.in/deferred that > exhibits this problem. > Then I can improve the Postfix parser to stop it happening again. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > On the invalid messasge, is it save to remove it out of the deferred directory? If it is the only thing in it's folder, is it also safe to remove the folder? I checked and the message looks pretty mangled... but then again I'm not sure how readable the files in that format are supposed to be. Is there any script you know of that can detect MailScanner not processing anything, kill it and restart? Or set of an alarm or something? Also, any ideas on why postfix.in is doing all it's timestamps in UTC while postfix & MailScanner are not? Thanks Julian! From mailscanner at ecs.soton.ac.uk Fri May 9 17:13:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: References: <5.2.0.9.2.20030509083940.04309d40@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030509171102.100deec0@imap.ecs.soton.ac.uk> At 08:01 09/05/2003, you wrote: >On Fri, 9 May 2003, Julian Field wrote: > > > At 19:25 08/05/2003, you wrote: > > >I'm hoping someone can shed some light on this one - recently I had > > >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, > > >abruptly stop processing mail. > > > > > >I only happened to notice as the only indication was that no mail was > > >passing through to my internal mail/pop servers, etc. > > > > > >When I checked the maillog I found only entries from the postfix demon > > >that receives incoming mail, nothing from MailScanner or the postfix demon > > >that then delivers what MailScanner gives it. All processes including the > > >MailScanner processes were running - in fact, MailScanner was using a > > >majority of cpu time. I tried manually starting up MailScanner and found > > >that this fact of "MailScanner starting" and "xxx messages found to be > > >scanned" did show up in the maillog, however, no other change, mail did > > >not start to flow. > > > > > >I finally restarted the server and then everything started to move. > > > > But was it scanning after you restarted? > > > >Yes, it was scanning after I restarted, however it was using max of both >CPUs in my system. After letting it run that way for awhile, I used >check_mailscanner to find it's PIDs, then I killed it and restarted and >then the CPU use was more normaly. > > > Have you use redhat-switchmail-nox to set which email system RedHat thinks > > it is trying to run? > > > >Yes, this is set on postfix > > > >So, based on this I have a few questions: > > > > > >1. Any ideas why this happened and how can I prevent it and also does > > >anyone have any scripts out there that detect this kindof thing and then > > >cleanly shut down mailscanner and restart it? > > > > > >2. I realized I don't even know how to cleanly shut down MailScanner > > >manually. This may seem a stupid question but if someone could answer it > > >that would be great. > > > > service MailScanner stop > > > > You can do "service MailScanner" to get a list of the command options you > > can give it. > > Does "service MailScanner start" work cleanly, or does it output any > errors? > > > >I get: bash: service: command not found In which case you are using "su" and not "su -". Always use "su -" as it sets up the root environment properly. All sorts of strange things can happen when you just use "su". >This may be because when I first installed MailScanner, it would hang on >startup - I had to boot in single user mode, & rename the MailScanner init >script in init.d - additionally my incoming postfix was not starting >automatically either, so I added the postfix.in startup command and >check_mailscanner to rc.local. I think what was happening before that is >that MailScanner was trying to start before both postfixes were starting. > > > >4. I have an error message repeatedly showing up in the maillog that I > > >have been unable to discover the cause of. It is: > > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx > > > > For some reason it thinks one of your incoming queue files is corrupt. It > > needs to be able to find the sender and recipient addresses, and the last > > hop IP address, in the file it lifts from the queue. > > > > Can you send me one of the files from /var/spool/postfix.in/deferred that > > exhibits this problem. > > Then I can improve the Postfix parser to stop it happening again. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > >On the invalid messasge, is it save to remove it out of the deferred >directory? If it is the only thing in it's folder, is it also safe to >remove the folder? Remove the message, but don't remove the folder. > I checked and the message looks pretty mangled... but >then again I'm not sure how readable the files in that format are supposed >to be. The Postfix format is not meant to be human-readable. I know what it's supposed to look like. >Also, any ideas on why postfix.in is doing all it's timestamps in UTC >while postfix & MailScanner are not? Are you starting one as being "properly" root, and starting the other after just doing "su"? That would probably cause it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Newcombe at MORDOR.CLAYTON.EDU Fri May 9 17:18:33 2003 From: Newcombe at MORDOR.CLAYTON.EDU (Dan Newcombe) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: References: Message-ID: On Thu, 8 May 2003, Ron E. wrote: > Just wondering if anyone out there has any suggestions for > improving/tweaking SpamAssassin (2.53) settings -- I am running > MailScanner & SpamAssassin 2.53 but still getting a fair amount of spam > not over the default score of 5, or sometimes even with a negative score. The two things I did which helped were lower the threshold from 5 to 4.5 and increase the value given to the EXCUSE_19 match from .8 to 1.5, and the value given to CLICK_BELOW from .1 to .5 After lunch, Razor and DCC are going on there. From ree at THUNDERSTAR.NET Fri May 9 08:27:16 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:01 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <5.2.0.9.2.20030509171102.100deec0@imap.ecs.soton.ac.uk> Message-ID: On Fri, 9 May 2003, Julian Field wrote: > At 08:01 09/05/2003, you wrote: > >On Fri, 9 May 2003, Julian Field wrote: > > > > > At 19:25 08/05/2003, you wrote: > > > >I'm hoping someone can shed some light on this one - recently I had > > > >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, > > > >abruptly stop processing mail. > > > > > > > >I only happened to notice as the only indication was that no mail was > > > >passing through to my internal mail/pop servers, etc. > > > > > > > >When I checked the maillog I found only entries from the postfix demon > > > >that receives incoming mail, nothing from MailScanner or the postfix demon > > > >that then delivers what MailScanner gives it. All processes including the > > > >MailScanner processes were running - in fact, MailScanner was using a > > > >majority of cpu time. I tried manually starting up MailScanner and found > > > >that this fact of "MailScanner starting" and "xxx messages found to be > > > >scanned" did show up in the maillog, however, no other change, mail did > > > >not start to flow. > > > > > > > >I finally restarted the server and then everything started to move. > > > > > > But was it scanning after you restarted? > > > > > > >Yes, it was scanning after I restarted, however it was using max of both > >CPUs in my system. After letting it run that way for awhile, I used > >check_mailscanner to find it's PIDs, then I killed it and restarted and > >then the CPU use was more normaly. > > > > > Have you use redhat-switchmail-nox to set which email system RedHat thinks > > > it is trying to run? > > > > > > >Yes, this is set on postfix > > > > > >So, based on this I have a few questions: > > > > > > > >1. Any ideas why this happened and how can I prevent it and also does > > > >anyone have any scripts out there that detect this kindof thing and then > > > >cleanly shut down mailscanner and restart it? > > > > > > > >2. I realized I don't even know how to cleanly shut down MailScanner > > > >manually. This may seem a stupid question but if someone could answer it > > > >that would be great. > > > > > > service MailScanner stop > > > > > > You can do "service MailScanner" to get a list of the command options you > > > can give it. > > > Does "service MailScanner start" work cleanly, or does it output any > > errors? > > > > > > >I get: bash: service: command not found > > In which case you are using "su" and not "su -". Always use "su -" as it > sets up the root environment properly. All sorts of strange things can > happen when you just use "su". > Ah, thanks for the tip - when I do su - I get: MailScanner: unrecognized service > >This may be because when I first installed MailScanner, it would hang on > >startup - I had to boot in single user mode, & rename the MailScanner init > >script in init.d - additionally my incoming postfix was not starting > >automatically either, so I added the postfix.in startup command and > >check_mailscanner to rc.local. I think what was happening before that is > >that MailScanner was trying to start before both postfixes were starting. > > > > > >4. I have an error message repeatedly showing up in the maillog that I > > > >have been unable to discover the cause of. It is: > > > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx > > > > > > For some reason it thinks one of your incoming queue files is corrupt. It > > > needs to be able to find the sender and recipient addresses, and the last > > > hop IP address, in the file it lifts from the queue. > > > > > > Can you send me one of the files from /var/spool/postfix.in/deferred that > > > exhibits this problem. > > > Then I can improve the Postfix parser to stop it happening again. > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > > > > >On the invalid messasge, is it save to remove it out of the deferred > >directory? If it is the only thing in it's folder, is it also safe to > >remove the folder? > > Remove the message, but don't remove the folder. > Ok, good. > > I checked and the message looks pretty mangled... but > >then again I'm not sure how readable the files in that format are supposed > >to be. > > The Postfix format is not meant to be human-readable. I know what it's > supposed to look like. > > >Also, any ideas on why postfix.in is doing all it's timestamps in UTC > >while postfix & MailScanner are not? > > Are you starting one as being "properly" root, and starting the other after > just doing "su"? > That would probably cause it. No - the only difference is that postfix.in is started with: /usr/sbin/postfix -c /etc/postfix.in start which is in rc.local Other than that, the two postfixes have nearly identical config files... > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From raymond at PROLOCATION.NET Fri May 9 18:10:44 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:01 2006 Subject: virtusertable and mailscanner In-Reply-To: Message-ID: Hi! > [mailertable] > serverA.ox.ac.uk esmtp:[serverA.ox.ac.uk] > > [virtusertable] > johndoe@serverA.ox.ac.uk sylvain@somewhere.ox.ac.uk If you dont have that domain added to the /etc/mail/local-hostnames it wont invoke the virtusertable. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Fri May 9 18:45:47 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: References: <5.2.0.9.2.20030509171102.100deec0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030509184343.0254ae60@imap.ecs.soton.ac.uk> At 08:27 09/05/2003, you wrote: >On Fri, 9 May 2003, Julian Field wrote: > > At 08:01 09/05/2003, you wrote: > > >On Fri, 9 May 2003, Julian Field wrote: > > > > > > > At 19:25 08/05/2003, you wrote: > > > > >I'm hoping someone can shed some light on this one - recently I had > > > > >MailScanner which I've implemented on RedHat 8 w/Postfix just > yesterday, > > > > >abruptly stop processing mail. > > > > > > > > > >I only happened to notice as the only indication was that no mail was > > > > >passing through to my internal mail/pop servers, etc. > > > > > > > > > >When I checked the maillog I found only entries from the postfix demon > > > > >that receives incoming mail, nothing from MailScanner or the > postfix demon > > > > >that then delivers what MailScanner gives it. All processes > including the > > > > >MailScanner processes were running - in fact, MailScanner was using a > > > > >majority of cpu time. I tried manually starting up MailScanner and > found > > > > >that this fact of "MailScanner starting" and "xxx messages found to be > > > > >scanned" did show up in the maillog, however, no other change, > mail did > > > > >not start to flow. > > > > > > > > > >I finally restarted the server and then everything started to move. > > > > > > > > But was it scanning after you restarted? > > > > > > > > > >Yes, it was scanning after I restarted, however it was using max of both > > >CPUs in my system. After letting it run that way for awhile, I used > > >check_mailscanner to find it's PIDs, then I killed it and restarted and > > >then the CPU use was more normaly. > > > > > > > Have you use redhat-switchmail-nox to set which email system RedHat > thinks > > > > it is trying to run? > > > > > > > > > >Yes, this is set on postfix > > > > > > > >So, based on this I have a few questions: > > > > > > > > > >1. Any ideas why this happened and how can I prevent it and also does > > > > >anyone have any scripts out there that detect this kindof thing > and then > > > > >cleanly shut down mailscanner and restart it? > > > > > > > > > >2. I realized I don't even know how to cleanly shut down MailScanner > > > > >manually. This may seem a stupid question but if someone could > answer it > > > > >that would be great. > > > > > > > > service MailScanner stop > > > > > > > > You can do "service MailScanner" to get a list of the command > options you > > > > can give it. > > > > Does "service MailScanner start" work cleanly, or does it output any > > > errors? > > > > > > > > > >I get: bash: service: command not found > > > > In which case you are using "su" and not "su -". Always use "su -" as it > > sets up the root environment properly. All sorts of strange things can > > happen when you just use "su". > > > >Ah, thanks for the tip - when I do su - I get: MailScanner: unrecognized >service After you installed the RPMs you should have got this sorted already. However, doing chkconfig MailScanner add will add it as a service, so you can then start and stop it. You will need to set your MTA by editing /etc/sysconfig/MailScanner and by running "redhat-switchmail-nox". > > >This may be because when I first installed MailScanner, it would hang on > > >startup - I had to boot in single user mode, & rename the MailScanner init > > >script in init.d - additionally my incoming postfix was not starting > > >automatically either, so I added the postfix.in startup command and > > >check_mailscanner to rc.local. I think what was happening before that is > > >that MailScanner was trying to start before both postfixes were starting. > > > > > > > >4. I have an error message repeatedly showing up in the maillog that I > > > > >have been unable to discover the cause of. It is: > > > > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for > message xxxxxx > > > > > > > > For some reason it thinks one of your incoming queue files is > corrupt. It > > > > needs to be able to find the sender and recipient addresses, and > the last > > > > hop IP address, in the file it lifts from the queue. > > > > > > > > Can you send me one of the files from > /var/spool/postfix.in/deferred that > > > > exhibits this problem. > > > > Then I can improve the Postfix parser to stop it happening again. > > > > -- > > > > Julian Field > > > > www.MailScanner.info > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > >On the invalid messasge, is it save to remove it out of the deferred > > >directory? If it is the only thing in it's folder, is it also safe to > > >remove the folder? > > > > Remove the message, but don't remove the folder. > > > >Ok, good. > > > > I checked and the message looks pretty mangled... but > > >then again I'm not sure how readable the files in that format are supposed > > >to be. > > > > The Postfix format is not meant to be human-readable. I know what it's > > supposed to look like. > > > > >Also, any ideas on why postfix.in is doing all it's timestamps in UTC > > >while postfix & MailScanner are not? > > > > Are you starting one as being "properly" root, and starting the other after > > just doing "su"? > > That would probably cause it. > >No - the only difference is that postfix.in is started with: >/usr/sbin/postfix -c /etc/postfix.in start >which is in rc.local > >Other than that, the two postfixes have nearly identical config files... This will get done automatically once you have the "service" stuff above sorted out. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From forrie at FORRIE.COM Fri May 9 18:40:19 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:01 2006 Subject: mailtertable and mailscanner, command line utilities... In-Reply-To: References: Message-ID: <5.2.1.1.2.20030509133400.01ceae98@192.168.1.1> Command-line tools (like mutt, mail, et al) invoke sendmail (or whatever) directly, which of course bypasses any scanning. Is there a way to circumvent this, perhaps at the firewall level. I'm on FreeBSD-4.8-STABLE, at the moment. Forrest From damian at WORKGROUPSOLUTIONS.COM Fri May 9 18:55:18 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:01 2006 Subject: Blacklisted mail addresses - going to quarantine Message-ID: Hi, Is it possible to delete the messages associated with the email addresses and domains in my blacklist. They are currently being forwarded to my quarantine since I defined all SPAM to forward to a quarantine mailbox. I would like to delete all blacklisted messages without forwarding them to quarantine. Thanks, Damian Workgroup Solutions 20532 El Toro Rd, Suite 107 Mission Viejo, CA 92692 949 586-2200 SpamGate - Stop SPAM today at the Gateway! From mailscanner at ecs.soton.ac.uk Fri May 9 18:56:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: mailtertable and mailscanner, command line utilities... In-Reply-To: <5.2.1.1.2.20030509133400.01ceae98@192.168.1.1> References: Message-ID: <5.2.1.1.2.20030509185535.026a2ec8@imap.ecs.soton.ac.uk> At 18:40 09/05/2003, you wrote: >Command-line tools (like mutt, mail, et al) invoke sendmail (or whatever) >directly, which of course bypasses any scanning. > >Is there a way to circumvent this, perhaps at the firewall level. I'm on >FreeBSD-4.8-STABLE, at the moment. If you use a recent sendmail, this won't be a problem. Most mail clients can talk SMTP to a remote SMTP server, so you can use that with the server name set to "localhost". -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 9 19:05:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Blacklisted mail addresses - going to quarantine In-Reply-To: Message-ID: <5.2.1.1.2.20030509190225.0230de58@imap.ecs.soton.ac.uk> It may seem an odd setup, but what happens if you set Required SpamAssassin Score = 100 High Scoring SpamAssassin Score = 10 i.e. set them inverted. Then set the high scoring spam action to "store" and the normal spam to "delete". I don't have a clue if this will work or not, but I would be interested to hear what happens. Otherwise it sounds like I will have to implement a Blacklisted Messages Actions option in addition to all the others. But I would rather avoid that if I can. At 18:55 09/05/2003, you wrote: >Hi, > >Is it possible to delete the messages associated with the email addresses >and domains in my blacklist. They are currently being forwarded to my >quarantine since I defined all SPAM to forward to a quarantine mailbox. > >I would like to delete all blacklisted messages without forwarding them to >quarantine. > >Thanks, > >Damian > >Workgroup Solutions >20532 El Toro Rd, Suite 107 >Mission Viejo, CA 92692 >949 586-2200 >SpamGate - Stop SPAM today at the Gateway! -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Fri May 9 19:21:30 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:01 2006 Subject: virtusertable and mailscanner In-Reply-To: Message-ID: <001101c31657$d0c6a130$6f01a8c0@Laptop1> That mailertable entry does not look right it should be Domain name esmtp:[relay server] So if you want all mail for test.com to goto server demo.com than you your mailertable should look like this Test.com esmtp:[demo.com] Once this is done do a makemap makemap hash /etc/mail/mailertable < /etc/mail/mailertable (change the path to where your mailertable is) Let me know if this works for you. -Sanjay -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sylvain Phaneuf Sent: Friday, May 09, 2003 11:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: virtusertable and mailscanner I am testing our system to use virtusertable. Ultimately we will want mail coming for @xyz.com to be redirected to @xxx.com after mailscanner & spamasssasin & sophos have done their job. Before we get the mail for @xyz.com forwarded to us, I am testing with the existing configuration. I cannot get redirection working. At the moment we get mail for serverA to be scanned by mailscanner, etc. All is working perfectly. If I add an entry in virtusertable and make map, mail arriving for johndoe@serverA.ox.ac.uk is not forwarded to sylvain@somewhere.ox.ac.uk. (johndoe doesnt exist on serveA). The messages are bounced with: >>> RCPT To: <<< 550 No such recipient 550 5.1.1 ... User unknown A tab separate the two fields in virtusertable. Here are the files we have at the moment: [mailertable] serverA.ox.ac.uk esmtp:[serverA.ox.ac.uk] [virtusertable] johndoe@serverA.ox.ac.uk sylvain@somewhere.ox.ac.uk [sendmail.cf] ##### $Id: cfhead.m4,v 8.108.2.2 2003/03/11 21:24:20 ca Exp $ ##### ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### ##### $Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $ ##### ##### $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $ ##### ##### $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $ ##### ##### $Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $ ##### ##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ##### ##### $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### ##### $Id: mailertable.m4,v 8.23 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: virtusertable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $ ##### ##### $Id: access_db.m4,v 8.24 2002/03/06 21:50:25 ca Exp $ ##### ##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ ##### ##### $Id: proto.m4,v 8.649.2.17 2003/03/28 17:20:53 ca Exp $ ##### What am I doing wrong? Sylvain =========================================================== Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== From mailscanner at BARENDSE.TO Fri May 9 19:30:51 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: Message-ID: Stupid question maybe, but I see lots of messages about DCC. What is DCC and where can I find it? Is it similar to SpamAssassin and something that is installed on the side to? What must be done to get it working? (Probably this is something for a FAQ?) On Fri, 9 May 2003, Desai, Jason wrote: > I am not a spamassassin expert, but from what I can tell by looking at the > list of tests it does (http://spamassassin.rediris.es/tests.html), many > tests score lower with "net". I assume that "net" means you do some sort of > check over the internet, such as an RBL lookup or a DCC check. So if you > only do RBL lookups but not DCC, Razor2, or Pyzor, some tests will score > even lower and may result in email not being tagged as spam. > > I was seeing a lot of spam get through until I installed DCC, Razor2, and > Pyzor. > > Hope this helps. > > Jason > > > -----Original Message----- > > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > Sent: Thursday, May 08, 2003 6:31 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > I just installed DCC yesterday and am already seeing improved > > results. You > > might give that a shot. > > > > Mike > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > > Sent: Thursday, May 08, 2003 8:32 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: spamassassin 2.53 & MailScanner > > > > > > > > > Dear All, > > > > > > Just wondering if anyone out there has any suggestions for > > > improving/tweaking SpamAssassin (2.53) settings -- I am > > > running MailScanner & SpamAssassin 2.53 but still getting a > > > fair amount of spam not over the default score of 5, or > > > sometimes even with a negative score. > > > > > > I'm running a pretty busy system that handles about 15-20k > > > messages per day. > > > > > > I have tried lowering the score threshold but of course then > > > I get more false positives. I've seen mention that > > > SpamAssassin 2.60 is much improved but I hesitate to use it > > > at this point. > > > > > > One idea I had was enabling Vipul's Razor, but I've never > > > used it. Any input would be of interest. > > > > > > Thanks! > > > > > > -Ron > > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Fri May 9 19:35:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: References: Message-ID: <5.2.1.1.2.20030509193304.026b5eb8@imap.ecs.soton.ac.uk> At 19:30 09/05/2003, you wrote: >Stupid question maybe, but I see lots of messages about DCC. What is DCC >and where can I find it? Distributed Checksum Clearinghouse http://www.rhyolite.com/anti-spam/dcc/ SpamAssassin will use it if it is installed. Download it from the link at the top of that web page, then unpack it cd into it ./configure make make install (Oh, it requires GNU make) then edit spam.assassin.prefs.conf Remove the line that sets the DCC rule to 0. Add dcc_path /usr/local/bin/dccproc Restart MailScanner. Please feel free to add this to the Faq-o-matic. >On Fri, 9 May 2003, Desai, Jason wrote: > > > I am not a spamassassin expert, but from what I can tell by looking at the > > list of tests it does (http://spamassassin.rediris.es/tests.html), many > > tests score lower with "net". I assume that "net" means you do some > sort of > > check over the internet, such as an RBL lookup or a DCC check. So if you > > only do RBL lookups but not DCC, Razor2, or Pyzor, some tests will score > > even lower and may result in email not being tagged as spam. > > > > I was seeing a lot of spam get through until I installed DCC, Razor2, and > > Pyzor. > > > > Hope this helps. > > > > Jason > > > > > -----Original Message----- > > > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > Sent: Thursday, May 08, 2003 6:31 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > > > > I just installed DCC yesterday and am already seeing improved > > > results. You > > > might give that a shot. > > > > > > Mike > > > > > > > > > > -----Original Message----- > > > > From: MailScanner mailing list > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > > > Sent: Thursday, May 08, 2003 8:32 AM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: spamassassin 2.53 & MailScanner > > > > > > > > > > > > Dear All, > > > > > > > > Just wondering if anyone out there has any suggestions for > > > > improving/tweaking SpamAssassin (2.53) settings -- I am > > > > running MailScanner & SpamAssassin 2.53 but still getting a > > > > fair amount of spam not over the default score of 5, or > > > > sometimes even with a negative score. > > > > > > > > I'm running a pretty busy system that handles about 15-20k > > > > messages per day. > > > > > > > > I have tried lowering the score threshold but of course then > > > > I get more false positives. I've seen mention that > > > > SpamAssassin 2.60 is much improved but I hesitate to use it > > > > at this point. > > > > > > > > One idea I had was enabling Vipul's Razor, but I've never > > > > used it. Any input would be of interest. > > > > > > > > Thanks! > > > > > > > > -Ron > > > > > > > > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mike at ZANKER.ORG Fri May 9 19:49:16 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <5.2.1.1.2.20030509193304.026b5eb8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030509193304.026b5eb8@imap.ecs.soton.ac.uk> Message-ID: <136762093.1052509756@jemima.zanker.org> On 09 May 2003 19:35 +0100 Julian Field wrote: > Add > dcc_path /usr/local/bin/dccproc Aha - *that's* what I wasn't doing! Might it be an idea to put that in spam.assassin.prefs.conf? (Although I guess it might get a bit messy - "comment out this and uncomment that to use DCC"!) Mike. From mailscanner at LISTS.COM.AR Fri May 9 20:05:02 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:01 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <5.2.0.9.2.20030509083940.04309d40@imap.ecs.soton.ac.uk> References: Message-ID: <3EBBD1AE.27988.47AD1AF2@localhost> Julian, Leo Helman (the guy who actually wrote most of ZMailer support) spotted this one a few days ago and I thought it was just unelegant, but it might indeed be a bug... if it is so, it affects _all_ versions (sendmail, exim, zmailer & postfix)... maybe it showed up because of some problem in the postfix queue file parser, but it is there anyway. Leo says that within MailScanner::Sendmail::CreateBatch() you have the following code excerpt: $batchempty = 1; while(($file = shift @SortedFiles) && $HitLimit1+$HitLimit2+$HitLimit3+$HitLimit4<1) { .... .... .... .... .... .... $newmessage = MailScanner::Message->new($id, $queuedirname); next unless $newmessage; .... .... .... .... .... .... } # Wait a bit until I check the queue again sleep(MailScanner::Config::Value('queuescaninterval')) if $batchempty; } while $batchempty; # Keep trying until we get something now, newmessage is false when a lock fails or when there was an error parsing the envelope (e.g. missing envelope from, to or origin). If the lock failed, that is because another MailScanner locked it and the next round of the loop or so, the file will probably be not there, 'cause the other MailScanner that had it locked, processed it and removed it from the queue. But, if the envelope was corrupt, the file stays in the queue forever, and as $batchempty is not modified, it never quits the loop (the $HitLimitX stay always 0). At first I thought that the only problem would be that the queue file would stay there forever (or until an operator read the log message produced within MailScanner::Sendmail::ReadQf() (smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx) and would manually remove it from the queue... In fact, I dismissed a message I was writing to you about this when I thought that... now that Leo read this thread and recalls our dialog back then, I re- read it and notice that, as we always sort the queue files by age, this corrupt file will _always_ be the first to be processed and, hence, would stuck the queue... I think we should differntiate the way ReadQf() fails if the queue file is locked or if it is ill-formed... or change the while() condition... El 9 May 2003 a las 8:46, Julian Field escribi?: > At 19:25 08/05/2003, you wrote: > >I'm hoping someone can shed some light on this one - recently I had > >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, > >abruptly stop processing mail. > > > >I only happened to notice as the only indication was that no mail was > >passing through to my internal mail/pop servers, etc. > > > >When I checked the maillog I found only entries from the postfix demon > >that receives incoming mail, nothing from MailScanner or the postfix demon > >that then delivers what MailScanner gives it. All processes including the > >MailScanner processes were running - in fact, MailScanner was using a > >majority of cpu time. I tried manually starting up MailScanner and found > >that this fact of "MailScanner starting" and "xxx messages found to be > >scanned" did show up in the maillog, however, no other change, mail did > >not start to flow. > > > >I finally restarted the server and then everything started to move. > > But was it scanning after you restarted? > > Have you use redhat-switchmail-nox to set which email system RedHat thinks > it is trying to run? > > >So, based on this I have a few questions: > > > >1. Any ideas why this happened and how can I prevent it and also does > >anyone have any scripts out there that detect this kindof thing and then > >cleanly shut down mailscanner and restart it? > > > >2. I realized I don't even know how to cleanly shut down MailScanner > >manually. This may seem a stupid question but if someone could answer it > >that would be great. > > service MailScanner stop > > You can do "service MailScanner" to get a list of the command options you > can give it. > Does "service MailScanner start" work cleanly, or does it output any errors? > > >4. I have an error message repeatedly showing up in the maillog that I > >have been unable to discover the cause of. It is: > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx > > For some reason it thinks one of your incoming queue files is corrupt. It > needs to be able to find the sender and recipient addresses, and the last > hop IP address, in the file it lifts from the queue. > > Can you send me one of the files from /var/spool/postfix.in/deferred that > exhibits this problem. > Then I can improve the Postfix parser to stop it happening again. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Mariano Absatz El Baby ---------------------------------------------------------- I am not afraid of death, I just don't want to be there when it happens. -- Woody Allen From mailscanner at LISTS.COM.AR Fri May 9 20:33:46 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:01 2006 Subject: (O/T) human readability (was Re: Urgent: MailScanner apparently stopped processing...) In-Reply-To: <5.2.0.9.2.20030509171102.100deec0@imap.ecs.soton.ac.uk> References: Message-ID: <3EBBD86A.14533.47C76AB9@localhost> El 9 May 2003 a las 17:13, Julian Field escribi?: > At 08:01 09/05/2003, you wrote: > >On Fri, 9 May 2003, Julian Field wrote: > > ... > > I checked and the message looks pretty mangled... but > >then again I'm not sure how readable the files in that format are supposed > >to be. > > The Postfix format is not meant to be human-readable. I know what it's > supposed to look like. Arghhhh! Postfix queue files are binary? I might get flamed for this but, WHY??? How much bandwidth/diskspace/whatever do they save by not making it human readable? I might get flamed for this, but I think all protocols and file formats should be human-readable (not counting cryptography) "just in case"... just in case there is a bug, just in case the application broke, just in case you don't _have_ the application, whatever... Just my 2c. -- Mariano Absatz El Baby ---------------------------------------------------------- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald Knuth From martyn at CHETNET.CO.UK Fri May 9 20:35:32 2003 From: martyn at CHETNET.CO.UK (Chet) Date: Thu Jan 12 21:18:01 2006 Subject: (O/T) human readability (was Re: Urgent: MailScanner apparently stopped processing...) References: <3EBBD86A.14533.47C76AB9@localhost> Message-ID: <002901c31662$54243150$0103a8c0@danni> How do I get myself off this list? Thanks ----------------------------------------------- www.chetnet.co.uk Cable Modem FAQ and portal ------------------------------------------------ ----- Original Message ----- From: "Mariano Absatz" To: Sent: Friday, May 09, 2003 8:33 PM Subject: (O/T) human readability (was Re: Urgent: MailScanner apparently stopped processing...) El 9 May 2003 a las 17:13, Julian Field escribi?: > At 08:01 09/05/2003, you wrote: > >On Fri, 9 May 2003, Julian Field wrote: > > ... > > I checked and the message looks pretty mangled... but > >then again I'm not sure how readable the files in that format are supposed > >to be. > > The Postfix format is not meant to be human-readable. I know what it's > supposed to look like. Arghhhh! Postfix queue files are binary? I might get flamed for this but, WHY??? How much bandwidth/diskspace/whatever do they save by not making it human readable? I might get flamed for this, but I think all protocols and file formats should be human-readable (not counting cryptography) "just in case"... just in case there is a bug, just in case the application broke, just in case you don't _have_ the application, whatever... Just my 2c. -- Mariano Absatz El Baby ---------------------------------------------------------- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald Knuth From mailscanner at ecs.soton.ac.uk Fri May 9 21:08:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <136762093.1052509756@jemima.zanker.org> References: <5.2.1.1.2.20030509193304.026b5eb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030509193304.026b5eb8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030509210736.02848148@imap.ecs.soton.ac.uk> At 19:49 09/05/2003, you wrote: >On 09 May 2003 19:35 +0100 Julian Field >wrote: > >>Add >>dcc_path /usr/local/bin/dccproc > >Aha - *that's* what I wasn't doing! Might it be an idea to put that in >spam.assassin.prefs.conf? It's already in place for the next release. >(Although I guess it might get a bit messy - "comment out this and >uncomment that to use DCC"!) It is now silent if it doesn't find dcc, so it's simpler than that. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 9 21:47:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: (O/T) human readability (was Re: Urgent: MailScanner apparently stopped processing...) In-Reply-To: <3EBBD86A.14533.47C76AB9@localhost> References: <5.2.0.9.2.20030509171102.100deec0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030509211042.02388510@imap.ecs.soton.ac.uk> At 20:33 09/05/2003, you wrote: >El 9 May 2003 a las 17:13, Julian Field escribi?: > > > At 08:01 09/05/2003, you wrote: > > >On Fri, 9 May 2003, Julian Field wrote: > > > >... > > > I checked and the message looks pretty mangled... but > > >then again I'm not sure how readable the files in that format are supposed > > >to be. > > > > The Postfix format is not meant to be human-readable. I know what it's > > supposed to look like. >Arghhhh! >Postfix queue files are binary? >I might get flamed for this but, WHY??? >How much bandwidth/diskspace/whatever do they save by not making it human >readable? >I might get flamed for this, but I think all protocols and file formats >should be human-readable (not counting cryptography) "just in case"... just >in case there is a bug, just in case the application broke, just in case you >don't _have_ the application, whatever... >Just my 2c. Not only are they binary, but the record lengths require bit-shifting to unpack, so that Postfix can save a few bits on the length of each record. In the record length bytes, the bottom 7 bits are used to store part of the record length, and the 8th bit says that there is another 7 bits of length in the following byte. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From jstuart at EDENPR.K12.MN.US Fri May 9 22:05:37 2003 From: jstuart at EDENPR.K12.MN.US (Joe Stuart) Date: Thu Jan 12 21:18:01 2006 Subject: deny all file extensions Message-ID: I was wondering about the filename.rules.conf file and wondering if there is a way to do a deny all rule and then specify the allowed files. And what would the deny all rule look like? From mailscanner at ecs.soton.ac.uk Fri May 9 21:54:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <3EBBD1AE.27988.47AD1AF2@localhost> References: <5.2.0.9.2.20030509083940.04309d40@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030509214937.02332e60@imap.ecs.soton.ac.uk> I agree it would stay in the queue and, due to the sorting, would always appear as the first message in the batch. But why would it jam anything? It would get found and logged at the start of each batch, but any other messages that later appeared would still be added to the batch. So it would cause a log warning at the start of each batch, but what harm would it do otherwise? I could add it to a hash of known bad messages if you like, so that it ignored that message id in subsequent queue scans. But I don't see how the current system actually breaks. At 20:05 09/05/2003, you wrote: >Julian, > >Leo Helman (the guy who actually wrote most of ZMailer support) spotted this >one a few days ago and I thought it was just unelegant, but it might indeed >be a bug... if it is so, it affects _all_ versions (sendmail, exim, zmailer & >postfix)... maybe it showed up because of some problem in the postfix queue >file parser, but it is there anyway. > >Leo says that within MailScanner::Sendmail::CreateBatch() you have the >following code excerpt: > > $batchempty = 1; > > while(($file = shift @SortedFiles) && > $HitLimit1+$HitLimit2+$HitLimit3+$HitLimit4<1) { > .... .... .... > .... .... .... > $newmessage = MailScanner::Message->new($id, $queuedirname); > next unless $newmessage; > .... .... .... > .... .... .... > } > > # Wait a bit until I check the queue again > sleep(MailScanner::Config::Value('queuescaninterval')) if $batchempty; > } while $batchempty; # Keep trying until we get something > >now, newmessage is false when a lock fails or when there was an error parsing >the envelope (e.g. missing envelope from, to or origin). > >If the lock failed, that is because another MailScanner locked it and the >next round of the loop or so, the file will probably be not there, 'cause the >other MailScanner that had it locked, processed it and removed it from the >queue. > >But, if the envelope was corrupt, the file stays in the queue forever, and as >$batchempty is not modified, it never quits the loop (the $HitLimitX stay >always 0). > >At first I thought that the only problem would be that the queue file would >stay there forever (or until an operator read the log message produced within >MailScanner::Sendmail::ReadQf() (smtp MailScanner[xxxx]: Batch: Found invalid >queue file for message xxxxxx) and would manually remove it from the queue... > >In fact, I dismissed a message I was writing to you about this when I thought >that... now that Leo read this thread and recalls our dialog back then, I re- >read it and notice that, as we always sort the queue files by age, this >corrupt file will _always_ be the first to be processed and, hence, would >stuck the queue... > >I think we should differntiate the way ReadQf() fails if the queue file is >locked or if it is ill-formed... or change the while() condition... > > > >El 9 May 2003 a las 8:46, Julian Field escribi?: > > > At 19:25 08/05/2003, you wrote: > > >I'm hoping someone can shed some light on this one - recently I had > > >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, > > >abruptly stop processing mail. > > > > > >I only happened to notice as the only indication was that no mail was > > >passing through to my internal mail/pop servers, etc. > > > > > >When I checked the maillog I found only entries from the postfix demon > > >that receives incoming mail, nothing from MailScanner or the postfix demon > > >that then delivers what MailScanner gives it. All processes including the > > >MailScanner processes were running - in fact, MailScanner was using a > > >majority of cpu time. I tried manually starting up MailScanner and found > > >that this fact of "MailScanner starting" and "xxx messages found to be > > >scanned" did show up in the maillog, however, no other change, mail did > > >not start to flow. > > > > > >I finally restarted the server and then everything started to move. > > > > But was it scanning after you restarted? > > > > Have you use redhat-switchmail-nox to set which email system RedHat thinks > > it is trying to run? > > > > >So, based on this I have a few questions: > > > > > >1. Any ideas why this happened and how can I prevent it and also does > > >anyone have any scripts out there that detect this kindof thing and then > > >cleanly shut down mailscanner and restart it? > > > > > >2. I realized I don't even know how to cleanly shut down MailScanner > > >manually. This may seem a stupid question but if someone could answer it > > >that would be great. > > > > service MailScanner stop > > > > You can do "service MailScanner" to get a list of the command options you > > can give it. > > Does "service MailScanner start" work cleanly, or does it output any > errors? > > > > >4. I have an error message repeatedly showing up in the maillog that I > > >have been unable to discover the cause of. It is: > > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx > > > > For some reason it thinks one of your incoming queue files is corrupt. It > > needs to be able to find the sender and recipient addresses, and the last > > hop IP address, in the file it lifts from the queue. > > > > Can you send me one of the files from /var/spool/postfix.in/deferred that > > exhibits this problem. > > Then I can improve the Postfix parser to stop it happening again. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >I am not afraid of death, I just don't want to >be there when it happens. > -- Woody Allen -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 9 22:33:50 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: deny all file extensions In-Reply-To: Message-ID: <5.2.1.1.2.20030509223233.0246fe78@imap.ecs.soton.ac.uk> At 22:05 09/05/2003, you wrote: >I was wondering about the filename.rules.conf file and wondering if >there is a way to do a deny all rule and then specify the allowed files. >And what would the deny all rule look like? You want to put the allow rules ahead of the deny rule. Then you could just ban any file whose name includes a "." deny \. Files banned by default Sorry, most attachments are banned Make sure each chunk of that line is separated from the next by tab characters and not spaces. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From jstuart at EDENPR.K12.MN.US Fri May 9 22:37:51 2003 From: jstuart at EDENPR.K12.MN.US (Joe Stuart) Date: Thu Jan 12 21:18:01 2006 Subject: deny all file extensions Message-ID: Makes sense. Thank you >>> mailscanner@ECS.SOTON.AC.UK 05/09/03 04:33PM >>> At 22:05 09/05/2003, you wrote: >I was wondering about the filename.rules.conf file and wondering if >there is a way to do a deny all rule and then specify the allowed files. >And what would the deny all rule look like? You want to put the allow rules ahead of the deny rule. Then you could just ban any file whose name includes a "." deny \. Files banned by default Sorry, most attachments are banned Make sure each chunk of that line is separated from the next by tab characters and not spaces. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at LISTS.COM.AR Fri May 9 22:49:47 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:01 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <5.2.1.1.2.20030509214937.02332e60@imap.ecs.soton.ac.uk> References: <3EBBD1AE.27988.47AD1AF2@localhost> Message-ID: <3EBBF84B.11221.4843F1C4@localhost> El 9 May 2003 a las 21:54, Julian Field escribi?: > I agree it would stay in the queue and, due to the sorting, would always > appear as the first message in the batch. But why would it jam anything? > It would get found and logged at the start of each batch, but any other > messages that later appeared would still be added to the batch. > So it would cause a log warning at the start of each batch, but what harm > would it do otherwise? This was my first thought and that's why I didn't tell you the first time... but Leo thinks something is going wrong there... I'll ask him on Monday to do a bunch of tests (actually, the only time he saw it happen was by actually feeding by hand a manually constructed queue file that contained a typo). > I could add it to a hash of known bad messages if you like, so that it > ignored that message id in subsequent queue scans. But I don't see how the > current system actually breaks. I'd rather quarantine the message at the end of ReadQf() (before the return 0)... > > At 20:05 09/05/2003, you wrote: > >Julian, > > > >Leo Helman (the guy who actually wrote most of ZMailer support) spotted this > >one a few days ago and I thought it was just unelegant, but it might indeed > >be a bug... if it is so, it affects _all_ versions (sendmail, exim, zmailer & > >postfix)... maybe it showed up because of some problem in the postfix queue > >file parser, but it is there anyway. > > > >Leo says that within MailScanner::Sendmail::CreateBatch() you have the > >following code excerpt: > > > > $batchempty = 1; > > > > while(($file = shift @SortedFiles) && > > $HitLimit1+$HitLimit2+$HitLimit3+$HitLimit4<1) { > > .... .... .... > > .... .... .... > > $newmessage = MailScanner::Message->new($id, $queuedirname); > > next unless $newmessage; > > .... .... .... > > .... .... .... > > } > > > > # Wait a bit until I check the queue again > > sleep(MailScanner::Config::Value('queuescaninterval')) if $batchempty; > > } while $batchempty; # Keep trying until we get something > > > >now, newmessage is false when a lock fails or when there was an error parsing > >the envelope (e.g. missing envelope from, to or origin). > > > >If the lock failed, that is because another MailScanner locked it and the > >next round of the loop or so, the file will probably be not there, 'cause the > >other MailScanner that had it locked, processed it and removed it from the > >queue. > > > >But, if the envelope was corrupt, the file stays in the queue forever, and as > >$batchempty is not modified, it never quits the loop (the $HitLimitX stay > >always 0). > > > >At first I thought that the only problem would be that the queue file would > >stay there forever (or until an operator read the log message produced within > >MailScanner::Sendmail::ReadQf() (smtp MailScanner[xxxx]: Batch: Found invalid > >queue file for message xxxxxx) and would manually remove it from the queue... > > > >In fact, I dismissed a message I was writing to you about this when I thought > >that... now that Leo read this thread and recalls our dialog back then, I re- > >read it and notice that, as we always sort the queue files by age, this > >corrupt file will _always_ be the first to be processed and, hence, would > >stuck the queue... > > > >I think we should differntiate the way ReadQf() fails if the queue file is > >locked or if it is ill-formed... or change the while() condition... > > > > > > > >El 9 May 2003 a las 8:46, Julian Field escribi?: > > > > > At 19:25 08/05/2003, you wrote: > > > >I'm hoping someone can shed some light on this one - recently I had > > > >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, > > > >abruptly stop processing mail. > > > > > > > >I only happened to notice as the only indication was that no mail was > > > >passing through to my internal mail/pop servers, etc. > > > > > > > >When I checked the maillog I found only entries from the postfix demon > > > >that receives incoming mail, nothing from MailScanner or the postfix demon > > > >that then delivers what MailScanner gives it. All processes including the > > > >MailScanner processes were running - in fact, MailScanner was using a > > > >majority of cpu time. I tried manually starting up MailScanner and found > > > >that this fact of "MailScanner starting" and "xxx messages found to be > > > >scanned" did show up in the maillog, however, no other change, mail did > > > >not start to flow. > > > > > > > >I finally restarted the server and then everything started to move. > > > > > > But was it scanning after you restarted? > > > > > > Have you use redhat-switchmail-nox to set which email system RedHat thinks > > > it is trying to run? > > > > > > >So, based on this I have a few questions: > > > > > > > >1. Any ideas why this happened and how can I prevent it and also does > > > >anyone have any scripts out there that detect this kindof thing and then > > > >cleanly shut down mailscanner and restart it? > > > > > > > >2. I realized I don't even know how to cleanly shut down MailScanner > > > >manually. This may seem a stupid question but if someone could answer it > > > >that would be great. > > > > > > service MailScanner stop > > > > > > You can do "service MailScanner" to get a list of the command options you > > > can give it. > > > Does "service MailScanner start" work cleanly, or does it output any > > errors? > > > > > > >4. I have an error message repeatedly showing up in the maillog that I > > > >have been unable to discover the cause of. It is: > > > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx > > > > > > For some reason it thinks one of your incoming queue files is corrupt. It > > > needs to be able to find the sender and recipient addresses, and the last > > > hop IP address, in the file it lifts from the queue. > > > > > > Can you send me one of the files from /var/spool/postfix.in/deferred that > > > exhibits this problem. > > > Then I can improve the Postfix parser to stop it happening again. > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > > > >-- > >Mariano Absatz > >El Baby > >---------------------------------------------------------- > >I am not afraid of death, I just don't want to > >be there when it happens. > > -- Woody Allen > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -- Mariano Absatz El Baby ---------------------------------------------------------- Lottery: A tax on people who are bad at math. From mailscanner at LISTS.COM.AR Fri May 9 22:56:09 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:01 2006 Subject: (O/T) human readability (was Re: Urgent: MailScanner apparently stopped processing...) In-Reply-To: <5.2.1.1.2.20030509211042.02388510@imap.ecs.soton.ac.uk> References: <3EBBD86A.14533.47C76AB9@localhost> Message-ID: <3EBBF9C9.18174.4849C599@localhost> El 9 May 2003 a las 21:47, Julian Field escribi?: > At 20:33 09/05/2003, you wrote: > >El 9 May 2003 a las 17:13, Julian Field escribi?: > > > > > At 08:01 09/05/2003, you wrote: > > > >On Fri, 9 May 2003, Julian Field wrote: > > > > > >... > > > > I checked and the message looks pretty mangled... but > > > >then again I'm not sure how readable the files in that format are supposed > > > >to be. > > > > > > The Postfix format is not meant to be human-readable. I know what it's > > > supposed to look like. > >Arghhhh! > >Postfix queue files are binary? > >I might get flamed for this but, WHY??? > >How much bandwidth/diskspace/whatever do they save by not making it human > >readable? > >I might get flamed for this, but I think all protocols and file formats > >should be human-readable (not counting cryptography) "just in case"... just > >in case there is a bug, just in case the application broke, just in case you > >don't _have_ the application, whatever... > >Just my 2c. > > Not only are they binary, but the record lengths require bit-shifting to > unpack, so that Postfix can save a few bits on the length of each record. > In the record length bytes, the bottom 7 bits are used to store part of the > record length, and the 8th bit says that there is another 7 bits of length > in the following byte. Oh my... and do they publish statistics on how many bits they save you? I know we are all assembly language programmers and we undertand binary by doing: od -atx1 file but there are a few people binary impaired out there, and they're not all of them lusers... -- Mariano Absatz El Baby ---------------------------------------------------------- Conjecture: All odd numbers are prime. Mathematician's Proof: 3 is prime. 5 is prime. 7 is prime. By induction, all odd numbers are prime. Physicist's Proof: 3 is prime. 5 is prime. 7 is prime. 9 is experimental error. 11 is prime. 13 is prime ... Engineer's Proof: 3 is prime. 5 is prime. 7 is prime. 9 is prime. 11 is prime. 13 is prime ... Computer Scientists's Proof: 3 is prime. 3 is prime. 3 is prime. 3 is prime... From dgeorgiades at POWERENG.COM Fri May 9 23:35:16 2003 From: dgeorgiades at POWERENG.COM (Derrick Georgiades) Date: Thu Jan 12 21:18:01 2006 Subject: Spammers circumvent MS Message-ID: I have brought this up before, with no resolution. Now spammers seem to be catching on. They are sending spam with multiple users from my domain in the To and CC fields of the envelope. The more local addresses they stuff in, the higher the chance they will hit one that is whitelisted and then the whole email is whitelisted. I know people have told me that because there is only one physical email for many recipients that we can't block for some users and not others on the same email. My question is what can we do? I have emails with a score over 10 SA points to be deleted. Is there a way to delete emails with a set score even if that email hits a whitelisted address? Any suggestions would be great. Thanks Derrick Georgiades From forrie at FORRIE.COM Sat May 10 00:22:36 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:01 2006 Subject: Spammers circumvent MS In-Reply-To: Message-ID: <5.2.1.1.2.20030509192124.01d1cbc0@192.168.1.1> Sounds similar to a situation I had been dealing with in a former job... the big question was how to limit access to aliases. You don't want a company-wide address to be accessible from the "outside". I never did resolve this in Sendmail, but it might be interesting to revisit this one. Forrest At 04:35 PM 5/9/2003 -0600, you wrote: >I have brought this up before, with no resolution. Now spammers seem to be >catching on. >They are sending spam with multiple users from my domain in the To and CC >fields of the envelope. >The more local addresses they stuff in, the higher the chance they will hit >one that is whitelisted and then the whole email is whitelisted. >I know people have told me that because there is only one physical email for >many recipients that we can't block for some users and not others on the >same email. >My question is what can we do? I have emails with a score over 10 SA points >to be deleted. Is there a way to delete emails with a set score even if >that email hits a whitelisted address? >Any suggestions would be great. > >Thanks >Derrick Georgiades From mailscanner at ecs.soton.ac.uk Sat May 10 10:33:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Spammers circumvent MS In-Reply-To: <5.2.1.1.2.20030509192124.01d1cbc0@192.168.1.1> References: Message-ID: <5.2.1.1.2.20030510102253.026a6e38@imap.ecs.soton.ac.uk> At 00:22 10/05/2003, you wrote: >You don't want a company-wide address to be accessible from the >"outside". I never did resolve this in Sendmail, but it might be >interesting to revisit this one. This can be done very easily in sendmail, if you are trying to protect company-wide mailing lists. You have to accept valid users in your company of course, as otherwise you would never accept any mail at all. We have a large bunch of email addresses which, for the sake of this example, all end in "-foo".or "-foo-0" or "-foo-1" etc up to "-foo-9". The "-foo-digit" ones are sublists that are used to construct each "-foo" list, purely because the lists are larger than the maximum record size allowed in aliases tables. In my sendmail.mc there is this: KIsEcsList2 regex -a@MATCH ^.*-foo(-[0-9])?$ LOCAL_RULESETS SLocal_check_rcpt R$* $: $>3 $1 Focus on host R$* $: $>"QualifyDomain" $1 Make fully-qualified R$* <@ $* $m. > $* $1 <@ *LOCAL* > Is recipient an ECS address? R$* <@ *LOCAL* > $* $: $(IsEcsList2 $1 $) <@ *LOCAL* > $2 ECS list? R@MATCH <@ *LOCAL* > $* $#error $@ 5.1.2 $: Please contact ECS Help Desk # If address is unqualified, add *LOCAL* as the destination hostname. SQualifyDomain R$* < @ $* > $* $@ $1 < @ $2 > $3 Already fully qualified R$+ $@ $1 < @ *LOCAL* > Add local qualification Repeat the lines containing "IsEcsList2" as many times as are necessary for the number of regular expressions you need to create to match all your company-wide mailing lists. We intentionally made them all end in "-foo" so that this could be done more easily. Okay, so maybe this isn't "very easy" like I said at the top, but it sure works. No-one outside can spam our internal lists. Anyone on the inside doing it gets dropped from a great height. >At 04:35 PM 5/9/2003 -0600, you wrote: >>I have brought this up before, with no resolution. Now spammers seem to be >>catching on. >>They are sending spam with multiple users from my domain in the To and CC >>fields of the envelope. >>The more local addresses they stuff in, the higher the chance they will hit >>one that is whitelisted and then the whole email is whitelisted. >>I know people have told me that because there is only one physical email for >>many recipients that we can't block for some users and not others on the >>same email. >>My question is what can we do? I have emails with a score over 10 SA points >>to be deleted. Is there a way to delete emails with a set score even if >>that email hits a whitelisted address? >>Any suggestions would be great. >> >>Thanks >>Derrick Georgiades -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Sat May 10 10:53:43 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:01 2006 Subject: Spammers circumvent MS In-Reply-To: <5.2.1.1.2.20030510102253.026a6e38@imap.ecs.soton.ac.uk> Message-ID: Hi! > Repeat the lines containing "IsEcsList2" as many times as are necessary for > the number of regular expressions you need to create to match all your > company-wide mailing lists. We intentionally made them all end in "-foo" so > that this could be done more easily. > > Okay, so maybe this isn't "very easy" like I said at the top, but it sure > works. No-one outside can spam our internal lists. Anyone on the inside > doing it gets dropped from a great height. Or run them on descent mailinglist software... and make them member post only :) Bye, Raymond. From donovan at HUFFDATASYSTEMS.COM Sat May 10 11:16:07 2003 From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS) Date: Thu Jan 12 21:18:01 2006 Subject: Spammers circumvent MS References: Message-ID: <024101c316dd$2ca96bb0$4bc65a42@x27> If I was an intelligent SPAMMER *laugh*, I could just run the SPAM I intended to send out thru MailScanner w/ SA and make sure that it scored low enough to get thru and if it didn't, then modify it till it did. This is likely why a lot of the SPAM recently seems to be going more towards the plain text side with a simple web link. That makes me think, maybe there needs to be a new BL that has domains/IPs/IP ranges/URLs in it and matches them if in e-mails, I'm not aware of anything that does this now. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Saturday, May 10, 2003 4:53 AM Subject: Re: Spammers circumvent MS > Hi! > > > Repeat the lines containing "IsEcsList2" as many times as are necessary for > > the number of regular expressions you need to create to match all your > > company-wide mailing lists. We intentionally made them all end in "-foo" so > > that this could be done more easily. > > > > Okay, so maybe this isn't "very easy" like I said at the top, but it sure > > works. No-one outside can spam our internal lists. Anyone on the inside > > doing it gets dropped from a great height. > > Or run them on descent mailinglist software... and make them member post > only :) > > Bye, > Raymond. From richard at SHEFLUG.CO.UK Sat May 10 11:48:29 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Confused Message-ID: <200305101148.29315.richard@sheflug.co.uk> Hi I'm a bit confused by first time configuration of MailScanner on my own SuSE 8.2 workstation. Thought I'd ask a couple of questions. Using Postfix and SpadderAssassin.... http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml >Make sure you have the chroot jail set up in /var/spool/postfix. You >should be able to see "etc", "usr" and "lib" directories inside >/var/spool/postfix). No I can't. I can see.... active bounce corrupt defer deferred flush hold incoming maildrop pid private public Where are the "etc" "usr" and "lib" directories that are referred to ? >If you haven't got the chroot jail setup already, then look in the >"examples" directory of the Postfix documentation and you will find >a script in there to set up it up for your operating system. If you >can't find that, then see the "Problems or Errors" section further >down this page. This is the script that I have found under /usr/share/doc/packages/postfix/examples/chroot-setup. Originally for SuSE 5.3. Presumably it will work with SuSE 8.2 ? # Revision 1.4 2001/01/15 09:36:35 emma # add note it was successfully tested on Debian sid # CP="cp -p" cond_copy() { # find files as per pattern in $1 # if any, copy to directory $2 dir=`dirname "$1"` pat=`basename "$1"` lr=`find "$dir" -maxdepth 1 -name "$pat"` if test ! -d "$2" ; then exit 1 ; fi if test "x$lr" != "x" ; then $CP $1 "$2" ; fi } set -e umask 022 POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix} cd ${POSTFIX_DIR} mkdir -p etc lib usr/lib/zoneinfo # find localtime (SuSE 5.3 does not have /etc/localtime) lt=/etc/localtime if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi rm -f etc/localtime # copy localtime and some other system files into the chroot's etc $CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc $CP -f /etc/host.conf /etc/hosts /etc/passwd etc ln -s -f /etc/localtime usr/lib/zoneinfo # copy required libraries into the chroot cond_copy '/lib/libnss_*.so*' lib cond_copy '/lib/libresolv.so*' lib cond_copy '/lib/libdb.so*' lib postfix reload -- Richard www.sheflug.co.uk From mailscanner at ecs.soton.ac.uk Sat May 10 12:41:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: <200305101148.29315.richard@sheflug.co.uk> Message-ID: <5.2.1.1.2.20030510122620.022eb340@imap.ecs.soton.ac.uk> At 11:48 10/05/2003, you wrote: >Hi > >I'm a bit confused by first time configuration of MailScanner on my >own SuSE 8.2 workstation. Thought I'd ask a couple of questions. >Using Postfix and SpadderAssassin.... > > >http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml > > >Make sure you have the chroot jail set up in /var/spool/postfix. You > >should be able to see "etc", "usr" and "lib" directories inside > >/var/spool/postfix). > >No I can't. I can see.... > >active bounce corrupt defer deferred flush hold incoming >maildrop pid private public > >Where are the "etc" "usr" and "lib" directories that are referred to >? They are the directories required to set up a minimal chroot jail. If you don't what know what a chroot jail is, then read on and I will try to explain it: When a process is run as root, or even as a non-root user, it will have permission to write over some files on your system. To stop hackers exploiting a vulnerability in the process, you can "chroot" the process. This makes another directory appear to be "/" as far as the chroot-ed process is concerned. In Postfix's case, lots of programs are run with a chroot of "/var/spool/postfix". So the chroot-ed process can only ever write to files under /var/spool/postfix (which it thinks is actually "/"). Even if it gets root, it can still only modify files under /var/spool/postfix. There is no way for a process to reverse the chroot call, so it's called a "jail" that it locks itself into. So the process thinks, for example, that /var/spool/postfix/etc is actually /etc, and similarly for the other directories (usr, lib, etc and the queues). To make it all work, it needs copies of a few files from the real /etc to operate, such as libraries, /etc/passwd and a few others. That is what should be in /var/spool/postfix/etc and the other dirs there. If you have a look in /etc/postfix/master.cf, there is a row for each of the Postfix processes. One of the columns is ticked if the process should be run chroot-ed. It appears that maybe the chroot files are less than I first thought. Here is what is on my system: [sysjkf@tinker postfix]$ cd /var/spool/postfix [sysjkf@tinker postfix]$ ls -lR etc etc: total 36 -rw-r----- 1 root root 12288 Apr 25 12:29 aliases.db drwxr-xr-x 2 root root 4096 Apr 16 11:24 postfix -rw-r--r-- 1 root root 19891 Apr 16 10:31 services etc/postfix: total 12 -rw-r----- 1 root root 12288 Apr 16 11:24 aliases.db > >If you haven't got the chroot jail setup already, then look in the > >"examples" directory of the Postfix documentation and you will find > >a script in there to set up it up for your operating system. If you > >can't find that, then see the "Problems or Errors" section further > >down this page. > > >This is the script that I have found under >/usr/share/doc/packages/postfix/examples/chroot-setup. Originally >for SuSE 5.3. Presumably it will work with SuSE 8.2 ? Should work okay. It's a fairly simple process. I haven't got a copy of SuSE 8.2 yet, only 8.1. I am trying to get my hands on a boxed copy of 8.2... The code below is probably good enough. Watch your maillog as you put the first few messages through it and you will soon see if it likes it or not. It will warn you if something is wrong. ># Revision 1.4 2001/01/15 09:36:35 emma ># add note it was successfully tested on Debian sid ># > >CP="cp -p" > >cond_copy() { > # find files as per pattern in $1 > # if any, copy to directory $2 > dir=`dirname "$1"` > pat=`basename "$1"` > lr=`find "$dir" -maxdepth 1 -name "$pat"` > if test ! -d "$2" ; then exit 1 ; fi > if test "x$lr" != "x" ; then $CP $1 "$2" ; fi >} > >set -e >umask 022 > >POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix} >cd ${POSTFIX_DIR} > >mkdir -p etc lib usr/lib/zoneinfo > ># find localtime (SuSE 5.3 does not have /etc/localtime) >lt=/etc/localtime >if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi >if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi >if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi >rm -f etc/localtime > ># copy localtime and some other system files into the chroot's etc >$CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc >$CP -f /etc/host.conf /etc/hosts /etc/passwd etc >ln -s -f /etc/localtime usr/lib/zoneinfo > ># copy required libraries into the chroot >cond_copy '/lib/libnss_*.so*' lib >cond_copy '/lib/libresolv.so*' lib >cond_copy '/lib/libdb.so*' lib > >postfix reload > > > > >-- >Richard >www.sheflug.co.uk -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 10 12:25:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Spammers circumvent MS In-Reply-To: <024101c316dd$2ca96bb0$4bc65a42@x27> References: Message-ID: <5.2.1.1.2.20030510122427.024159d8@imap.ecs.soton.ac.uk> At 11:16 10/05/2003, you wrote: >If I was an intelligent SPAMMER *laugh*, I could just run the SPAM I >intended to send out thru MailScanner w/ SA and make sure that >it scored low enough to get thru and if it didn't, then modify it till it >did. This is likely why a lot of the SPAM recently seems >to be going more towards the plain text side with a simple web link. That >makes me think, maybe there needs to be a new BL that has >domains/IPs/IP ranges/URLs in it and matches them if in e-mails, I'm not >aware of anything that does this now. This is what people like Spamhaus try to do. They target known spammers rather than open relays. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 10 12:51:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: <5.2.1.1.2.20030510122620.022eb340@imap.ecs.soton.ac.uk> References: <200305101148.29315.richard@sheflug.co.uk> Message-ID: <5.2.1.1.2.20030510124927.026a8f50@imap.ecs.soton.ac.uk> BTW the last mail was for postfix 1. Here is the chroot jail setup for postfix 2: [root@soldier postfix]# ls -lR etc lib usr etc: total 44 -rw-r--r-- 1 root root 17 Jul 23 2000 host.conf -rw-r--r-- 1 root root 155 Apr 9 16:59 hosts -rw-r--r-- 1 root root 1323 Apr 9 16:59 localtime -rw-r--r-- 1 root root 1686 Apr 9 16:59 nsswitch.conf -rw-r--r-- 1 root root 1464 Apr 9 17:16 passwd -rw-r--r-- 1 root root 90 Apr 9 17:03 resolv.conf -rw-r--r-- 1 root root 19935 Jan 9 17:56 services lib: total 5456 -rwxr-xr-x 1 root root 53548 Mar 14 00:43 libnss_compat-2.3.2.so -rwxr-xr-x 1 root root 53548 Mar 14 00:43 libnss_compat.so.2 -rwxr-xr-x 1 root root 18416 Mar 14 00:43 libnss_dns-2.3.2.so -rwxr-xr-x 1 root root 18416 Mar 14 00:43 libnss_dns.so.2 -rwxr-xr-x 1 root root 52472 Mar 14 00:43 libnss_files-2.3.2.so -rwxr-xr-x 1 root root 52472 Mar 14 00:43 libnss_files.so.2 -rwxr-xr-x 1 root root 20308 Mar 14 00:43 libnss_hesiod-2.3.2.so -rwxr-xr-x 1 root root 20308 Mar 14 00:43 libnss_hesiod.so.2 -rwxr-xr-x 1 root root 1855520 Jan 25 05:48 libnss_ldap-2.3.1.so -rwxr-xr-x 1 root root 1855520 Jan 25 05:48 libnss_ldap.so.2 -rwxr-xr-x 1 root root 43456 Mar 14 00:43 libnss_nis-2.3.2.so -rwxr-xr-x 1 root root 52684 Mar 14 00:43 libnss_nisplus-2.3.2.so -rwxr-xr-x 1 root root 52684 Mar 14 00:43 libnss_nisplus.so.2 -rwxr-xr-x 1 root root 43456 Mar 14 00:43 libnss_nis.so.2 -rwxr-xr-x 1 root root 13864 Mar 14 01:28 libnss_winbind.so -rwxr-xr-x 1 root root 13864 Mar 14 01:28 libnss_winbind.so.2 -rwxr-xr-x 1 root root 605464 Mar 14 01:28 libnss_wins.so -rwxr-xr-x 1 root root 605464 Mar 14 01:28 libnss_wins.so.2 -rwxr-xr-x 1 root root 76552 Mar 14 00:43 libresolv.so.2 usr: total 4 drwxr-xr-x 3 root root 4096 Apr 13 09:56 lib usr/lib: total 4 drwxr-xr-x 2 root root 4096 Apr 13 09:56 zoneinfo usr/lib/zoneinfo: total 0 lrwxrwxrwx 1 root root 14 Apr 13 09:56 localtime -> /etc/localtime [root@soldier postfix]# -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From richard at SHEFLUG.CO.UK Sat May 10 12:54:14 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: <5.2.1.1.2.20030510124927.026a8f50@imap.ecs.soton.ac.uk> References: <200305101148.29315.richard@sheflug.co.uk> <5.2.1.1.2.20030510124927.026a8f50@imap.ecs.soton.ac.uk> Message-ID: <200305101254.14363.richard@sheflug.co.uk> Julian > Here is the chroot jail setup for postfix 2: Ah... I'll have a look. Thanks ever so much :) -- Richard www.sheflug.co.uk From splee at PLEXIO.COM Sat May 10 15:20:22 2003 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:18:01 2006 Subject: SophosBusy.lock ownership problem Message-ID: <1052576422.20736.71.camel@ralph.plexio.private> Hi, I'm running mailscanner-4.20-3/Exim3.36/Sophos3.68 on RH7.3. Once in a while, the /tmp/SophosBusy.lock file gets created with root.root ownership. This causes problems as I run MS as exim.exim so an old /tmp/SophosBusy.lock with root.root ownership can't be removed. Here's a bit of the log: May 10 04:59:28 qcfl MailScanner[17357]: Virus and Content Scanning: Starting May 10 04:59:28 qcfl MailScanner[17357]: Cannot create /tmp/SophosBusy.lock, Permission denied Am I missing a config setting somewhere? MS was installed from RPM. Thanks, Stephen From mailscanner at ecs.soton.ac.uk Sat May 10 15:29:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: SophosBusy.lock ownership problem In-Reply-To: <1052576422.20736.71.camel@ralph.plexio.private> Message-ID: <5.2.1.1.2.20030510152701.02678e88@imap.ecs.soton.ac.uk> At 15:20 10/05/2003, you wrote: >Hi, >I'm running mailscanner-4.20-3/Exim3.36/Sophos3.68 on RH7.3. Once in a >while, the /tmp/SophosBusy.lock file gets created with root.root >ownership. This causes problems as I run MS as exim.exim so an old >/tmp/SophosBusy.lock with root.root ownership can't be removed. Here's a >bit of the log: > >May 10 04:59:28 qcfl MailScanner[17357]: Virus and Content Scanning: >Starting >May 10 04:59:28 qcfl MailScanner[17357]: Cannot create >/tmp/SophosBusy.lock, Permission denied > >Am I missing a config setting somewhere? MS was installed from RPM. I guess it shouldn't try to create the lock file if it already exists. The -autoupdate scripts all now delete the lock file when they have finished, so that exim.exim can create a new one. I think all I need to actually do is stop it logging an error in this condition, as it should still be able to get a shared lock on the file as that only needs read permission. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 10 15:37:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: SophosBusy.lock ownership problem In-Reply-To: <1052576422.20736.71.camel@ralph.plexio.private> Message-ID: <5.2.1.1.2.20030510153451.023f8e28@imap.ecs.soton.ac.uk> Here is a patch for /usr/lib/MailScanner/MailScanner/SweepViruses.pm that should solve this problem. This will of course be included in the next release. Also please make sure you are actually using the new /usr/lib/MailScanner/*-autoupdate scripts. If there are any *.rpmnew files in that dir then please rename them over the top of the old ones (there is a script on the downloads page that will help you do this automatically). --- SweepViruses.pm 2003-05-09 23:17:47.000000000 +0100 +++ SweepViruses.pm.new 2003-05-10 15:34:32.000000000 +0100 @@ -598,11 +598,15 @@ # Check that the virus checker files aren't currently being updated, # and wait if they are. - open($Lock, ">$VirusLock") - or MailScanner::Log::DieLog("Cannot create $VirusLock, $!"); + if (open($Lock, ">$VirusLock")) { + print $Lock "Virus checker locked for " . + ($disinfect?"disinfect":"scann") . "ing by $scanner $$\n"; + } else { + #The lock file already exists, so just open for reading + open($Lock, "<$VirusLock") + or MailScanner::Log::WarnLog("Cannot lock $VirusLock, $!"); + } flock($Lock, $LOCK_SH); - print $Lock "Virus checker locked for " . - ($disinfect?"disinfect":"scann") . "ing by $scanner $$\n"; MailScanner::Log::DebugLog("Commencing " . ($disinfect?"disinfect":"scann") . "ing by $scanner..."); At 15:20 10/05/2003, you wrote: >Hi, >I'm running mailscanner-4.20-3/Exim3.36/Sophos3.68 on RH7.3. Once in a >while, the /tmp/SophosBusy.lock file gets created with root.root >ownership. This causes problems as I run MS as exim.exim so an old >/tmp/SophosBusy.lock with root.root ownership can't be removed. Here's a >bit of the log: > >May 10 04:59:28 qcfl MailScanner[17357]: Virus and Content Scanning: >Starting >May 10 04:59:28 qcfl MailScanner[17357]: Cannot create >/tmp/SophosBusy.lock, Permission denied > >Am I missing a config setting somewhere? MS was installed from RPM. > >Thanks, >Stephen -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From splee at PLEXIO.COM Sat May 10 15:52:54 2003 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:18:01 2006 Subject: SophosBusy.lock ownership problem In-Reply-To: <5.2.1.1.2.20030510153451.023f8e28@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030510153451.023f8e28@imap.ecs.soton.ac.uk> Message-ID: <1052578374.18479.75.camel@ralph.plexio.private> On Sat, 2003-05-10 at 07:37, Julian Field wrote: > Here is a patch for /usr/lib/MailScanner/MailScanner/SweepViruses.pm that > should solve this problem. > This will of course be included in the next release. > Also please make sure you are actually using the new > /usr/lib/MailScanner/*-autoupdate scripts. If there are any *.rpmnew files > in that dir then please rename them over the top of the old ones (there is > a script on the downloads page that will help you do this automatically). > Julian, As usual, thanks for your help! Stephen From richard at SHEFLUG.CO.UK Sat May 10 21:04:45 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: <5.2.1.1.2.20030510122620.022eb340@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030510122620.022eb340@imap.ecs.soton.ac.uk> Message-ID: <200305102104.45329.richard@sheflug.co.uk> Julian > Should work okay. It's a fairly simple process. I haven't got a > copy of SuSE 8.2 yet, only 8.1. I am trying to get my hands on a > boxed copy of 8.2... Having worked most of it out I now find that MailScanner is up and running. Seems like SuSE 8.2 uses YaST2 to configure a chrooted environment for Postfix. No need for commandline skills. Problem now is that since I use Kmail I have to switch over to Pine to use MailScanner and SpamAssassin. Looks like Postfix or SpamAssassin is causing a mail delivery problem. Ah.. well.... off to another list I suppose :) Thanks -- Richard From richard at SHEFLUG.CO.UK Sat May 10 21:25:13 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Bug Found Message-ID: <200305102125.13933.richard@sheflug.co.uk> Hi Further to the last one.. After getting MailScanner up and running on SuSE 8.2 I have now found an error message in /var/log/mail.......... May 10 21:20:58 sheflug MailScanner[4956]: Unrecognised keyword "postfix" at line 99 May 10 21:20:58 sheflug MailScanner[4956]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. May 10 21:21:08 sheflug MailScanner[4957]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 10 21:21:08 sheflug MailScanner[4957]: Syntax error(s) in configuration file: May 10 21:21:08 sheflug MailScanner[4957]: Unrecognised keyword "postfix" at line 99 May 10 21:21:08 sheflug MailScanner[4957]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Waiting for data... (interrupt to abort) Line 99 says ... # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset line 99 > postfix = /usr/sbin/sendmail References: <5C0296D26910694BB9A9BBFC577E7AB001175301@pascal.priv.bmrb.co.uk> Message-ID: <1052600485.3754.1.camel@bach.kevinspicer.co.uk> I think this should be Sendmail = rather than Postfix = On Sat, 2003-05-10 at 21:25, Richard Ibbotson wrote: Hi Further to the last one.. After getting MailScanner up and running on SuSE 8.2 I have now found an error message in /var/log/mail.......... May 10 21:20:58 sheflug MailScanner[4956]: Unrecognised keyword "postfix" at line 99 May 10 21:20:58 sheflug MailScanner[4956]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. May 10 21:21:08 sheflug MailScanner[4957]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 10 21:21:08 sheflug MailScanner[4957]: Syntax error(s) in configuration file: May 10 21:21:08 sheflug MailScanner[4957]: Unrecognised keyword "postfix" at line 99 May 10 21:21:08 sheflug MailScanner[4957]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Waiting for data... (interrupt to abort) Line 99 says ... # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset line 99 > postfix = /usr/sbin/sendmail Message-ID: <001701c31737$2adf8e40$6901a8c0@home.middlefinger.net> Did you follow the postfix install guide at http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml ? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Richard Ibbotson > Sent: Saturday, May 10, 2003 3:25 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Bug Found > > > Hi > > Further to the last one.. > > After getting MailScanner up and running on SuSE 8.2 I have > now found an error message in /var/log/mail.......... > > > May 10 21:20:58 sheflug MailScanner[4956]: Unrecognised > keyword "postfix" at line 99 May 10 21:20:58 sheflug > MailScanner[4956]: Aborting due to syntax errors in > /etc/MailScanner/MailScanner.conf. > May 10 21:21:08 sheflug MailScanner[4957]: MailScanner E-Mail > Virus Scanner version 4.20-3 starting... May 10 21:21:08 > sheflug MailScanner[4957]: Syntax error(s) in configuration > file: May 10 21:21:08 sheflug MailScanner[4957]: Unrecognised > keyword "postfix" at line 99 May 10 21:21:08 sheflug > MailScanner[4957]: Aborting due to syntax errors in > /etc/MailScanner/MailScanner.conf. > Waiting for data... (interrupt to abort) > > > Line 99 says ... > > # Set how to invoke MTA when sending messages MailScanner has > created # (e.g. to sender/recipient saying "found a virus in > your message") # This can also be the filename of a ruleset > line 99 > postfix = /usr/sbin/sendmail > If I change this to "postfix = /usr/sbin/postfix" I still > get the same errors. Can anyone give a clue about what I > might have done wrong ? Looked at the other config files and > it should work ? > > > -- > Richard > From richard at SHEFLUG.CO.UK Sat May 10 22:51:31 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Bug Found In-Reply-To: <1052600485.3754.1.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175301@pascal.priv.bmrb.co.uk> <1052600485.3754.1.camel@bach.kevinspicer.co.uk> Message-ID: <200305102251.31613.richard@sheflug.co.uk> Kevin > I think this should be > Sendmail = > rather than > Postfix = >May 10 22:48:14 sheflug MailScanner[5898]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to May 10 22:48:16 sheflug MailScanner[5898]: Using locktype = flock Hmm... that fixed it :) Too many config files and too many hours in front of a keyboard. Now I see the SpamAssassin error message above. Have to have a look into that. Thanks -- Richard From richard at SHEFLUG.CO.UK Sat May 10 22:52:46 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Bug Found In-Reply-To: <001701c31737$2adf8e40$6901a8c0@home.middlefinger.net> References: <001701c31737$2adf8e40$6901a8c0@home.middlefinger.net> Message-ID: <200305102252.46677.richard@sheflug.co.uk> > Did you follow the postfix install guide at > http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml ? Yes. Checked it twice to make sure. -- Richard From dbird at SGHMS.AC.UK Sun May 11 03:47:22 2003 From: dbird at SGHMS.AC.UK (Daniel B ird) Date: Thu Jan 12 21:18:01 2006 Subject: spamassassin 2.53 & MailScanner References: Message-ID: <3EBDB9BA.6000702@sghms.ac.uk> Ron E. wrote: >Dear All, > >Just wondering if anyone out there has any suggestions for >improving/tweaking SpamAssassin (2.53) settings -- I am running >MailScanner & SpamAssassin 2.53 but still getting a fair amount of spam >not over the default score of 5, or sometimes even with a negative score. > >I'm running a pretty busy system that handles about 15-20k messages per >day. > >I have tried lowering the score threshold but of course then I get more >false positives. I've seen mention that SpamAssassin 2.60 is much improved >but I hesitate to use it at this point. > >One idea I had was enabling Vipul's Razor, but I've never used it. Any >input would be of interest. > >Thanks! > >-Ron > > > As mentioned in a lot of the other posts, Razor2, Pyzor and DCC help bump up the scores (but will use more bandwidth - not sure if that'll be an issue for you) Additionally, there was a lot of talk recently on the SA list about multiple forged MUA's bring down the scores and some sample rules posted to help this situation . I believe this will be fixed, along with new scores for the negatives in 2.54, but don't quote me on that (sorry, can't find the original post, but if anyone is interested I'll post what I have) I also bump up the scores of stuff we see regularly, mostly pornography and those little blue tabs! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Mailscanner thanks transtec Computers for their support. From tom at TILMANT.COM Sun May 11 05:13:40 2003 From: tom at TILMANT.COM (=?iso-8859-1?B?VLI=?=) Date: Thu Jan 12 21:18:01 2006 Subject: MS RBL Check action option? In-Reply-To: <3EBDB9BA.6000702@sghms.ac.uk> Message-ID: <000101c31773$b77ac4a0$6eeb14ac@doublet> Is there an action option for positive MS RBL checks? I would like to still deliver spam that has a low SpamAssassin score and don't want to use SpamAssassin to handle the RBL checks. If there isn't, is there another way for me to accomplish this? Tom From dbird at SGHMS.AC.UK Sun May 11 11:43:14 2003 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:18:01 2006 Subject: MS RBL Check action option? References: <000101c31773$b77ac4a0$6eeb14ac@doublet> Message-ID: <3EBE2942.8000302@sghms.ac.uk> I guess you want to turn off RBL checks is MS and let SA do them (then they just contribute to the score) In MailScanner.conf Spam List = #ORDB-RBL Infinite-Monkeys MAPS-RBL+ costs money (except .ac.uk) or Spam List = and then in spam.assassain.prefs.conf skip_rbl_checks = 0 or skip_rbl_checks = 1 if you want to turn them off altogether. T? wrote: >Is there an action option for positive MS RBL checks? I would like to >still deliver spam that has a low SpamAssassin score and don't want to >use SpamAssassin to handle the RBL checks. > >If there isn't, is there another way for me to accomplish this? > >Tom > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Mailscanner thanks transtec Computers for their support. From donovan at HUFFDATASYSTEMS.COM Sun May 11 13:39:59 2003 From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS) Date: Thu Jan 12 21:18:01 2006 Subject: Spammers circumvent MS References: <5.2.1.1.2.20030510122427.024159d8@imap.ecs.soton.ac.uk> Message-ID: <004001c317ba$841c02d0$10c75a42@x27> Julian, When I said in e-mails, I mean in the body of the e-mail, kind of like how SpamAssassin works, but think a dynamic rule set that could be pulled from a server/etc, kind of like antivirus signatures. Regards, Donovan Huff Owner/Operator HUFF DATA SYSTEMS donovan@huffdatasystems.com http://www.huffdatasystems.com/ (361) 781-0631 ------------------------------------------------------ Web Hosting Starting at $5.00/mo http://www.huffdatasystems.com/ ------------------------------------------------------ Internet Access Just About Anywhere http://UnlimitedCheapInternet.com/ ------------------------------------------------------ ----- Original Message ----- From: "Julian Field" To: Sent: Saturday, May 10, 2003 6:25 AM Subject: Re: Spammers circumvent MS > At 11:16 10/05/2003, you wrote: > >If I was an intelligent SPAMMER *laugh*, I could just run the SPAM I > >intended to send out thru MailScanner w/ SA and make sure that > >it scored low enough to get thru and if it didn't, then modify it till it > >did. This is likely why a lot of the SPAM recently seems > >to be going more towards the plain text side with a simple web link. That > >makes me think, maybe there needs to be a new BL that has > >domains/IPs/IP ranges/URLs in it and matches them if in e-mails, I'm not > >aware of anything that does this now. > > This is what people like Spamhaus try to do. They target known spammers > rather than open relays. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From richard at SHEFLUG.CO.UK Sun May 11 14:40:56 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: <200305102104.45329.richard@sheflug.co.uk> References: <5.2.1.1.2.20030510122620.022eb340@imap.ecs.soton.ac.uk> <200305102104.45329.richard@sheflug.co.uk> Message-ID: Hi Well, most things are working I think. Just a few niggly problems left. After re-starting MailScanner I now find the following error message in /var/log/mail... May 11 14:35:05 MailScanner[10565]: Using locktype = flock May 11 14:35:14 MailScanner[10566]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 11 14:35:14 MailScanner[10566]: User's home directory /var/spool/postfix is not writable May 11 14:35:14 MailScanner[10566]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to Would anyone like to point me in the direction of sorting these out ? The postfix not writable problem is something that I'm really not sure about. Thanks Richard From mailscanner at ecs.soton.ac.uk Sun May 11 14:48:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: References: <200305102104.45329.richard@sheflug.co.uk> <5.2.1.1.2.20030510122620.022eb340@imap.ecs.soton.ac.uk> <200305102104.45329.richard@sheflug.co.uk> Message-ID: <5.2.1.1.2.20030511144459.01e6d028@imap.ecs.soton.ac.uk> At 14:40 11/05/2003, you wrote: >May 11 14:35:14 MailScanner[10566]: User's home directory >/var/spool/postfix is not writable >May 11 14:35:14 MailScanner[10566]: You need to set the >"SpamAssassin User State Dir" to a directory that the "Run As User" >can write to I hoped that would be pretty clear. Look up the "Run As User" in MailScanner.conf. Create a directory somewhere sensible and make sure that user can write to it. mkdir /var/spool/MailScanner/spamassassin chown postfix.postfix /var/spool/MailScanner/spamassassin Then set SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin in MailScanner.conf. If you have a suggestion for a clearer error message, I'm all ears :-) >Would anyone like to point me in the direction of sorting these out ? >The postfix not writable problem is something that I'm really not sure >about. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From richard at SHEFLUG.CO.UK Sun May 11 16:19:47 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: <5.2.1.1.2.20030511144459.01e6d028@imap.ecs.soton.ac.uk> References: <200305102104.45329.richard@sheflug.co.uk> <5.2.1.1.2.20030510122620.022eb340@imap.ecs.soton.ac.uk> <200305102104.45329.richard@sheflug.co.uk> <5.2.1.1.2.20030511144459.01e6d028@imap.ecs.soton.ac.uk> Message-ID: Julian > If you have a suggestion for a clearer error message, I'm all ears :-) Hmm.. dunno. I'll have a think about it. Now I'm getting.... May 11 16:17:14 MailScanner[11149]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 11 16:17:14 MailScanner[11149]: /var/spool/postfix/incoming is not owned by user 500 ! So, I think I have to add myself to something somewhere. Not sure what /var/spool/postfix/incoming refers to. The brain begins to hurt :) Thanks Richard From kevins at BMRB.CO.UK Sun May 11 17:33:33 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:01 2006 Subject: Confused In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> Message-ID: <1052670816.5804.13.camel@bach.kevinspicer.co.uk> /var/spool/postfix/incoming is not owned by user 500 ! Hmmmmm, user 500 is usually a 'real' (human) user. Why is MS running as that? I can't imagine that SuSE would have postfix running with uid 500. Maybe you are not starting MS as root, which would prevent it & postfix from su'ing to the user they are supposed to run as? As a general rule of thumb you need to make sure that you specify the user and group that postfix run as in MailScanner.conf (Run As User and Run As Group), make sure that the postfix user has a real home directory specified in /etc/passwd (if not, change it with usermod) and that that home directory is writable by the postfix user. Ensure that the SpamAssassin User State Dir entry in MailScanner.conf points to that directory. Finally start MailScanner by su'ing to root ('su -' not just 'su') and doing /etc/init.d/MailScanner start BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From richard at SHEFLUG.CO.UK Sun May 11 18:44:07 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:02 2006 Subject: Confused In-Reply-To: <1052670816.5804.13.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> Message-ID: Kevin > /var/spool/postfix/incoming is not owned by user 500 ! > > Hmmmmm, user 500 is usually a 'real' (human) user. Why is MS running as > that? Ah !! I thought I was just being stupid :) Looking under YaST2 rather than using a simple command line expression I find that... login: richard name: Richard UID: 500 Groups: users, uucp, dialout, audio, floppy, cdrom, video, postfix, snort. > I can't imagine that SuSE would have postfix running with uid 500. Dunno > As a general rule of thumb you need to make sure that you specify the > user and group that postfix run as in MailScanner.conf (Run As User and > Run As Group), So, put 500 and not richard ? >make sure that the postfix user has a real home directory > specified in /etc/passwd (if not, change it with usermod) and that that > home directory is writable by the postfix user. Hmmm... not sure how to do that one. >Ensure that the > SpamAssassin User State Dir entry in MailScanner.conf points to that > directory. Finally start MailScanner by su'ing to root ('su -' not just > 'su') and doing /etc/init.d/MailScanner start result: >sheflug:~ # /etc/init.d/MailScanner start >Initializing sendmail and MailScannersendmail: invalid option -- O >sendmail: fatal: usage: sendmail [options] No such directory Richard From dene at DATATECHIE.COM Sun May 11 18:46:48 2003 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:18:02 2006 Subject: saving spam for Bayes repopulation Message-ID: <5.1.0.14.2.20030511133851.02ce9008@192.168.1.112> Hey all- I am curious about how anyone on this list is saving spam for future repopulation of Bayes if a database ever gets corrupted. I am using RHL 7.3, SA, MS, and sendmail. I have created the "spam" and "notspam" boxes as described by Julian and am "redirecting" all appropriate messages tot hose boxes. I am wondering if those boxes are retaining all of the emails that are sent there or if SA somehow deletes the messages after they have been scanned by sa-learn and have served their immediate purpose. If they are kept in their respective boxes- then is it safe to assume that if Bayes ever needs to be rebuilt that just running the sa-learn command again will properly scan all of those saved emails at once? If they are not kept - what is the best way to save them for future use if they are ever needed. ps- I have noticed that I have a file that is over 60 megs located at /var/mail/spool/spam.cumulative as well as a /var/mail/spool/notspam.cumulative that is not quite as large. Are these the actual files all of the redirected messages are being saved in? thanks Dene Ulmschneider From mailscanner at ecs.soton.ac.uk Sun May 11 18:48:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Confused In-Reply-To: References: <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> Message-ID: <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> At 18:44 11/05/2003, you wrote: >Kevin > > > /var/spool/postfix/incoming is not owned by user 500 ! > > > > Hmmmmm, user 500 is usually a 'real' (human) user. Why is MS running as > > that? > > >Ah !! I thought I was just being stupid :) Looking under YaST2 >rather than using a simple command line expression I find that... > >login: richard name: Richard UID: 500 Groups: users, uucp, >dialout, audio, floppy, cdrom, video, postfix, snort. > > > I can't imagine that SuSE would have postfix running with uid 500. > >Dunno > > > As a general rule of thumb you need to make sure that you specify the > > user and group that postfix run as in MailScanner.conf (Run As User and > > Run As Group), > >So, put 500 and not richard ? > > >make sure that the postfix user has a real home directory > > specified in /etc/passwd (if not, change it with usermod) and that that > > home directory is writable by the postfix user. > >Hmmm... not sure how to do that one. > > >Ensure that the > > SpamAssassin User State Dir entry in MailScanner.conf points to that > > directory. Finally start MailScanner by su'ing to root ('su -' not just > > 'su') and doing /etc/init.d/MailScanner start > >result: > > >sheflug:~ # /etc/init.d/MailScanner start > >Initializing sendmail and MailScannersendmail: invalid option -- O > >sendmail: fatal: usage: sendmail [options] Run redhat-switchmail-nox and select postfix. Then /etc/rc.d/init.d/MailScanner stop Also edit /etc/sysconfig/MailScanner and make sure it says MTA=postfix -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun May 11 18:54:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: saving spam for Bayes repopulation In-Reply-To: <5.1.0.14.2.20030511133851.02ce9008@192.168.1.112> Message-ID: <5.2.1.1.2.20030511185320.02899ea0@imap.ecs.soton.ac.uk> At 18:46 11/05/2003, you wrote: >Hey all- > >I am curious about how anyone on this list is saving spam for future >repopulation of Bayes if a database ever gets corrupted. > >I am using RHL 7.3, SA, MS, and sendmail. I have created the "spam" and >"notspam" boxes as described by Julian and am "redirecting" all appropriate >messages tot hose boxes. I am wondering if those boxes are retaining all of >the emails that are sent there or if SA somehow deletes the messages after >they have been scanned by sa-learn and have served their immediate purpose. > >If they are kept in their respective boxes- then is it safe to assume that >if Bayes ever needs to be rebuilt that just running the sa-learn command >again will properly scan all of those saved emails at once? If they are not >kept - what is the best way to save them for future use if they are ever >needed. > >ps- >I have noticed that I have a file that is over 60 megs located at >/var/mail/spool/spam.cumulative as well as a >/var/mail/spool/notspam.cumulative that is not quite as large. Are these >the actual files all of the redirected messages are being saved in? Yes. That's why they are saved in the cumulative file. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From richard at SHEFLUG.CO.UK Sun May 11 19:10:38 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:02 2006 Subject: Confused In-Reply-To: <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> References: <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> Message-ID: Julian > Run redhat-switchmail-nox and select postfix. > Then No such thing exists. > /etc/rc.d/init.d/MailScanner stop > Also edit /etc/sysconfig/MailScanner and make sure it says > MTA=postfix No such file or directory. This is my /etc/sysconfig for MailScanner. Any particular place ? # # with what parameters should the incoming sendmail be started? # this is used to provide SMTP service and queue mail into # /var/spool/mqueue.in, ready for scanning by MailScanner. # normal sites use "-bd -om". # SENDMAIL_IN_ARGS="-L sendmail-in -Am -bd -om" # # with what parameters should the outgoing sendmail be started? # this is used to deliver mail that has been scanned by MailScanner. # normal sites use "-q30m -om". # SENDMAIL_OUT_ARGS="-L sendmail-out -Am -q30m -om" # # where does MailScanner unpack messages for scanning? # normal sites use "/var/spool/MailScanner/incoming". # MAILSCANNER_WORKDIR="/var/spool/MailScanner/incoming" # # where does the incoming sendmail deposit messages, so that # MailScanner can collect and scan them? # normal sites use "/var/spool/mqueue.in". # MAILSCANNER_INQDIR="/var/spool/postfix.in/deferred" # # where is the main sendmail binary? # Configurable in case you use a non-RPM local build of sendmail # SENDMAIL="/usr/sbin/sendmail" Richard From mailscanner at ecs.soton.ac.uk Sun May 11 19:17:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Confused In-Reply-To: References: <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> At 19:10 11/05/2003, you wrote: > > Run redhat-switchmail-nox and select postfix. >No such thing exists. Okay, so you're running on an oldish copy of RedHat or something other than RedHat. > > /etc/rc.d/init.d/MailScanner stop > > Also edit /etc/sysconfig/MailScanner and make sure it says > > MTA=postfix > >No such file or directory. What OS / dist / version are you running? > This is my /etc/sysconfig for MailScanner. >Any particular place ? If you are using the SuSE distro, then the MailScanner init.d script is a bit behind the RedHat one. One for the fix list some time. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From richard at SHEFLUG.CO.UK Sun May 11 19:22:30 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:02 2006 Subject: Confused In-Reply-To: <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> Message-ID: Julian > What OS / dist / version are you running? I explained it was SuSE 8.2 yesterday. Richard From michele at BLACKNIGHTSOLUTIONS.COM Mon May 12 01:17:11 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:02 2006 Subject: Whitelists In-Reply-To: References: <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.0.20030512021515.01e2c528@blacknightsolutions.com> If I wanted to add a SPAM whitelist database, such as query.bondedsender.org, to Mailscanner, what would be the best approach? Michele ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From gerry at DORFAM.CA Mon May 12 01:34:37 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:02 2006 Subject: Mail Server Acting Up Again? Message-ID: I've been getting reject notices of mail I sent and was posted to the list last week. It looks like the mail list was trying to post the messages again and they were rejected??? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mikea at MIKEA.ATH.CX Mon May 12 03:17:47 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:02 2006 Subject: Mail Server Acting Up Again? In-Reply-To: ; from gerry@DORFAM.CA on Sun, May 11, 2003 at 08:34:37PM -0400 References: Message-ID: <20030511211747.A6653@mikea.ath.cx> On Sun, May 11, 2003 at 08:34:37PM -0400, Gerry Doris wrote: > I've been getting reject notices of mail I sent and was posted to the list > last week. It looks like the mail list was trying to post the messages > again and they were rejected??? Ditto, for at least one note to the list. Odd ... -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mailscanner at ecs.soton.ac.uk Mon May 12 08:33:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Mail Server Acting Up Again? In-Reply-To: <20030511211747.A6653@mikea.ath.cx> References: Message-ID: <5.2.0.9.2.20030512083247.04188ea0@imap.ecs.soton.ac.uk> At 03:17 12/05/2003, you wrote: >On Sun, May 11, 2003 at 08:34:37PM -0400, Gerry Doris wrote: > > I've been getting reject notices of mail I sent and was posted to the list > > last week. It looks like the mail list was trying to post the messages > > again and they were rejected??? > >Ditto, for at least one note to the list. Odd ... I mailed the offender last night, and gave him/her a chance to fix their mail system before I unsubscribe them. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 12 08:32:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Whitelists In-Reply-To: <5.2.1.1.0.20030512021515.01e2c528@blacknightsolutions.com> References: <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030512083204.04182c78@imap.ecs.soton.ac.uk> At 01:17 12/05/2003, you wrote: >If I wanted to add a SPAM whitelist database, such as >query.bondedsender.org, to Mailscanner, what would be the best approach? It currently only supports RBL blacklists, I've never come across an RBL whitelist before... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Kevin.Spicer at BMRB.CO.UK Mon May 12 08:49:31 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:02 2006 Subject: Whitelists Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF57F@pascal.priv.bmrb.co.uk> Maybe you could set it up in SpamAssassin and assign a negative score? > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: 12 May 2003 08:33 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Whitelists > > > At 01:17 12/05/2003, you wrote: > >If I wanted to add a SPAM whitelist database, such as > >query.bondedsender.org, to Mailscanner, what would be the > best approach? > > It currently only supports RBL blacklists, I've never come > across an RBL > whitelist before... > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From raymond at PROLOCATION.NET Mon May 12 08:56:06 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:02 2006 Subject: Whitelists In-Reply-To: <5.2.0.9.2.20030512083204.04182c78@imap.ecs.soton.ac.uk> Message-ID: Hi! > >If I wanted to add a SPAM whitelist database, such as > >query.bondedsender.org, to Mailscanner, what would be the best approach? > > It currently only supports RBL blacklists, I've never come across an RBL > whitelist before... THOSE would be interesting lists for spammers :) Bye, Raymond. From paul.hamilton at sme-ecom.co.uk Mon May 12 09:16:13 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:18:02 2006 Subject: No subject Message-ID: <000001c3185e$c1b71720$fc32000a@4> Hi All, We wish to use SA only to do RBL checks. Could someone confirm that we have got the syntax correct, before we press the button. We have included the following in our spam.assassin.prefs.conf is this correct? score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_RELAYS.ORDB.ORG 4 score RCVD_IN_PROXIES.RELAYS.MONKEYS.COM 4 score RCVD_IN_RELAYS.OSIRUSOFT.COM 4 Thanks in advance Paul H. From paul.hamilton at sme-ecom.co.uk Mon May 12 09:18:48 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:18:02 2006 Subject: RBL's in SA Message-ID: <000101c3185f$1da4b880$fc32000a@4> Hi All, Apologies last one had no subject........ We wish to use SA only to do RBL checks. Could someone confirm that we have got the syntax correct, before we press the button. We have included the following in our spam.assassin.prefs.conf is this correct? score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_RELAYS.ORDB.ORG 4 score RCVD_IN_PROXIES.RELAYS.MONKEYS.COM 4 score RCVD_IN_RELAYS.OSIRUSOFT.COM 4 Thanks in advance Paul H. From tom at TILMANT.COM Mon May 12 09:53:56 2003 From: tom at TILMANT.COM (=?iso-8859-1?B?VLI=?=) Date: Thu Jan 12 21:18:02 2006 Subject: RH9 Parser.pm error Message-ID: <000701c31864$0a7371c0$6eeb14ac@doublet> I have just upgraded from RH7.3 to RH9 and now receive the following error when starting Mailscanner: [root@ns MailScanner-4.20-1]# /etc/init.d/MailScanner start Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 40. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 40. Compilation failed in require at /usr/sbin/MailScanner line 48. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 48. [ OK ] I have checked and the RPM has been installed at /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/HTML/Parser.pm. If I try to uninstall the rpm, it errors out with ?perl(HTML::Parser) is needed by (installed) perl-libwww-perl-5.65-6?. I have checked the threads and it seems that others have it installed on RH9 and don?t have the problem. I appreciate any help. Tom -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/66a33e47/attachment.html From michele at BLACKNIGHTSOLUTIONS.COM Mon May 12 10:23:32 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:02 2006 Subject: Whitelists In-Reply-To: <5.2.0.9.2.20030512083204.04182c78@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5C0296D26910694BB9A9BBFC577E7AB00117530C@pascal.priv.bmrb.co.uk> <1052670816.5804.13.camel@bach.kevinspicer.co.uk> <5.2.1.1.2.20030511184657.0284e4e8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030511191529.0284ce70@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030512083204.04182c78@imap.ecs.soton.ac.uk> Message-ID: <3337.213.140.31.170.1052731412.squirrel@www.blacknightsolutions.com> > At 01:17 12/05/2003, you wrote: >>If I wanted to add a SPAM whitelist database, such as >>query.bondedsender.org, to Mailscanner, what would be the best >> approach? > > It currently only supports RBL blacklists, I've never come across an RBL > whitelist before... There are a number listed at: http://www.declude.com/JunkMail/Support/ip4r.htm -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From Richard.Lush at HP.COM Mon May 12 10:37:09 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:18:02 2006 Subject: Webmin Module 0.5 Beta Message-ID: <13095CFC38D38E418844A18124E8EC7708771C@sdcexcea01.emea.cpqcorp.net> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2832 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/b29f61c0/smime.bin From dbird at SGHMS.AC.UK Mon May 12 10:57:57 2003 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:18:02 2006 Subject: RBL's in SA References: <000101c3185f$1da4b880$fc32000a@4> Message-ID: <3EBF7025.80100@sghms.ac.uk> Paul Hamilton wrote: >Hi All, > >Apologies last one had no subject........ > >We wish to use SA only to do RBL checks. >Could someone confirm that we have got the syntax correct, >before we press the button. > >We have included the following in our spam.assassin.prefs.conf >is this correct? > >score RCVD_IN_BL_SPAMCOP_NET 4 >score RCVD_IN_RELAYS.ORDB.ORG 4 >score RCVD_IN_PROXIES.RELAYS.MONKEYS.COM 4 >score RCVD_IN_RELAYS.OSIRUSOFT.COM 4 > Not sure these are SA rules. Are they? Can't find them in my SA2.53 If the are then Yes, if you wish to have those specifc RBL's to have that score. SA does a whole load more as well by default. You may also wish to make sure you have skip_rbl_check = 0 just for tidyness. > >Thanks in advance > >Paul H. > > > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Everything is possible....except skiing through a revolving door. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Mon May 12 11:10:30 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: RH9 Parser.pm error In-Reply-To: <000701c31864$0a7371c0$6eeb14ac@doublet> Message-ID: <5.2.0.9.2.20030512110857.02f66200@imap.ecs.soton.ac.uk> At 09:53 12/05/2003, you wrote: >I have just upgraded from RH7.3 to RH9 and now receive the following error >when starting Mailscanner: Ah! There's your problem. Upgrading results in a load of Perl modules being installed in the wrong place, due to a new version of Perl in RH8 and 9. You can safely leave the RPM's in place, but use CPAN to install the modules again. perl -MCPAN -e shell o conf prerequisites_policy ask install HTML::Parser quit > > >[root@ns MailScanner-4.20-1]# /etc/init.d/MailScanner start > >Starting MailScanner daemons: > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC > contains: /usr/lib/MailScanner > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 40. > >BEGIN failed--compilation aborted at >/usr/lib/MailScanner/MailScanner/Message.pm line 40. > >Compilation failed in require at /usr/sbin/MailScanner line 48. > >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 48. > >[ OK ] > > > >I have checked and the RPM has been installed at >/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/HTML/Parser.pm. >If I try to uninstall the rpm, it errors out with perl(HTML::Parser) is >needed by (installed) perl-libwww-perl-5.65-6. I have checked the >threads and it seems that others have it installed on RH9 and dont have >the problem. I appreciate any help. > > > >Tom -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Richard.Lush at HP.COM Mon May 12 11:15:51 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:18:02 2006 Subject: SAVI Library errors RH8 Message-ID: <13095CFC38D38E418844A18124E8EC7708771F@sdcexcea01.emea.cpqcorp.net> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2832 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/fd2f25bd/smime.bin From dgeorgiades at POWERENG.COM Mon May 12 16:48:09 2003 From: dgeorgiades at POWERENG.COM (Derrick Georgiades) Date: Thu Jan 12 21:18:02 2006 Subject: Spammers circumvent MS Message-ID: What I am looking for is a way to delete high scoring spam even if the local user is whitelisted. Is this possible? Thanks Derrick Georgiades -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Saturday, May 10, 2003 5:25 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spammers circumvent MS At 11:16 10/05/2003, you wrote: >If I was an intelligent SPAMMER *laugh*, I could just run the SPAM I >intended to send out thru MailScanner w/ SA and make sure that >it scored low enough to get thru and if it didn't, then modify it till it >did. This is likely why a lot of the SPAM recently seems >to be going more towards the plain text side with a simple web link. That >makes me think, maybe there needs to be a new BL that has >domains/IPs/IP ranges/URLs in it and matches them if in e-mails, I'm not >aware of anything that does this now. This is what people like Spamhaus try to do. They target known spammers rather than open relays. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Mon May 12 17:33:44 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:02 2006 Subject: Encrypting Email In-Reply-To: Message-ID: <004401c318a4$417c1560$6901a8c0@home.middlefinger.net> Has anyone implemented a system to encrypt emails using GPG or something similar at the MTA? It'd be nice if there was an option in MS to do this on a per domain basis. Mike From brent at WHITE-DEV.QUATRO.COM Mon May 12 17:38:09 2003 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:18:02 2006 Subject: saving spam for Bayes repopulation In-Reply-To: <5.2.1.1.2.20030511185320.02899ea0@imap.ecs.soton.ac.uk> Message-ID: <200305121640.h4CGeSF20900@white-dev.quatro.com> I am using the learn script detailed in the Faq-o-matic, and it doesn't create a cumulative. Is there a newer version of the script I am missing? Brent -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Sunday, May 11, 2003 1:54 PM To: MAILSCANNER@JISCMAIL.AC.UK At 18:46 11/05/2003, you wrote: >Hey all- > >I am curious about how anyone on this list is saving spam for future >repopulation of Bayes if a database ever gets corrupted. > >I am using RHL 7.3, SA, MS, and sendmail. I have created the "spam" and >"notspam" boxes as described by Julian and am "redirecting" all appropriate >messages tot hose boxes. I am wondering if those boxes are retaining all of >the emails that are sent there or if SA somehow deletes the messages after >they have been scanned by sa-learn and have served their immediate purpose. > >If they are kept in their respective boxes- then is it safe to assume that >if Bayes ever needs to be rebuilt that just running the sa-learn command >again will properly scan all of those saved emails at once? If they are not >kept - what is the best way to save them for future use if they are ever >needed. > >ps- >I have noticed that I have a file that is over 60 megs located at >/var/mail/spool/spam.cumulative as well as a >/var/mail/spool/notspam.cumulative that is not quite as large. Are these >the actual files all of the redirected messages are being saved in? Yes. That's why they are saved in the cumulative file. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From jgoggan at DCG.COM Mon May 12 17:43:28 2003 From: jgoggan at DCG.COM (John Goggan) Date: Thu Jan 12 21:18:02 2006 Subject: Spam rule wildcards... Message-ID: <3EBFCF30.34415736@dcg.com> Sendmail allows the use of the "+" character to indicate additional data for a user -- without having an explicit alias set up to handle it. So, user johndoe@dcg.com can get mail at johndoe+spamtag@dcg.com without any additional configuration. However, I just noticed that this doesn't hit the intended rule in my spam.action.rules file. johndoe actually gets mail at multiple domains, so my rule for him looks like this: To: johndoe@* deliver What is the best way to handle this? Should I just add an additional rule for johndoe like this: To: johndoe+*@* deliver ...will that work as intended? Thanks! - John... From tom at TILMANT.COM Mon May 12 15:24:05 2003 From: tom at TILMANT.COM (=?iso-8859-1?B?VLI=?=) Date: Thu Jan 12 21:18:02 2006 Subject: RH9 Parser.pm error In-Reply-To: <5.2.0.9.2.20030512110857.02f66200@imap.ecs.soton.ac.uk> Message-ID: <002401c31892$28684600$6eeb14ac@doublet> Julian, I followed your instructions below to manual install the HTML::Parser and it was installed in the same directory as the upgraded RPM. I am still getting the error. Tom -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, May 12, 2003 3:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: RH9 Parser.pm error At 09:53 12/05/2003, you wrote: >I have just upgraded from RH7.3 to RH9 and now receive the following error >when starting Mailscanner: Ah! There's your problem. Upgrading results in a load of Perl modules being installed in the wrong place, due to a new version of Perl in RH8 and 9. You can safely leave the RPM's in place, but use CPAN to install the modules again. perl -MCPAN -e shell o conf prerequisites_policy ask install HTML::Parser quit > > >[root@ns MailScanner-4.20-1]# /etc/init.d/MailScanner start > >Starting MailScanner daemons: > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC > contains: /usr/lib/MailScanner > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 40. > >BEGIN failed--compilation aborted at >/usr/lib/MailScanner/MailScanner/Message.pm line 40. > >Compilation failed in require at /usr/sbin/MailScanner line 48. > >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 48. > >[ OK ] > > > >I have checked and the RPM has been installed at >/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/HTML/Parser.pm . >If I try to uninstall the rpm, it errors out with perl(HTML::Parser) is >needed by (installed) perl-libwww-perl-5.65-6. I have checked the >threads and it seems that others have it installed on RH9 and dont have >the problem. I appreciate any help. > > > >Tom -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 12 18:09:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Spam rule wildcards... In-Reply-To: <3EBFCF30.34415736@dcg.com> Message-ID: <5.2.1.1.2.20030512180810.023cde10@imap.ecs.soton.ac.uk> At 17:43 12/05/2003, you wrote: >Sendmail allows the use of the "+" character to indicate additional data for a >user -- without having an explicit alias set up to handle it. So, user >johndoe@dcg.com can get mail at johndoe+spamtag@dcg.com without any additional >configuration. > >However, I just noticed that this doesn't hit the intended rule in my >spam.action.rules file. johndoe actually gets mail at multiple domains, so my >rule for him looks like this: > >To: johndoe@* deliver > >What is the best way to handle this? Should I just add an additional rule for >johndoe like this: > >To: johndoe+*@* deliver > >...will that work as intended? That should do it. However, you could give the explicit regular expression in there if you want to: To: /^johndoe\+.*\@/ deliver (nothing is needed after the "\@" except for the closing "/" character. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 12 18:06:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Spammers circumvent MS In-Reply-To: Message-ID: <5.2.1.1.2.20030512180418.024c0c28@imap.ecs.soton.ac.uk> At 16:48 12/05/2003, you wrote: >What I am looking for is a way to delete high scoring spam even if the local >user is whitelisted. >Is this possible? No, sorry. This rather defeats the whitelist. The other thing you could do is implement the whitelist yourself in a Custom Function attached to the "Spam Actions" option instead of using the supplied "Is Definitely Not Spam" option. The "Spam Actions" could deliver the message if it is in your whitelist. >Thanks >Derrick Georgiades > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Saturday, May 10, 2003 5:25 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spammers circumvent MS > > >At 11:16 10/05/2003, you wrote: > >If I was an intelligent SPAMMER *laugh*, I could just run the SPAM I > >intended to send out thru MailScanner w/ SA and make sure that > >it scored low enough to get thru and if it didn't, then modify it till it > >did. This is likely why a lot of the SPAM recently seems > >to be going more towards the plain text side with a simple web link. That > >makes me think, maybe there needs to be a new BL that has > >domains/IPs/IP ranges/URLs in it and matches them if in e-mails, I'm not > >aware of anything that does this now. > >This is what people like Spamhaus try to do. They target known spammers >rather than open relays. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From brian at UNEARTHED.ORG Mon May 12 17:59:56 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:02 2006 Subject: F-Secure 4.50 and extremly high load.. working on a fix.. Message-ID: <004e01c318a9$bede3880$bc01020a@brianmay> I've been working with F-Secure on this issue, and it seems there is a file called .updatelock that appears after abrupt interruption of the database update process and locks updates and causes 100% cpu usage and causes fsav to time out in MailScanner.. all I need to find out is where the file is located and then wait for the problem to happen again and see if they are right... I'll let the list know when I find out more info... Brian From kevins at BMRB.CO.UK Mon May 12 18:27:16 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:02 2006 Subject: Encrypting Email In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175326@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175326@pascal.priv.bmrb.co.uk> Message-ID: <1052760437.5803.22.camel@bach.kevinspicer.co.uk> Has anyone implemented a system to encrypt emails using GPG or something similar at the MTA? I don't think thats half as easy as it sounds. The biggest problem would be getting the public keys for all recipients (although there are the key servers...). Its also likely to be computationally expensive if you want to do it for all mail (assuming all your recipients have a gpg key - which is frankly unlikely). Not to mention the bandwidth cost of having to send separately encrypted mails to each recipient (assuming my understanding is correct on that one). Digital signatures might be a more realistic prospect, but there are very good reasons why this should not be done at the MTA. Did you have a particular reason for wanting this? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mike at CAMAROSS.NET Mon May 12 18:30:40 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:02 2006 Subject: Encrypting Email In-Reply-To: <1052760437.5803.22.camel@bach.kevinspicer.co.uk> Message-ID: <004701c318ac$35df6420$6901a8c0@home.middlefinger.net> I only need to do this for a few email accounts and it has to do with HIPAA compliance. I'm not even sure yet whether or not it will be a requirement, but I want to be prepared. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer > Sent: Monday, May 12, 2003 12:27 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Encrypting Email > > > Has anyone implemented a system to encrypt emails using GPG > or something similar at the MTA? > > I don't think thats half as easy as it sounds. The biggest > problem would be getting the public keys for all recipients > (although there are the key servers...). Its also likely to > be computationally expensive if you want to do it for all > mail (assuming all your recipients have a gpg key - which is > frankly unlikely). Not to mention the bandwidth cost of > having to send separately encrypted mails to each recipient > (assuming my understanding is correct on that one). > > Digital signatures might be a more realistic prospect, but > there are very good reasons why this should not be done at the MTA. > > Did you have a particular reason for wanting this? > > > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact > the sender and delete this message immediately. Disclosure, > copying or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our business. > From mailscanner at ecs.soton.ac.uk Mon May 12 18:45:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Encrypting Email In-Reply-To: <1052760437.5803.22.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175326@pascal.priv.bmrb.co.uk> <5C0296D26910694BB9A9BBFC577E7AB001175326@pascal.priv.bmrb.co.uk> Message-ID: <5.2.1.1.2.20030512184436.023cd9a8@imap.ecs.soton.ac.uk> At 18:27 12/05/2003, you wrote: >Has anyone implemented a system to encrypt emails using GPG or something >similar >at the MTA? > >I don't think thats half as easy as it sounds. The biggest problem >would be getting the public keys for all recipients (although there are >the key servers...). Check SweepContent.pm line 161 and you will find a commented-out couple of lines of code which are designed to reap public keys from messages passing through MailScanner. > Its also likely to be computationally expensive if >you want to do it for all mail (assuming all your recipients have a gpg >key - which is frankly unlikely). Not to mention the bandwidth cost of >having to send separately encrypted mails to each recipient (assuming my >understanding is correct on that one). > >Digital signatures might be a more realistic prospect, but there are >very good reasons why this should not be done at the MTA. > >Did you have a particular reason for wanting this? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From ernest at OACYS.COM Mon May 12 18:39:34 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:02 2006 Subject: Encrypting Email In-Reply-To: <004701c318ac$35df6420$6901a8c0@home.middlefinger.net> References: <1052760437.5803.22.camel@bach.kevinspicer.co.uk> Message-ID: <5.2.0.9.2.20030512103643.01f05750@mail.oacys.com> At 12:30 PM 5/12/2003 -0500, you wrote: >I only need to do this for a few email accounts and it has to do with HIPAA >compliance. I'm not even sure yet whether or not it will be a >requirement, but >I want to be prepared. What email client do the users have? It would probably be fairly simple to write a rule that will check to ensure that the data is encrypted (look for the proper attachment/mime type) as it leaves. You would have to install a client on each machine (PGP 8.0 or Outlook), but that's probably the way this should be done regardless. --Ernest W. Lessenger OACYS Technology From aliassoft at WANADOO.FR Mon May 12 18:52:07 2003 From: aliassoft at WANADOO.FR (Alain g) Date: Thu Jan 12 21:18:02 2006 Subject: reject messages Message-ID: Hi, I have Mailscanner installed on my FreeBSD 4.8 box. My problem : servers prohibited in /etc/mail/access or messages sent to non local users are no more rejected immediatly. the system bounce the messages. Is it possible to get the normal operation ? Alain From mike at CAMAROSS.NET Mon May 12 19:19:57 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:02 2006 Subject: Encrypting Email In-Reply-To: <5.2.0.9.2.20030512103643.01f05750@mail.oacys.com> Message-ID: <005501c318b3$1868cd80$6901a8c0@home.middlefinger.net> The objective is to have forms submitted via https encrypted. Client to client is easy using PGP or similar on the Win desktops. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ernest W. Lessenger > Sent: Monday, May 12, 2003 12:40 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Encrypting Email > > > At 12:30 PM 5/12/2003 -0500, you wrote: > >I only need to do this for a few email accounts and it has > to do with > >HIPAA compliance. I'm not even sure yet whether or not it will be a > >requirement, but I want to be prepared. > > What email client do the users have? It would probably be > fairly simple to write a rule that will check to ensure that > the data is encrypted (look for the proper attachment/mime > type) as it leaves. You would have to install a client on > each machine (PGP 8.0 or Outlook), but that's probably the > way this should be done regardless. > > --Ernest W. Lessenger > OACYS Technology > From nathan at TCPNETWORKS.NET Mon May 12 20:06:26 2003 From: nathan at TCPNETWORKS.NET (Nathan Johanson) Date: Thu Jan 12 21:18:02 2006 Subject: Multiple RBL Hits and High Scoring Action Message-ID: Hello, I am using MailScanner's RBL functionality (and bypassing Spam Assassin's RBL checks). Would it be difficult to add a feature to MailScanner that triggers the high scoring spam action when the sending system is found on more than one blacklist? I figure if two or more blacklists are triggered, the spamminess probability is high enough to warrant deletion. I know there was some discussion about turning off RBLs in MailScanner and using SpamAssassin to set higher scores per blacklist in order the exceed the high score threshold. But this doesn't really work for me, as I don't want to delete if found on any *single* blacklist, but rather delete if found on *more than one*. Can it be done? Thanks. Nathan Johanson Email: nathan@tcpnetworks.net -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, May 12, 2003 10:09 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam rule wildcards... At 17:43 12/05/2003, you wrote: >Sendmail allows the use of the "+" character to indicate additional data for a >user -- without having an explicit alias set up to handle it. So, user >johndoe@dcg.com can get mail at johndoe+spamtag@dcg.com without any additional >configuration. > >However, I just noticed that this doesn't hit the intended rule in my >spam.action.rules file. johndoe actually gets mail at multiple domains, so my >rule for him looks like this: > >To: johndoe@* deliver > >What is the best way to handle this? Should I just add an additional rule for >johndoe like this: > >To: johndoe+*@* deliver > >...will that work as intended? That should do it. However, you could give the explicit regular expression in there if you want to: To: /^johndoe\+.*\@/ deliver (nothing is needed after the "\@" except for the closing "/" character. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 12 20:18:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Multiple RBL Hits and High Scoring Action In-Reply-To: Message-ID: <5.2.1.1.2.20030512201639.02871d78@imap.ecs.soton.ac.uk> That should be possible. Addition of a config file option saying something like Spam Lists To Reach High Score = 2 would be needed, as you can guarantee someone will need to tweak it. Set it to a large number to never reach a high score. By default I will supply "5" or something like that so people don't get a change in behaviour. Would that do? At 20:06 12/05/2003, you wrote: >Hello, > >I am using MailScanner's RBL functionality (and bypassing Spam >Assassin's RBL checks). > >Would it be difficult to add a feature to MailScanner that triggers the >high scoring spam action when the sending system is found on more than >one blacklist? I figure if two or more blacklists are triggered, the >spamminess probability is high enough to warrant deletion. > >I know there was some discussion about turning off RBLs in MailScanner >and using SpamAssassin to set higher scores per blacklist in order the >exceed the high score threshold. But this doesn't really work for me, as >I don't want to delete if found on any *single* blacklist, but rather >delete if found on *more than one*. > >Can it be done? > >Thanks. > >Nathan Johanson >Email: nathan@tcpnetworks.net > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, May 12, 2003 10:09 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spam rule wildcards... > > >At 17:43 12/05/2003, you wrote: > >Sendmail allows the use of the "+" character to indicate additional >data for a > >user -- without having an explicit alias set up to handle it. So, user > >johndoe@dcg.com can get mail at johndoe+spamtag@dcg.com without any >additional > >configuration. > > > >However, I just noticed that this doesn't hit the intended rule in my > >spam.action.rules file. johndoe actually gets mail at multiple >domains, so my > >rule for him looks like this: > > > >To: johndoe@* deliver > > > >What is the best way to handle this? Should I just add an additional >rule for > >johndoe like this: > > > >To: johndoe+*@* deliver > > > >...will that work as intended? > >That should do it. However, you could give the explicit regular >expression >in there if you want to: >To: /^johndoe\+.*\@/ deliver >(nothing is needed after the "\@" except for the closing "/" character. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscannerlist at TNJINFL.COM Mon May 12 20:18:21 2003 From: mailscannerlist at TNJINFL.COM (James Pifer) Date: Thu Jan 12 21:18:02 2006 Subject: More and more spam getting through Message-ID: <1052767101.26694.6.camel@tweety.tnjinfl.com> Hi. We've been running MailScanner/SpammAssassin for quite some time now and like it a lot. It does seem as though over time more and more spam seems to get through. I've also noticed this on my home system, which is on a slightly newer release of MailScanner. It seems like I a couple spams a day get through now, where as before it was one every few days. How do people deal with this? Right now we run: MailScanner 4.13-3 SpamAssassin 2.50-3 Sendmail 8.12.8-5.80 I know there are some newer versions of MailScanner out there, maybe that would help? Any suggestions are appreciated. James From mbowman at UDCOM.COM Mon May 12 20:29:52 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:02 2006 Subject: More and more spam getting through Message-ID: Hello You are not the only one to notice the increase in spam getting through. For what it is worth, we lowered our threshold to 4 which has helped a great deal. I am using SA 2.43 sendmail 8.11.6. Mattthew. James Pifer Sent by: MailScanner mailing list 05/12/2003 03:18 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: More and more spam getting through Hi. We've been running MailScanner/SpammAssassin for quite some time now and like it a lot. It does seem as though over time more and more spam seems to get through. I've also noticed this on my home system, which is on a slightly newer release of MailScanner. It seems like I a couple spams a day get through now, where as before it was one every few days. How do people deal with this? Right now we run: MailScanner 4.13-3 SpamAssassin 2.50-3 Sendmail 8.12.8-5.80 I know there are some newer versions of MailScanner out there, maybe that would help? Any suggestions are appreciated. James From mike at CAMAROSS.NET Mon May 12 20:31:14 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:02 2006 Subject: More and more spam getting through In-Reply-To: <1052767101.26694.6.camel@tweety.tnjinfl.com> Message-ID: <005c01c318bd$0d79d680$6901a8c0@home.middlefinger.net> I'd upgrade to SpamAssassin 2.53 and add DCC and Razor2 into the mix. What are your spam score thresholds set to? Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James Pifer > Sent: Monday, May 12, 2003 2:18 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: More and more spam getting through > > > Hi. We've been running MailScanner/SpammAssassin for quite > some time now and like it a lot. It does seem as though over > time more and more spam seems to get through. > > I've also noticed this on my home system, which is on a > slightly newer release of MailScanner. It seems like I a > couple spams a day get through now, where as before it was > one every few days. > > How do people deal with this? > > Right now we run: > MailScanner 4.13-3 > SpamAssassin 2.50-3 > Sendmail 8.12.8-5.80 > > I know there are some newer versions of MailScanner out > there, maybe that would help? > > Any suggestions are appreciated. > James > From jaearick at COLBY.EDU Mon May 12 20:36:43 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:02 2006 Subject: spamassassin 2.54 released Message-ID: see www.spamassassin.org... From kevins at BMRB.CO.UK Mon May 12 20:37:20 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:02 2006 Subject: Encrypting Email In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175330@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175330@pascal.priv.bmrb.co.uk> Message-ID: <1052768240.5804.26.camel@bach.kevinspicer.co.uk> On Mon, 2003-05-12 at 19:19, Mike Kercher wrote: The objective is to have forms submitted via https encrypted. Well GPG is scriptable, so why not just have the CGI script encrypt the data? MailScanner can reject mail that isn't encrypted (use a ruleset if you need to) if you want it to. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From evertjan at VANRAMSELAAR.NL Mon May 12 20:54:51 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:02 2006 Subject: Multiple RBL Hits and High Scoring Action In-Reply-To: <5.2.1.1.2.20030512201639.02871d78@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030512201639.02871d78@imap.ecs.soton.ac.uk> Message-ID: <3EBFFC0B.1000407@vanramselaar.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | That should be possible. Addition of a config file option saying | something like | Spam Lists To Reach High Score = 2 | would be needed, as you can guarantee someone will need to tweak it. Set it | to a large number to never reach a high score. By default I will supply "5" | or something like that so people don't get a change in behaviour. | | Would that do? I also think this would be a good addition and this setup should work fine for me. - -- ~ Evert Jan van Ramselaar ~ Van Ramselaar Info Tech -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1-nr1 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+v/wKtQzUJRIC2pURApjAAJ4m0/ND9XC1PYNQX+DeMYRSJMebVwCgvAXW ri6TSTODfsLOspBC9hX6OOg= =TUMI -----END PGP SIGNATURE----- From andersan at LTKALMAR.SE Mon May 12 21:03:13 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:18:02 2006 Subject: SV: Encrypting Email Message-ID: <9F18B7DDBA88E544AB1F199514891666014720@lkl63.ltkalmar.se> Hi We had a solution like that before. It scanned all messages for public pgp-keys and stored for future mails. So if we had a key the mail would automaticly be encrypted at the MTA. We used it for sending secure mail between different healtcare places in sweden. It wasnt cheap so after 2 years we got order to stop using it. The idea was good but to expensive.... Maybe there will be a open-source version some day. If you wanna take a look at it go to http://www.tenfour.se/english/tfssms.asp /Anders > -----Ursprungligt meddelande----- > Fr?n: Mike Kercher [mailto:mike@CAMAROSS.NET] > Skickat: den 12 maj 2003 18:34 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Encrypting Email > > > Has anyone implemented a system to encrypt emails using GPG > or something similar at the MTA? It'd be nice if there was > an option in MS to do this on a per domain basis. > > Mike > From mailscannerlist at TNJINFL.COM Mon May 12 21:10:39 2003 From: mailscannerlist at TNJINFL.COM (James Pifer) Date: Thu Jan 12 21:18:02 2006 Subject: More and more spam getting through In-Reply-To: References: Message-ID: <1052770239.26690.16.camel@tweety.tnjinfl.com> Thanks, I'll try that. Required SpamAssassin Score = 5. I've lowered it to 4. Thanks, James On Mon, 2003-05-12 at 15:29, Matthew Bowman wrote: > Hello > > You are not the only one to notice the increase in spam getting through. > For what it is worth, we lowered our threshold to 4 which has helped > a great deal. I am using SA 2.43 sendmail 8.11.6. > > Mattthew. > > > > > > James Pifer > Sent by: MailScanner mailing list > 05/12/2003 03:18 PM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: More and more spam getting through > > > Hi. We've been running MailScanner/SpammAssassin for quite some time now > and like it a lot. It does seem as though over time more and more spam > seems to get through. > > I've also noticed this on my home system, which is on a slightly newer > release of MailScanner. It seems like I a couple spams a day get through > now, where as before it was one every few days. > > How do people deal with this? > > Right now we run: > MailScanner 4.13-3 > SpamAssassin 2.50-3 > Sendmail 8.12.8-5.80 > > I know there are some newer versions of MailScanner out there, maybe > that would help? > > Any suggestions are appreciated. > James From brad at LTINETWORKS.COM Mon May 12 21:08:43 2003 From: brad at LTINETWORKS.COM (Brad White) Date: Thu Jan 12 21:18:02 2006 Subject: Not scanning certain email Message-ID: <561AAE0556C2594B815E391DDF5F0CC5148C4D@exchange.lscom.net> Is there a way to have mail from a specific domain not be scanned for spam or viruses? I have mail being sent from a certain domain that uses a Symantec anti-virus spam tool( I don't know what specific product yet), and attachments from those senders get corrupted when they pass through MailScanner. If I have them send the same email with attachment to an email address that does not go through MailScanner the attachment is not-corrupted. I'm trying to troubleshoot and gather more information, but in the meantime I would like to let that email pass through the system unscathed. Thanks, Bradley White -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/c00ce1f6/attachment.html From mailscanner at ecs.soton.ac.uk Mon May 12 21:10:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: spamassassin 2.54 released In-Reply-To: Message-ID: <5.2.1.1.2.20030512210944.03d16ea0@imap.ecs.soton.ac.uk> At 20:36 12/05/2003, you wrote: >see www.spamassassin.org... I am currently running roughly 60,000 messages through 2.54, and will then do 2.53, to see what the spam score distribution looks like. This will tell us if it will detect more spam, and whether you need to move your threshold score. Will post later when I have some results. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Mon May 12 21:14:47 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:02 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.2.20030512210944.03d16ea0@imap.ecs.soton.ac.uk> Message-ID: Hi! > I am currently running roughly 60,000 messages through 2.54, and will then > do 2.53, to see what the spam score distribution looks like. This will tell > us if it will detect more spam, and whether you need to move your threshold > score. > Will post later when I have some results. Cool! So for the 2.54 upgrade, that went just fine ? will try it on one of my boxes also later tonight.... Bye, Raymond. From mailscanner at ecs.soton.ac.uk Mon May 12 21:16:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: Not scanning certain email In-Reply-To: <561AAE0556C2594B815E391DDF5F0CC5148C4D@exchange.lscom.net> Message-ID: <5.2.1.1.2.20030512211515.03cebe70@imap.ecs.soton.ac.uk> At 21:08 12/05/2003, you wrote: >Is there a way to have mail from a specific domain not be scanned for spam >or viruses? I have mail being sent from a certain domain that uses a >Symantec anti-virus spam tool( I dont know what specific product yet), and >attachments from those senders get corrupted when they pass through >MailScanner. If I have them send the same email with attachment to an >email address that does not go through MailScanner the attachment is >not-corrupted. Im trying to troubleshoot and gather more information, but >in the meantime I would like to let that email pass through the system >unscathed. If you don't add the clean-message signature on the end, then the message shouldn't be rebuilt and should avoid this problem. However, in the mean time, read up on rulesets (see /etc/MailScanner/rules and the files in there). > > >Thanks, > > >Bradley White > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/327cacd7/attachment.html From jase at SENSIS.COM Mon May 12 21:19:58 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:02 2006 Subject: More and more spam getting through Message-ID: I was about to suggest the same thing. Upgrade SpamAssassin. Then add Razor2, DCC, (and I would add Pyzor too). Jason > -----Original Message----- > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > Sent: Monday, May 12, 2003 3:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] More and more spam getting through > > > I'd upgrade to SpamAssassin 2.53 and add DCC and Razor2 into > the mix. What are > your spam score thresholds set to? > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James Pifer > > Sent: Monday, May 12, 2003 2:18 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: More and more spam getting through > > > > > > Hi. We've been running MailScanner/SpammAssassin for quite > > some time now and like it a lot. It does seem as though over > > time more and more spam seems to get through. > > > > I've also noticed this on my home system, which is on a > > slightly newer release of MailScanner. It seems like I a > > couple spams a day get through now, where as before it was > > one every few days. > > > > How do people deal with this? > > > > Right now we run: > > MailScanner 4.13-3 > > SpamAssassin 2.50-3 > > Sendmail 8.12.8-5.80 > > > > I know there are some newer versions of MailScanner out > > there, maybe that would help? > > > > Any suggestions are appreciated. > > James > > > From mailscanner at ecs.soton.ac.uk Mon May 12 21:22:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:02 2006 Subject: spamassassin 2.54 released In-Reply-To: References: <5.2.1.1.2.20030512210944.03d16ea0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030512212206.03d11d70@imap.ecs.soton.ac.uk> At 21:14 12/05/2003, you wrote: >Hi! > > > I am currently running roughly 60,000 messages through 2.54, and will then > > do 2.53, to see what the spam score distribution looks like. This will tell > > us if it will detect more spam, and whether you need to move your threshold > > score. > > Will post later when I have some results. > >Cool! So for the 2.54 upgrade, that went just fine ? will try it on one >of my boxes also later tonight.... No problems at all. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From nathan at TCPNETWORKS.NET Mon May 12 21:29:23 2003 From: nathan at TCPNETWORKS.NET (Nathan Johanson) Date: Thu Jan 12 21:18:02 2006 Subject: Multiple RBL Hits and High Scoring Action Message-ID: That would be fantastic. Thanks Julian! -Nathan -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, May 12, 2003 12:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Multiple RBL Hits and High Scoring Action That should be possible. Addition of a config file option saying something like Spam Lists To Reach High Score = 2 would be needed, as you can guarantee someone will need to tweak it. Set it to a large number to never reach a high score. By default I will supply "5" or something like that so people don't get a change in behaviour. Would that do? At 20:06 12/05/2003, you wrote: >Hello, > >I am using MailScanner's RBL functionality (and bypassing Spam >Assassin's RBL checks). > >Would it be difficult to add a feature to MailScanner that triggers the >high scoring spam action when the sending system is found on more than >one blacklist? I figure if two or more blacklists are triggered, the >spamminess probability is high enough to warrant deletion. > >I know there was some discussion about turning off RBLs in MailScanner >and using SpamAssassin to set higher scores per blacklist in order the >exceed the high score threshold. But this doesn't really work for me, as >I don't want to delete if found on any *single* blacklist, but rather >delete if found on *more than one*. > >Can it be done? > >Thanks. > >Nathan Johanson >Email: nathan@tcpnetworks.net > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, May 12, 2003 10:09 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spam rule wildcards... > > >At 17:43 12/05/2003, you wrote: > >Sendmail allows the use of the "+" character to indicate additional >data for a > >user -- without having an explicit alias set up to handle it. So, user > >johndoe@dcg.com can get mail at johndoe+spamtag@dcg.com without any >additional > >configuration. > > > >However, I just noticed that this doesn't hit the intended rule in my > >spam.action.rules file. johndoe actually gets mail at multiple >domains, so my > >rule for him looks like this: > > > >To: johndoe@* deliver > > > >What is the best way to handle this? Should I just add an additional >rule for > >johndoe like this: > > > >To: johndoe+*@* deliver > > > >...will that work as intended? > >That should do it. However, you could give the explicit regular >expression >in there if you want to: >To: /^johndoe\+.*\@/ deliver >(nothing is needed after the "\@" except for the closing "/" character. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From brad at LTINETWORKS.COM Mon May 12 21:28:56 2003 From: brad at LTINETWORKS.COM (Brad White) Date: Thu Jan 12 21:18:03 2006 Subject: Not scanning certain email Message-ID: <561AAE0556C2594B815E391DDF5F0CC5148C4E@exchange.lscom.net> I already had Sign Clean Messages = no in my MailScanner.conf file. That appears to be the only place where it is enabled. Is there another location? I have also added a ruleset to exclude the domain in question from virus scanning. Do entries in the whitelist ruleset completely bypass any spam checks? Thanks. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, May 12, 2003 1:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Not scanning certain email At 21:08 12/05/2003, you wrote: Is there a way to have mail from a specific domain not be scanned for spam or viruses? I have mail being sent from a certain domain that uses a Symantec anti-virus spam tool( I dont know what specific product yet), and attachments from those senders get corrupted when they pass through MailScanner. If I have them send the same email with attachment to an email address that does not go through MailScanner the attachment is not-corrupted. Im trying to troubleshoot and gather more information, but in the meantime I would like to let that email pass through the system unscathed. If you don't add the clean-message signature on the end, then the message shouldn't be rebuilt and should avoid this problem. However, in the mean time, read up on rulesets (see /etc/MailScanner/rules and the files in there). Thanks, Bradley White -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/52644121/attachment.html From brent at MIRABITO.COM Mon May 12 21:37:40 2003 From: brent at MIRABITO.COM (Brent Strignano) Date: Thu Jan 12 21:18:03 2006 Subject: Filename Extension and Virus Scan order of execution Message-ID: <62E46E0C3CB8024C807447814E1B20A501CC8D@granitemail.mirabito.com> Hello All, Do the filename extension checks and subsequent quarantine happen before or after the attachments are virus scanned. I'm concerned that viruses may lurking in the MailScanner quarantine folder. Thanks Brent Strignano System Administrator Granite Capital Holdings Sidney, NY -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/96ca97a4/attachment.html From brad at LTINETWORKS.COM Mon May 12 21:41:07 2003 From: brad at LTINETWORKS.COM (Brad White) Date: Thu Jan 12 21:18:03 2006 Subject: Filename Extension and Virus Scan order of execution Message-ID: <561AAE0556C2594B815E391DDF5F0CC52B4517@exchange.lscom.net> If you have Quarantine Infections = yes in your conf file then the virus payload will be saved in the quarantine folder. Otherwise no. If you are archiving email, then the payloads will also be in the archive directory as part of the archived email message. -----Original Message----- From: Brent Strignano [mailto:brent@MIRABITO.COM] Sent: Monday, May 12, 2003 1:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Filename Extension and Virus Scan order of execution Hello All, Do the filename extension checks and subsequent quarantine happen before or after the attachments are virus scanned. I'm concerned that viruses may lurking in the MailScanner quarantine folder. Thanks Brent Strignano System Administrator Granite Capital Holdings Sidney, NY -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/f43ea3be/attachment.html From mailscanner at ecs.soton.ac.uk Mon May 12 21:45:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: Not scanning certain email In-Reply-To: <561AAE0556C2594B815E391DDF5F0CC5148C4E@exchange.lscom.net> Message-ID: <5.2.1.1.2.20030512214457.03d11b90@imap.ecs.soton.ac.uk> At 21:28 12/05/2003, you wrote: >I already had Sign Clean Messages = no in my MailScanner.conf file. That >appears to be the only place where it is enabled. Is there another location? No. > I have also added a ruleset to exclude the domain in question from > virus scanning. Do entries in the whitelist ruleset completely bypass > any spam checks? Yes. > > >Thanks. > > > > > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, May 12, 2003 1:16 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Not scanning certain email > > > >At 21:08 12/05/2003, you wrote: > > >Is there a way to have mail from a specific domain not be scanned for spam >or viruses? I have mail being sent from a certain domain that uses a >Symantec anti-virus spam tool( I dont know what specific product yet), and >attachments from those senders get corrupted when they pass through >MailScanner. If I have them send the same email with attachment to an >email address that does not go through MailScanner the attachment is >not-corrupted. Im trying to troubleshoot and gather more information, but >in the meantime I would like to let that email pass through the system >unscathed. > > >If you don't add the clean-message signature on the end, then the message >shouldn't be rebuilt and should avoid this problem. However, in the mean >time, read up on rulesets (see /etc/MailScanner/rules and the files in there). > > > > > >Thanks, > > >Bradley White > > > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/de45b208/attachment.html From steve at INTELIPORT.COM Mon May 12 23:46:34 2003 From: steve at INTELIPORT.COM (steve) Date: Thu Jan 12 21:18:03 2006 Subject: mqueue.in build up Message-ID: <007b01c318d8$59c21500$501f1bd0@inteliport.net> Julian, What would be the process roadmap that occurs when both virus and spam checking is enabled and we start to get build up of email in the mqueue.in dir. When we turn off the spam checking the mqueue.in starts to clear out. Turn Spam checking back on system runs normal until something causes it to return to a buildup in mqueue.in once again. Could be days before we see this or hours still looking for something in the log files to indicate reason but have yet to see anything or any patterns. Normal operation 100-200 messages in dir +or- 30% When mqueue.in starts to build up I notice this from log May 12 16:03:45 postman MailScanner[8224]: New Batch: Found 500 messages waiting May 12 16:03:45 postman MailScanner[8224]: New Batch: Scanning 44 messages, 341312 bytes May 12 16:03:45 postman MailScanner[8224]: Spam Checks: Starting New Batch will continue to increase scanning can jump around on messages maybe 9 or as above 44 no pattern Using Sophos for virus protection using SpamAssassin with spam list ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money Sendmail calls this directly as we pay for this service and is picked up on a secondary machine that gets updates from MAPS-RBL+ Any ideas or is more information required, Julian you have already reviewed our system and told us it was large enough to handle the email we have coming through the system. The temp disk suggestion that you gave me, did not work as I currently do not have the ability to do that with the current kernel. I will have to try that but in the mean time I'm at a stand still on what is causing this issue. Thanks in advance Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030512/099f16ee/attachment.html From hden at KCBBS.GEN.NZ Tue May 13 00:40:57 2003 From: hden at KCBBS.GEN.NZ (Hendrik den Hartog) Date: Thu Jan 12 21:18:03 2006 Subject: Dealing with persistant mailers In-Reply-To: <007b01c318d8$59c21500$501f1bd0@inteliport.net> References: <007b01c318d8$59c21500$501f1bd0@inteliport.net> Message-ID: <20030512234057.GA25612@mew.kcbbs.gen.nz> We have a group of sites that we get 'problem' email from. Being a school, we have students who leave after 'x' number of years, email to these students gets bounced with 'unknown user' messages, but some sites, e.g. some maillists, seem to ignore these. Also, some sites seem to reject return mail, causing unwanted network traffic with the to-ing and fro-ing. Some of these sites are a real nuisance! What is the best [i.e. most economical on resources] way to block these sites, and or any other statagies to combat these are appreciated Cheers! Hendrik From mike at CAMAROSS.NET Tue May 13 00:40:49 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:03 2006 Subject: mqueue.in build up In-Reply-To: <007b01c318d8$59c21500$501f1bd0@inteliport.net> Message-ID: <00a201c318df$eb210810$6901a8c0@home.middlefinger.net> How many MailScanner children are you running? Are you running a local caching nameserver on your mail server? Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of steve Sent: Monday, May 12, 2003 5:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: mqueue.in build up Julian, What would be the process roadmap that occurs when both virus and spam checking is enabled and we start to get build up of email in the mqueue.in dir. When we turn off the spam checking the mqueue.in starts to clear out. Turn Spam checking back on system runs normal until something causes it to return to a buildup in mqueue.in once again. Could be days before we see this or hours still looking for something in the log files to indicate reason but have yet to see anything or any patterns. Normal operation 100-200 messages in dir +or- 30% When mqueue.in starts to build up I notice this from log May 12 16:03:45 postman MailScanner[8224]: New Batch: Found 500 messages waiting May 12 16:03:45 postman MailScanner[8224]: New Batch: Scanning 44 messages, 341312 bytes May 12 16:03:45 postman MailScanner[8224]: Spam Checks: Starting New Batch will continue to increase scanning can jump around on messages maybe 9 or as above 44 no pattern Using Sophos for virus protection using SpamAssassin with spam list ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money Sendmail calls this directly as we pay for this service and is picked up on a secondary machine that gets updates from MAPS-RBL+ Any ideas or is more information required, Julian you have already reviewed our system and told us it was large enough to handle the email we have coming through the system. The temp disk suggestion that you gave me, did not work as I currently do not have the ability to do that with the current kernel. I will have to try that but in the mean time I'm at a stand still on what is causing this issue. Thanks in advance Steve From brad at LTINETWORKS.COM Tue May 13 00:44:22 2003 From: brad at LTINETWORKS.COM (Brad White) Date: Thu Jan 12 21:18:03 2006 Subject: Dealing with persistant mailers Message-ID: <561AAE0556C2594B815E391DDF5F0CC52B4520@exchange.lscom.net> If you are running sendmail you could always block them with the access database. You will need to know what ip or domain the connecting email server is on. That way they get blocked at the very start of the smtp connection, before it gets handed off to MailScanner. -----Original Message----- From: Hendrik den Hartog [mailto:hden@KCBBS.GEN.NZ] Sent: Monday, May 12, 2003 4:41 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Dealing with persistant mailers We have a group of sites that we get 'problem' email from. Being a school, we have students who leave after 'x' number of years, email to these students gets bounced with 'unknown user' messages, but some sites, e.g. some maillists, seem to ignore these. Also, some sites seem to reject return mail, causing unwanted network traffic with the to-ing and fro-ing. Some of these sites are a real nuisance! What is the best [i.e. most economical on resources] way to block these sites, and or any other statagies to combat these are appreciated Cheers! Hendrik From raymond at PROLOCATION.NET Tue May 13 00:48:31 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:03 2006 Subject: Dealing with persistant mailers In-Reply-To: <20030512234057.GA25612@mew.kcbbs.gen.nz> Message-ID: Hi! > Some of these sites are a real nuisance! > > What is the best [i.e. most economical on resources] way > to block these sites, and or any other statagies to > combat these are appreciated A DENY in the access file for addresses that are non existent anymore worked for me. I am handling mail for some domains, previously used by a big ISP, i get around 40k-60k spam mails (after 1.5 year still) DAILY with crap/spam/virusses ... Bye, Raymond. From gerry at DORFAM.CA Tue May 13 01:41:07 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:03 2006 Subject: Dealing with persistant mailers In-Reply-To: Message-ID: On Tue, 13 May 2003, Raymond Dijkxhoorn wrote: > Hi! > > > Some of these sites are a real nuisance! > > > > What is the best [i.e. most economical on resources] way > > to block these sites, and or any other statagies to > > combat these are appreciated > > A DENY in the access file for addresses that are non existent anymore > worked for me. I am handling mail for some domains, previously used by a > big ISP, i get around 40k-60k spam mails (after 1.5 year still) DAILY with > crap/spam/virusses ... > > Bye, > Raymond. Couldn't you just block the ip address in iptables? That would discard the packets before they even hit sendmail. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From raymond at PROLOCATION.NET Tue May 13 01:56:22 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:03 2006 Subject: Dealing with persistant mailers In-Reply-To: Message-ID: Hi! > > A DENY in the access file for addresses that are non existent anymore > > worked for me. I am handling mail for some domains, previously used by a > > big ISP, i get around 40k-60k spam mails (after 1.5 year still) DAILY with > > crap/spam/virusses ... > Couldn't you just block the ip address in iptables? That would discard > the packets before they even hit sendmail. I want to properly answer mails. I could also turn off the machine, but thats just too simple :) And, its not just one IP address, its zillions :) My other customers would not like that either btw, since its nopt handling just those domains, but a couple of hundred others also ... Bye, Raymond. From steve at INTELIPORT.COM Tue May 13 02:21:08 2003 From: steve at INTELIPORT.COM (Stephen Lane) Date: Thu Jan 12 21:18:03 2006 Subject: mqueue.in build up References: <00a201c318df$eb210810$6901a8c0@home.middlefinger.net> Message-ID: <00be01c318ed$f1c15180$501f1bd0@inteliport.net> Hi Mike, Running 7 MailScanner children ( FYI - have played with this some seems to work better when above 5 ) Processor(s) : 2 Model : Pentium III (Coppermine) Chip MHz : 866.274 Mhz Cache : 256 KB System BogoMips : 3460.3 No local caching nameserver on mail server does lookups to secondary dns first then primary second this is becuase we set secondary to retrieve MAPS-RBL+ updates Resolution order is Hosts, DNS, NIS, NIS+ Search Domains - None Thanks Steve ----- Original Message ----- From: "Mike Kercher" To: Sent: Monday, May 12, 2003 7:40 PM Subject: Re: mqueue.in build up > How many MailScanner children are you running? Are you running a local caching > nameserver on your mail server? > > Mike > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of > steve > Sent: Monday, May 12, 2003 5:47 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: mqueue.in build up > > > Julian, > > What would be the process roadmap that occurs when both virus and spam checking > is enabled and we start to get build up of email in the mqueue.in dir. > When we turn off the spam checking the mqueue.in starts to clear out. Turn Spam > checking back on system runs normal until something causes it to return to a > buildup in mqueue.in once again. Could be days before we see this or hours > still looking for something in the log files to indicate reason but have yet to > see anything or any patterns. > > Normal operation 100-200 messages in dir +or- 30% > When mqueue.in starts to build up I notice this from log > May 12 16:03:45 postman MailScanner[8224]: New Batch: Found 500 messages waiting > > May 12 16:03:45 postman MailScanner[8224]: New Batch: Scanning 44 messages, > 341312 bytes > May 12 16:03:45 postman MailScanner[8224]: Spam Checks: Starting > > New Batch will continue to increase scanning can jump around on messages maybe 9 > or as above 44 no pattern > > Using Sophos for virus protection using SpamAssassin with spam list ORDB-RBL > Infinite-Monkeys # MAPS-RBL+ costs money Sendmail calls this directly as we pay > for this service and is picked up on a secondary machine that gets updates from > MAPS-RBL+ > > Any ideas or is more information required, Julian you have already reviewed our > system and told us it was large enough to handle the email we have coming > through the system. The temp disk suggestion that you gave me, did not work as > I currently do not have the ability to do that with the current kernel. I will > have to try that but in the mean time I'm at a stand still on what is causing > this issue. > > Thanks in advance > Steve From robbyv at DISASTER.COM Tue May 13 03:02:46 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:03 2006 Subject: directory harvest attack Message-ID: <5.1.0.14.2.20030512220212.01b1ae90@mailhost.disaster.com> Anyway to prevent 'directory harvest attacks' wtith mailscanner? From mailscanner at ecs.soton.ac.uk Tue May 13 08:49:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: directory harvest attack In-Reply-To: <5.1.0.14.2.20030512220212.01b1ae90@mailhost.disaster.com> Message-ID: <5.2.1.1.2.20030513084918.03f5d810@imap.ecs.soton.ac.uk> At 03:02 13/05/2003, you wrote: >Anyway to prevent 'directory harvest attacks' wtith mailscanner? Please explain rather more of what you would like to happen, what the problem is, and how it relates to MailScanner. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Peter.Bates at LSHTM.AC.UK Tue May 13 09:16:57 2003 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.54 released Message-ID: Hello all... I notice most interestingly in the ChangeLog for this release of SA: 2003-05-06 06:14 felicity * rules/: 20_meta_tests.cf, 50_scores.cf: bug 1589: spammers have been targeting our nice rules to get themselves negative overall scores. ran the GA again to lower the nice rule scores. this should help deal with the forgeries. also added a "TOO_MANY_MUA" rule that will catch when multiple USER_AGENT rules hit. ... which goes along with what people have been saying here, and in particular I notice (as I was moaning about it recently:) score MSGID_GOOD_EXCHANGE -0.498 -0.376 0.0 -0.142 in the default scores.cf, versus score MSGID_GOOD_EXCHANGE -5.801 -5.701 -5.701 -5.701 default in 2.53... their system is clearly working quite well! ... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From craig at STRONG-BOX.NET Tue May 13 10:38:35 2003 From: craig at STRONG-BOX.NET (Craig Pratt) Date: Thu Jan 12 21:18:03 2006 Subject: directory harvest attack In-Reply-To: <5.2.1.1.2.20030513084918.03f5d810@imap.ecs.soton.ac.uk> Message-ID: I presume he's talking about collection of addresses in a domain by opening an SMTP session and attempting sends to common/dictionary names. I just happened to notice some of this activity in my mail log and added a reject action for the sender's IP to the sendmail access db. To automate this would be cool - but I don't think MailScanner even sees the message - based on how these harvesting tools seem to work. Craig On Tuesday, May 13, 2003, at 12:49 AM, Julian Field wrote: > At 03:02 13/05/2003, you wrote: >> Anyway to prevent 'directory harvest attacks' wtith mailscanner? > > Please explain rather more of what you would like to happen, what the > problem is, and how it relates to MailScanner. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > -- > This message checked for dangerous content by MailScanner on StrongBox. > > --- Craig Pratt Strongbox Network Services Inc. mailto:craig@strong-box.net -- This message checked for dangerous content by MailScanner on StrongBox. From mailscanner at ecs.soton.ac.uk Tue May 13 10:47:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: directory harvest attack In-Reply-To: References: <5.2.1.1.2.20030513084918.03f5d810@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030513104631.04148ec0@imap.ecs.soton.ac.uk> Ah, thanks. MailScanner does not get involved with SMTP service provision. There are already very good packages out there (your MTA) which do a perfectly good job. At 10:38 13/05/2003, you wrote: >I presume he's talking about collection of addresses in a domain by >opening an SMTP session and attempting sends to common/dictionary names. > >I just happened to notice some of this activity in my mail log and >added a reject action for the sender's IP to the sendmail access db. To >automate this would be cool - but I don't think MailScanner even sees >the message - based on how these harvesting tools seem to work. > >Craig > >On Tuesday, May 13, 2003, at 12:49 AM, Julian Field wrote: >>At 03:02 13/05/2003, you wrote: >>>Anyway to prevent 'directory harvest attacks' wtith mailscanner? >> >>Please explain rather more of what you would like to happen, what the >>problem is, and how it relates to MailScanner. >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>-- >>This message checked for dangerous content by MailScanner on StrongBox. >> >--- >Craig Pratt >Strongbox Network Services Inc. >mailto:craig@strong-box.net > > >-- >This message checked for dangerous content by MailScanner on StrongBox. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From klon at NYBRO.DK Tue May 13 11:27:34 2003 From: klon at NYBRO.DK (Thomas Hanson) Date: Thu Jan 12 21:18:03 2006 Subject: Howto resend mail with all headers in outlook express? Message-ID: <001a01c3193a$44f01c50$31de26c0@r58> Hi, I have set the bayes part up and the spam/notspam mailboxes. I know how to resend the mail in outlook, but how do I resend mail to the spam mailbox in outlook express? Simply forwarding the mail strips off the header info. Regards Thomas Hanson -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030513/c1f0c905/attachment.html From mailscanner at ecs.soton.ac.uk Tue May 13 12:01:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: Howto resend mail with all headers in outlook express? In-Reply-To: <001a01c3193a$44f01c50$31de26c0@r58> Message-ID: <5.2.0.9.2.20030513120124.04602788@imap.ecs.soton.ac.uk> At 11:27 13/05/2003, you wrote: >Hi, > >I have set the bayes part up and the spam/notspam mailboxes. I know how to >resend the mail in outlook, but how do I resend mail to the spam mailbox >in outlook express? Simply forwarding the mail strips off the header info. Search the mailing list archives for "public folders" and you'll see the discussion on this topic. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 12:01:09 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.2.20030512210944.03d16ea0@imap.ecs.soton.ac.uk> References: Message-ID: <5.2.0.9.2.20030513115628.031032a8@imap.ecs.soton.ac.uk> At 21:10 12/05/2003, you wrote: >At 20:36 12/05/2003, you wrote: >>see www.spamassassin.org... > >I am currently running roughly 60,000 messages through 2.54, and will then >do 2.53, to see what the spam score distribution looks like. This will tell >us if it will detect more spam, and whether you need to move your threshold >score. >Will post later when I have some results. Attached is a gif of the distribution of spam scores you get with my 60,000 message test set. Basically it generates a lot less "<=0" values and a lots more 1, 2 and 3 values to compensate. Once you get up to 5 or so, the differences between the 2.53 and 2.54 are pretty minimal. So you shouldn't hopefully need to adjust your threshold scores, unless you use particularly low scores (<5). Bear in mind that my test set is getting a bit old now, so these stats won't include the much-improved results from spammers defeating 2.53 rules. Hope that's some use to someone... -------------- next part -------------- A non-text attachment was scrubbed... Name: Book2_26737_image001.gif Type: image/gif Size: 5579 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030513/4dfaa2fc/Book2_26737_image001.gif -------------- next part -------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From amp1 at CORNELL.EDU Tue May 13 13:31:07 2003 From: amp1 at CORNELL.EDU (Ron Pool) Date: Thu Jan 12 21:18:03 2006 Subject: RH9 Parser.pm error Message-ID: I upgraded a RH7.3 box to RH9 this weekend, installed the new MailScanner, and ran into the exact same problem. To solve it, I installed MIME::Parser, not HTML::Parser, this way: perl -MCPAN -e shell o conf prerequisites_policy ask install MIME::Parser quit If I recall correctly, CPAN wanted to add a few prerequisites for MIME::Parser, so I let it. -- Ron -- Ron Pool Internet: amp1@cornell.edu Computer Services, NYSAES; Food Research Lab; West North St.; Geneva, NY 14456 On Mon, 12 May 2003, T? wrote: > perl -MCPAN -e shell > o conf prerequisites_policy ask > install HTML::Parser > quit > Julian, > > I followed your instructions below to manual install the HTML::Parser > and it was installed in the same directory as the upgraded RPM. I am > still getting the error. > > Tom > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, May 12, 2003 3:11 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: RH9 Parser.pm error > > At 09:53 12/05/2003, you wrote: > > >I have just upgraded from RH7.3 to RH9 and now receive the following > error > >when starting Mailscanner: > > Ah! There's your problem. Upgrading results in a load of Perl modules > being > installed in the wrong place, due to a new version of Perl in RH8 and 9. > > You can safely leave the RPM's in place, but use CPAN to install the > modules again. > perl -MCPAN -e shell > o conf prerequisites_policy ask > install HTML::Parser > quit > > > > > > > >[root@ns MailScanner-4.20-1]# /etc/init.d/MailScanner start > > > >Starting MailScanner daemons: > > > > incoming sendmail: [ OK ] > > > > outgoing sendmail: [ OK ] > > > > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC > > contains: /usr/lib/MailScanner > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 > > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm > line 40. > > > >BEGIN failed--compilation aborted at > >/usr/lib/MailScanner/MailScanner/Message.pm line 40. > > > >Compilation failed in require at /usr/sbin/MailScanner line 48. > > > >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 48. > > > >[ OK ] > > > > > > > >I have checked and the RPM has been installed at > >/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/HTML/Parser.pm > . > >If I try to uninstall the rpm, it errors out with perl(HTML::Parser) is > >needed by (installed) perl-libwww-perl-5.65-6. I have checked the > >threads and it seems that others have it installed on RH9 and dont have > >the problem. I appreciate any help. > > > > > > > >Tom > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From jgoggan at DCG.COM Tue May 13 14:12:27 2003 From: jgoggan at DCG.COM (John Goggan) Date: Thu Jan 12 21:18:03 2006 Subject: Spam rule wildcards... References: <200305122300.h4CN0REG007818@frobozz.dcg.com> Message-ID: <3EC0EF3B.E9E1DC6F@dcg.com> Julian Field wrote: > That should do it. However, you could give the explicit regular > expression in there if you want to: > To: /^johndoe\+.*\@/ deliver > (nothing is needed after the "\@" except for the closing "/" > character. Ok -- sounds good. I'd like to do both in one line though -- but I'm not great with regular expressions yet. (Maybe the above already does both in one line? Hmmm... I'm not sure about the "." though -- makes me think it wouldn't catch both...) Can someone give me a one line regexp that will cover with and without the "+" addition? So, basically, I want these two rules: To: johndoe@* deliver To: johndoe+*@* deliver ...as one regular expression. Of course, I don't want just johndoe*@* to match, since I might have a user that is named johndoejr@domain.com that I wouldn't want to match. Maybe something like this? To: /^johndoe(\+[_a-zA-Z0-9-]+)?\@/ deliver ...but, again, I'm fairly new to regexp, so forgive whatever I have done there if it is incorrect. :-) - John... From mike at CAMAROSS.NET Tue May 13 14:31:38 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:03 2006 Subject: directory harvest attack In-Reply-To: <5.2.1.1.2.20030513104631.04148ec0@imap.ecs.soton.ac.uk> Message-ID: <4ad101c31953$fbf281e0$6701a8c0@home.middlefinger.net> This may be a job for David While's mailstats.pl script which works QUITE well on my systems. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, May 13, 2003 4:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: directory harvest attack Ah, thanks. MailScanner does not get involved with SMTP service provision. There are already very good packages out there (your MTA) which do a perfectly good job. At 10:38 13/05/2003, you wrote: >I presume he's talking about collection of addresses in a domain by >opening an SMTP session and attempting sends to common/dictionary >names. > >I just happened to notice some of this activity in my mail log and >added a reject action for the sender's IP to the sendmail access db. To >automate this would be cool - but I don't think MailScanner even sees >the message - based on how these harvesting tools seem to work. > >Craig > >On Tuesday, May 13, 2003, at 12:49 AM, Julian Field wrote: >>At 03:02 13/05/2003, you wrote: >>>Anyway to prevent 'directory harvest attacks' wtith mailscanner? >> >>Please explain rather more of what you would like to happen, what the >>problem is, and how it relates to MailScanner. >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz MailScanner >>thanks transtec Computers for their support >> >>-- >>This message checked for dangerous content by MailScanner on >>StrongBox. >> >--- >Craig Pratt >Strongbox Network Services Inc. >mailto:craig@strong-box.net > > >-- >This message checked for dangerous content by MailScanner on StrongBox. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From copper_shotgun at HOTMAIL.COM Tue May 13 15:11:55 2003 From: copper_shotgun at HOTMAIL.COM (Richard Alexander) Date: Thu Jan 12 21:18:03 2006 Subject: unknown string spamassassin in language translation ? Message-ID: Everything seems to be okay, but i am receiving the following message in my maillog: May 13 08:24:18 inet MailScanner[9485]: Looked up unknown string spamassassin in language translation file /etc/MailScanner/reports/en/languages.conf I couldn't find any posts mentioning the possible cause of this. From copper_shotgun at HOTMAIL.COM Tue May 13 15:12:58 2003 From: copper_shotgun at HOTMAIL.COM (Richard Alexander) Date: Thu Jan 12 21:18:03 2006 Subject: unknown string spamassassin in language translation ? Message-ID: Nevermind, I found it From mailscanner at BARENDSE.TO Tue May 13 15:30:17 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:03 2006 Subject: Mail Archive feature bug? Message-ID: I am using the archive feature in MailScanner to do a realtime backup of all incoming and outgoing e-mail into our system. I have noticed however that also e-mail gets through that would otherwise be blocked/discarded because of a too high spam score. Is this intentional behaviour? I have all the chinese spam crap and other mails above a certain score silently deleted. The deletion works ok but it is still sent to the archive. I'd rather keep the archive clean as well :) From copper_shotgun at HOTMAIL.COM Tue May 13 15:43:06 2003 From: copper_shotgun at HOTMAIL.COM (Richard Alexander) Date: Thu Jan 12 21:18:03 2006 Subject: DNSBLs Message-ID: Since setting up MailScanner and SA on our new Red Hat 9 server, we have noticed and increase in SPAM messages. MailScanner is tagging the files correctly, but I'm not sure that have the DNSBL setup correctly in mailscanner.conf. Before MS i had the following line setup in sendmail.mc and it seemed to do a pretty good job of catching the obvious: FEATURE(`dnsbl', `list.dsbl.org', `"Email blocked using ORDB.org - see "')dnl This is the current setup in MailScanner.conf: This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = DSBL ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk) # This is the list of spam domain blacklists which you are using # (such as the "rfc-ignorant" domains). See the "Spam List Definitions" # file for more information about what you can put here. # This can also be the filename of a ruleset. # Spam Domain List = # If an individual "Spam List" or "Spam Domain List" check takes longer # that this (in seconds), the check is abandoned and the timeout noted. Spam List Timeout = 10 From beau at BILLBEAU.NET Tue May 13 15:43:29 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server Message-ID: <1052837009.442.6.camel@ws2.billbeau.net> I installed MailScanner along with F-Prot AV on a system runnning postfix. I can see in the log file that MailScanner is processing and F-prot is scanning then the email is delivered. Where in the heck is it delivered to? No one is getting mail in /var/spool/mail and if I try popping the email it doesnt find any email. So am I missing something in the MailScanner.conf or did installing F-Prot screw it up? -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From beau at BILLBEAU.NET Tue May 13 15:50:47 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <1052837009.442.6.camel@ws2.billbeau.net> References: <1052837009.442.6.camel@ws2.billbeau.net> Message-ID: <1052837448.461.12.camel@ws2.billbeau.net> Update I am getting this error message in /var/log/mail/errors May 13 07:38:19 fs1 postfix/nqmgr[21607]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted Here is the mail messages I get in /var/log/mail/info May 13 07:30:38 fs1 MailScanner[21552]: New Batch: Scanning 1 messages, 1334 bytes May 13 07:30:49 fs1 MailScanner[21552]: Virus and Content Scanning: Starting May 13 07:30:49 fs1 MailScanner[21552]: Uninfected: Delivered 1 messages I also sent a est virus and it does find it and does save it in quarantine On Tue, 2003-05-13 at 07:43, Bill Beauchemin wrote: > I installed MailScanner along with F-Prot AV on a system runnning > postfix. I can see in the log file that MailScanner is processing and > F-prot is scanning then the email is delivered. Where in the heck is it > delivered to? No one is getting mail in /var/spool/mail and if I try > popping the email it doesnt find any email. So am I missing something in > the MailScanner.conf or did installing F-Prot screw it up? > -- > Bill Beauchemin > www.billbeau.net > > Home Of > Beau's Bullet > PSCA R/S 29 > and > Beautie Goldens -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From mailscanner at BARENDSE.TO Tue May 13 15:40:27 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <5.2.1.1.2.20030509193304.026b5eb8@imap.ecs.soton.ac.uk> Message-ID: Is there any visible evidence to be found that DCC is (not) working as it should? I can't see any changes in the mail headers or mail log. On Fri, 9 May 2003, Julian Field wrote: > At 19:30 09/05/2003, you wrote: > >Stupid question maybe, but I see lots of messages about DCC. What is DCC > >and where can I find it? > > Distributed Checksum Clearinghouse > http://www.rhyolite.com/anti-spam/dcc/ > > SpamAssassin will use it if it is installed. > Download it from the link at the top of that web page, then > unpack it > cd into it > ./configure > make > make install > > (Oh, it requires GNU make) > > then edit spam.assassin.prefs.conf > Remove the line that sets the DCC rule to 0. > Add > dcc_path /usr/local/bin/dccproc > > Restart MailScanner. > > Please feel free to add this to the Faq-o-matic. > > >On Fri, 9 May 2003, Desai, Jason wrote: > > > > > I am not a spamassassin expert, but from what I can tell by looking at the > > > list of tests it does (http://spamassassin.rediris.es/tests.html), many > > > tests score lower with "net". I assume that "net" means you do some > > sort of > > > check over the internet, such as an RBL lookup or a DCC check. So if you > > > only do RBL lookups but not DCC, Razor2, or Pyzor, some tests will score > > > even lower and may result in email not being tagged as spam. > > > > > > I was seeing a lot of spam get through until I installed DCC, Razor2, and > > > Pyzor. > > > > > > Hope this helps. > > > > > > Jason > > > > > > > -----Original Message----- > > > > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > > Sent: Thursday, May 08, 2003 6:31 PM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > > > > > > > I just installed DCC yesterday and am already seeing improved > > > > results. You > > > > might give that a shot. > > > > > > > > Mike > > > > > > > > > > > > > -----Original Message----- > > > > > From: MailScanner mailing list > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > > > > Sent: Thursday, May 08, 2003 8:32 AM > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Subject: spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > Dear All, > > > > > > > > > > Just wondering if anyone out there has any suggestions for > > > > > improving/tweaking SpamAssassin (2.53) settings -- I am > > > > > running MailScanner & SpamAssassin 2.53 but still getting a > > > > > fair amount of spam not over the default score of 5, or > > > > > sometimes even with a negative score. > > > > > > > > > > I'm running a pretty busy system that handles about 15-20k > > > > > messages per day. > > > > > > > > > > I have tried lowering the score threshold but of course then > > > > > I get more false positives. I've seen mention that > > > > > SpamAssassin 2.60 is much improved but I hesitate to use it > > > > > at this point. > > > > > > > > > > One idea I had was enabling Vipul's Razor, but I've never > > > > > used it. Any input would be of interest. > > > > > > > > > > Thanks! > > > > > > > > > > -Ron > > > > > > > > > > > > > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > From andersan at LTKALMAR.SE Tue May 13 15:55:45 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:18:03 2006 Subject: SV: DNSBLs Message-ID: <9F18B7DDBA88E544AB1F199514891666014734@lkl63.ltkalmar.se> Do you mean you have removed the lines from sendmail? I started just using the MS/SA RBL's but realized I didnt even wanted those mail to enter my system. So I added 3 RBL's to sendmail and stop about 90% before even entering my system. The rest we still use MS/SA to catch..... might be good might be bad but sofar noone complained =) > -----Ursprungligt meddelande----- > Fr?n: Richard Alexander [mailto:copper_shotgun@HOTMAIL.COM] > Skickat: den 13 maj 2003 16:43 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: DNSBLs > > > Since setting up MailScanner and SA on our new Red Hat 9 > server, we have noticed and increase in SPAM messages. > MailScanner is tagging the files correctly, but I'm not sure > that have the DNSBL setup correctly in mailscanner.conf. > Before MS i had the following line setup in sendmail.mc and > it seemed to do a pretty good job of catching the obvious: > > FEATURE(`dnsbl', `list.dsbl.org', `"Email blocked using > ORDB.org - see host="$&{client_addr}">"')dnl > > This is the current setup in MailScanner.conf: > > This is the list of spam blacklists (RBLs) which you are > using. # See the "Spam List Definitions" file for more > information about what # you can put here. # This can also be > the filename of a ruleset. Spam List = DSBL ORDB-RBL > Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk) > > # This is the list of spam domain blacklists which you are > using # (such as the "rfc-ignorant" domains). See the "Spam > List Definitions" # file for more information about what you > can put here. # This can also be the filename of a ruleset. # > Spam Domain List = > > # If an individual "Spam List" or "Spam Domain List" check > takes longer # that this (in seconds), the check is abandoned > and the timeout noted. Spam List Timeout = 10 > From mike at CAMAROSS.NET Tue May 13 15:52:09 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: Message-ID: <000801c3195f$3b5b1bc0$6901a8c0@home.middlefinger.net> You should see it in your maillog as DCC_CHECK. You should also see dccproc in your maillog. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Remco Barendse > Sent: Tuesday, May 13, 2003 9:40 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spamassassin 2.53 & MailScanner > > > Is there any visible evidence to be found that DCC is (not) > working as it should? I can't see any changes in the mail > headers or mail log. > > > > On Fri, 9 May 2003, Julian Field wrote: > > > At 19:30 09/05/2003, you wrote: > > >Stupid question maybe, but I see lots of messages about > DCC. What is > > >DCC and where can I find it? > > > > Distributed Checksum Clearinghouse > > http://www.rhyolite.com/anti-spam/dcc/ > > > > SpamAssassin will use it if it is installed. > > Download it from the link at the top of that web page, then > unpack it > > cd into it > > ./configure > > make > > make install > > > > (Oh, it requires GNU make) > > > > then edit spam.assassin.prefs.conf > > Remove the line that sets the DCC rule to 0. > > Add > > dcc_path /usr/local/bin/dccproc > > > > Restart MailScanner. > > > > Please feel free to add this to the Faq-o-matic. > > > > >On Fri, 9 May 2003, Desai, Jason wrote: > > > > > > > I am not a spamassassin expert, but from what I can tell by > > > > looking at the list of tests it does > > > > (http://spamassassin.rediris.es/tests.html), many tests score > > > > lower with "net". I assume that "net" means you do some > > > sort of > > > > check over the internet, such as an RBL lookup or a DCC > check. So > > > > if you only do RBL lookups but not DCC, Razor2, or Pyzor, some > > > > tests will score even lower and may result in email not being > > > > tagged as spam. > > > > > > > > I was seeing a lot of spam get through until I installed DCC, > > > > Razor2, and Pyzor. > > > > > > > > Hope this helps. > > > > > > > > Jason > > > > > > > > > -----Original Message----- > > > > > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > > > Sent: Thursday, May 08, 2003 6:31 PM > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > I just installed DCC yesterday and am already seeing improved > > > > > results. You might give that a shot. > > > > > > > > > > Mike > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: MailScanner mailing list > > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > > > > > Sent: Thursday, May 08, 2003 8:32 AM > > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > > Subject: spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > > > > Dear All, > > > > > > > > > > > > Just wondering if anyone out there has any suggestions for > > > > > > improving/tweaking SpamAssassin (2.53) settings -- I am > > > > > > running MailScanner & SpamAssassin 2.53 but still getting a > > > > > > fair amount of spam not over the default score of 5, or > > > > > > sometimes even with a negative score. > > > > > > > > > > > > I'm running a pretty busy system that handles about 15-20k > > > > > > messages per day. > > > > > > > > > > > > I have tried lowering the score threshold but of > course then I > > > > > > get more false positives. I've seen mention that > SpamAssassin > > > > > > 2.60 is much improved but I hesitate to use it at > this point. > > > > > > > > > > > > One idea I had was enabling Vipul's Razor, but I've > never used > > > > > > it. Any input would be of interest. > > > > > > > > > > > > Thanks! > > > > > > > > > > > > -Ron > > > > > > > > > > > > > > > > > > > > > > > >-- > > >This message has been scanned for viruses and > > >dangerous content by MailScanner, and is > > >believed to be clean. > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz MailScanner > > thanks transtec Computers for their support > > > > > From mike at CAMAROSS.NET Tue May 13 15:53:18 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <1052837009.442.6.camel@ws2.billbeau.net> Message-ID: <000901c3195f$64719a20$6901a8c0@home.middlefinger.net> Did you disable the straight sendmail processes and let MailScanner start the sendmail processes? Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Beauchemin > Sent: Tuesday, May 13, 2003 9:43 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: URGENT: MailScanner issue on Linux mail server > > > I installed MailScanner along with F-Prot AV on a system > runnning postfix. I can see in the log file that MailScanner > is processing and F-prot is scanning then the email is > delivered. Where in the heck is it delivered to? No one is > getting mail in /var/spool/mail and if I try popping the > email it doesnt find any email. So am I missing something in > the MailScanner.conf or did installing F-Prot screw it up? > -- > Bill Beauchemin > www.billbeau.net > > Home Of > Beau's Bullet > PSCA R/S 29 > and > Beautie Goldens > From beau at BILLBEAU.NET Tue May 13 15:55:57 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <000901c3195f$64719a20$6901a8c0@home.middlefinger.net> References: <000901c3195f$64719a20$6901a8c0@home.middlefinger.net> Message-ID: <1052837758.442.14.camel@ws2.billbeau.net> How do I do that? Im not using sendmail I am using postfix On Tue, 2003-05-13 at 07:53, Mike Kercher wrote: > Did you disable the straight sendmail processes and let MailScanner start the > sendmail processes? > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Beauchemin > > Sent: Tuesday, May 13, 2003 9:43 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: URGENT: MailScanner issue on Linux mail server > > > > > > I installed MailScanner along with F-Prot AV on a system > > runnning postfix. I can see in the log file that MailScanner > > is processing and F-prot is scanning then the email is > > delivered. Where in the heck is it delivered to? No one is > > getting mail in /var/spool/mail and if I try popping the > > email it doesnt find any email. So am I missing something in > > the MailScanner.conf or did installing F-Prot screw it up? > > -- > > Bill Beauchemin > > www.billbeau.net > > > > Home Of > > Beau's Bullet > > PSCA R/S 29 > > and > > Beautie Goldens > > -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From mike at ZANKER.ORG Tue May 13 15:59:39 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: <000801c3195f$3b5b1bc0$6901a8c0@home.middlefinger.net> References: <000801c3195f$3b5b1bc0$6901a8c0@home.middlefinger.net> Message-ID: <192491171.1052841579@mallard.open.ac.uk> On 13 May 2003 09:52 -0500 Mike Kercher wrote: > You should see it in your maillog as DCC_CHECK. You should also see > dccproc in your maillog. I don't see dccproc in the maillog but I do have DCC_CHECK in some SpamAssassin headers. Mike. From copper_shotgun at HOTMAIL.COM Tue May 13 16:07:44 2003 From: copper_shotgun at HOTMAIL.COM (Richard Alexander) Date: Thu Jan 12 21:18:03 2006 Subject: SV: DNSBLs Message-ID: yes i had removed it from sendmail. I added it back a little while ago, but i wasn't sure if the feature line in sendmail.mc would take precedence over the mailscanner.conf. We do not want those coming in at all. Which lists do you use in sendmail, and which ones in mailscanner.conf? Thanks for the info From mike at CAMAROSS.NET Tue May 13 16:10:42 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <1052837758.442.14.camel@ws2.billbeau.net> Message-ID: <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> I don't do postfix. I can't offer any advice there. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Beauchemin > Sent: Tuesday, May 13, 2003 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: URGENT: MailScanner issue on Linux mail server > > > How do I do that? Im not using sendmail I am using postfix > > > On Tue, 2003-05-13 at 07:53, Mike Kercher wrote: > > Did you disable the straight sendmail processes and let MailScanner > > start the sendmail processes? > > > > Mike > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] > > > On Behalf Of Bill Beauchemin > > > Sent: Tuesday, May 13, 2003 9:43 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: URGENT: MailScanner issue on Linux mail server > > > > > > > > > I installed MailScanner along with F-Prot AV on a system runnning > > > postfix. I can see in the log file that MailScanner is processing > > > and F-prot is scanning then the email is delivered. Where in the > > > heck is it delivered to? No one is getting mail in > /var/spool/mail > > > and if I try popping the email it doesnt find any email. So am I > > > missing something in the MailScanner.conf or did > installing F-Prot > > > screw it up? > > > -- > > > Bill Beauchemin > > > www.billbeau.net > > > > > > Home Of > > > Beau's Bullet > > > PSCA R/S 29 > > > and > > > Beautie Goldens > > > > -- > Bill Beauchemin > www.billbeau.net > > Home Of > Beau's Bullet > PSCA R/S 29 > and > Beautie Goldens > From robbyv at DISASTER.COM Tue May 13 16:15:09 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:03 2006 Subject: Bayes setup Message-ID: Is there anyway to only allow mail from a certain user or domain to go to the spam/notspam users? So only 1 user can submit spam or any users form a certain domain can submit spam to be learned. From andersan at LTKALMAR.SE Tue May 13 16:16:31 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:18:03 2006 Subject: SV: SV: DNSBLs Message-ID: <9F18B7DDBA88E544AB1F199514891666014735@lkl63.ltkalmar.se> In mailscanner Im just using the default one. Probably will add some more but thats on my "to do" list :) In sendmail I use the following lines: FEATURE(`enhdnsbl', `dynablock.wirehub.net', `"550 5.7.1 ACCESS DENIED to "$&{client_name}" by Wirehub! Internet DynaBlock (http://dynablock.wirehub.net/errors.html)"', `t', `127.0.0.2.')dnl FEATURE(`dnsbl', `proxies.blackholes.wirehub.net', `"550 5.7.1 ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by Wirehub! Internet DNSBL (http://proxies.blackholes.wirehub.net/errors.html)"', `')dnl FEATURE(`dnsbl', `blackholes.wirehub.net', `"550 5.7.1 ACCESS DENIED to "$&{client_name}" by Wirehub! Internet DNSBL (http://blackholes.wirehub.net/errors.html)"', `')dnl Its been working fine for me but I guess some might have some better solutions. Im still in the beginning of the long learning curve :) More info can be found at http://basic.wirehub.nl/blackholes.html /Anders > -----Ursprungligt meddelande----- > Fr?n: Richard Alexander [mailto:copper_shotgun@HOTMAIL.COM] > Skickat: den 13 maj 2003 17:08 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: SV: DNSBLs > > > yes i had removed it from sendmail. I added it back a little > while ago, but i wasn't sure if the feature line in > sendmail.mc would take precedence over the mailscanner.conf. > We do not want those coming in at all. Which lists do you > use in sendmail, and which ones in mailscanner.conf? > > Thanks for the info > From steinkel at PA.NET Tue May 13 16:21:18 2003 From: steinkel at PA.NET (Leland J. Steinke) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server References: <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> Message-ID: <3EC10D6E.4070007@pa.net> >> >> >>How do I do that? Im not using sendmail I am using postfix >> did you follow the instructions at www.mailscanner.info on setting up MS and postfix? What version of MailScanner are you running? Leland From jase at SENSIS.COM Tue May 13 16:22:01 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:03 2006 Subject: Mail Archive feature bug? Message-ID: I personally prefer it the way it is now - archive everything. Jason > -----Original Message----- > From: Remco Barendse [mailto:mailscanner@BARENDSE.TO] > Sent: Tuesday, May 13, 2003 10:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Mail Archive feature bug? > > > I am using the archive feature in MailScanner to do a > realtime backup of > all incoming and outgoing e-mail into our system. > > I have noticed however that also e-mail gets through that > would otherwise > be blocked/discarded because of a too high spam score. > > Is this intentional behaviour? I have all the chinese spam > crap and other > mails above a certain score silently deleted. The deletion > works ok but it > is still sent to the archive. I'd rather keep the archive > clean as well :) > From jase at SENSIS.COM Tue May 13 16:20:04 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: You can run spamassassin from the command line in debug mode to check if spamassassin will use it: spamassassin -D -t < sample-spam.txt The sample-spam.txt included with spamassassin should be in the DCC database. Then you need to make sure that MailScanner will use it. Make sure you have "use_dcc 1" and "dcc_path " set in your spam.assassin.prefs.conf file. You can also sniff you network for udp port 6277 to see if dcc checks are working. Jason > -----Original Message----- > From: Remco Barendse [mailto:mailscanner@BARENDSE.TO] > Sent: Tuesday, May 13, 2003 10:40 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > Is there any visible evidence to be found that DCC is (not) > working as it > should? I can't see any changes in the mail headers or mail log. > > > > On Fri, 9 May 2003, Julian Field wrote: > > > At 19:30 09/05/2003, you wrote: > > >Stupid question maybe, but I see lots of messages about > DCC. What is DCC > > >and where can I find it? > > > > Distributed Checksum Clearinghouse > > http://www.rhyolite.com/anti-spam/dcc/ > > > > SpamAssassin will use it if it is installed. > > Download it from the link at the top of that web page, then > > unpack it > > cd into it > > ./configure > > make > > make install > > > > (Oh, it requires GNU make) > > > > then edit spam.assassin.prefs.conf > > Remove the line that sets the DCC rule to 0. > > Add > > dcc_path /usr/local/bin/dccproc > > > > Restart MailScanner. > > > > Please feel free to add this to the Faq-o-matic. > > > > >On Fri, 9 May 2003, Desai, Jason wrote: > > > > > > > I am not a spamassassin expert, but from what I can > tell by looking at the > > > > list of tests it does > (http://spamassassin.rediris.es/tests.html), many > > > > tests score lower with "net". I assume that "net" > means you do some > > > sort of > > > > check over the internet, such as an RBL lookup or a DCC > check. So if you > > > > only do RBL lookups but not DCC, Razor2, or Pyzor, some > tests will score > > > > even lower and may result in email not being tagged as spam. > > > > > > > > I was seeing a lot of spam get through until I > installed DCC, Razor2, and > > > > Pyzor. > > > > > > > > Hope this helps. > > > > > > > > Jason > > > > > > > > > -----Original Message----- > > > > > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > > > Sent: Thursday, May 08, 2003 6:31 PM > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > I just installed DCC yesterday and am already seeing improved > > > > > results. You > > > > > might give that a shot. > > > > > > > > > > Mike > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: MailScanner mailing list > > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > > > > > Sent: Thursday, May 08, 2003 8:32 AM > > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > > Subject: spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > > > > Dear All, > > > > > > > > > > > > Just wondering if anyone out there has any suggestions for > > > > > > improving/tweaking SpamAssassin (2.53) settings -- I am > > > > > > running MailScanner & SpamAssassin 2.53 but still getting a > > > > > > fair amount of spam not over the default score of 5, or > > > > > > sometimes even with a negative score. > > > > > > > > > > > > I'm running a pretty busy system that handles about 15-20k > > > > > > messages per day. > > > > > > > > > > > > I have tried lowering the score threshold but of course then > > > > > > I get more false positives. I've seen mention that > > > > > > SpamAssassin 2.60 is much improved but I hesitate to use it > > > > > > at this point. > > > > > > > > > > > > One idea I had was enabling Vipul's Razor, but I've never > > > > > > used it. Any input would be of interest. > > > > > > > > > > > > Thanks! > > > > > > > > > > > > -Ron > > > > > > > > > > > > > > > > > > > > > > > >-- > > >This message has been scanned for viruses and > > >dangerous content by MailScanner, and is > > >believed to be clean. > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > > From beau at BILLBEAU.NET Tue May 13 16:25:03 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <3EC10D6E.4070007@pa.net> References: <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> <3EC10D6E.4070007@pa.net> Message-ID: <1052839504.442.27.camel@ws2.billbeau.net> I am running version 4.20 everything seems to be working but when it transfers files it seems to just send them into limbo. I followed the install adn it was working then installed f-prot and it stoped working On Tue, 2003-05-13 at 08:21, Leland J. Steinke wrote: > >> > >> > >>How do I do that? Im not using sendmail I am using postfix > >> > > did you follow the instructions at www.mailscanner.info on setting up MS and > postfix? What version of MailScanner are you running? > > > Leland -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From jase at SENSIS.COM Tue May 13 16:30:16 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: One more thing - make sure that you DON'T have score DCC_CHECK 0 in spam.assassin.prefs.conf Jason > -----Original Message----- > From: Desai, Jason > Sent: Tuesday, May 13, 2003 11:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > You can run spamassassin from the command line in debug mode > to check if > spamassassin will use it: > > spamassassin -D -t < sample-spam.txt > > The sample-spam.txt included with spamassassin should be in the DCC > database. > > Then you need to make sure that MailScanner will use it. > Make sure you have > "use_dcc 1" and "dcc_path " set in your > spam.assassin.prefs.conf file. > > You can also sniff you network for udp port 6277 to see if > dcc checks are > working. > > Jason > > > -----Original Message----- > > From: Remco Barendse [mailto:mailscanner@BARENDSE.TO] > > Sent: Tuesday, May 13, 2003 10:40 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > Is there any visible evidence to be found that DCC is (not) > > working as it > > should? I can't see any changes in the mail headers or mail log. > > > > > > > > On Fri, 9 May 2003, Julian Field wrote: > > > > > At 19:30 09/05/2003, you wrote: > > > >Stupid question maybe, but I see lots of messages about > > DCC. What is DCC > > > >and where can I find it? > > > > > > Distributed Checksum Clearinghouse > > > http://www.rhyolite.com/anti-spam/dcc/ > > > > > > SpamAssassin will use it if it is installed. > > > Download it from the link at the top of that web page, then > > > unpack it > > > cd into it > > > ./configure > > > make > > > make install > > > > > > (Oh, it requires GNU make) > > > > > > then edit spam.assassin.prefs.conf > > > Remove the line that sets the DCC rule to 0. > > > Add > > > dcc_path /usr/local/bin/dccproc > > > > > > Restart MailScanner. > > > > > > Please feel free to add this to the Faq-o-matic. > > > > > > >On Fri, 9 May 2003, Desai, Jason wrote: > > > > > > > > > I am not a spamassassin expert, but from what I can > > tell by looking at the > > > > > list of tests it does > > (http://spamassassin.rediris.es/tests.html), many > > > > > tests score lower with "net". I assume that "net" > > means you do some > > > > sort of > > > > > check over the internet, such as an RBL lookup or a DCC > > check. So if you > > > > > only do RBL lookups but not DCC, Razor2, or Pyzor, some > > tests will score > > > > > even lower and may result in email not being tagged as spam. > > > > > > > > > > I was seeing a lot of spam get through until I > > installed DCC, Razor2, and > > > > > Pyzor. > > > > > > > > > > Hope this helps. > > > > > > > > > > Jason > > > > > > > > > > > -----Original Message----- > > > > > > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > > > > Sent: Thursday, May 08, 2003 6:31 PM > > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > > > > I just installed DCC yesterday and am already > seeing improved > > > > > > results. You > > > > > > might give that a shot. > > > > > > > > > > > > Mike > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: MailScanner mailing list > > > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > > > > > > Sent: Thursday, May 08, 2003 8:32 AM > > > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > > > Subject: spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > > > > > > > Dear All, > > > > > > > > > > > > > > Just wondering if anyone out there has any suggestions for > > > > > > > improving/tweaking SpamAssassin (2.53) settings -- I am > > > > > > > running MailScanner & SpamAssassin 2.53 but still > getting a > > > > > > > fair amount of spam not over the default score of 5, or > > > > > > > sometimes even with a negative score. > > > > > > > > > > > > > > I'm running a pretty busy system that handles about 15-20k > > > > > > > messages per day. > > > > > > > > > > > > > > I have tried lowering the score threshold but of > course then > > > > > > > I get more false positives. I've seen mention that > > > > > > > SpamAssassin 2.60 is much improved but I hesitate > to use it > > > > > > > at this point. > > > > > > > > > > > > > > One idea I had was enabling Vipul's Razor, but I've never > > > > > > > used it. Any input would be of interest. > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > -Ron > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >-- > > > >This message has been scanned for viruses and > > > >dangerous content by MailScanner, and is > > > >believed to be clean. > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > Professional Support Services at www.MailScanner.biz > > > MailScanner thanks transtec Computers for their support > > > > > > > > > From beau at BILLBEAU.NET Tue May 13 16:29:27 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <1052839504.442.27.camel@ws2.billbeau.net> References: <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> <3EC10D6E.4070007@pa.net> <1052839504.442.27.camel@ws2.billbeau.net> Message-ID: <1052839767.442.33.camel@ws2.billbeau.net> This is the message I get in /var/log/mail/info when I send a test message. May 13 08:26:40 fs1 postfix/nqmgr[18638]: ABF8DC7685: to=, relay=none, delay=0, status=deferred (deferred transport) May 13 08:26:40 fs1 MailScanner[22090]: New Batch: Scanning 1 messages, 1209 bytes May 13 08:26:52 fs1 MailScanner[22090]: Virus and Content Scanning: Starting May 13 08:26:52 fs1 MailScanner[22090]: Uninfected: Delivered 1 messages These are the messages I get in /var/log/mail/error May 13 08:17:59 fs1 postfix/nqmgr[22062]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:19:00 fs1 postfix/nqmgr[22063]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:20:01 fs1 postfix/nqmgr[22064]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:21:02 fs1 postfix/nqmgr[22065]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:22:03 fs1 postfix/nqmgr[22087]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:23:04 fs1 postfix/nqmgr[22092]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:24:05 fs1 postfix/nqmgr[22093]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:25:06 fs1 postfix/nqmgr[22096]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:26:07 fs1 postfix/nqmgr[22098]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:27:08 fs1 postfix/nqmgr[22107]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:28:09 fs1 postfix/nqmgr[22108]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted May 13 08:29:10 fs1 postfix/nqmgr[22110]: fatal: qmgr_move: update active/0/0B7971F2213 time stamps: Operation not permitted On Tue, 2003-05-13 at 08:25, Bill Beauchemin wrote: > I am running version 4.20 > > everything seems to be working but when it transfers files it seems to > just send them into limbo. > > I followed the install adn it was working then installed f-prot and it > stoped working > > > On Tue, 2003-05-13 at 08:21, Leland J. Steinke wrote: > > >> > > >> > > >>How do I do that? Im not using sendmail I am using postfix > > >> > > > > did you follow the instructions at www.mailscanner.info on setting up MS and > > postfix? What version of MailScanner are you running? > > > > > > Leland > -- > Bill Beauchemin > www.billbeau.net > > Home Of > Beau's Bullet > PSCA R/S 29 > and > Beautie Goldens -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From mailscanner at ecs.soton.ac.uk Tue May 13 16:42:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: Bayes setup In-Reply-To: Message-ID: <5.2.0.9.2.20030513164244.02f53c80@imap.ecs.soton.ac.uk> That's a job for your MTA, it's nothing to do with MailScanner. At 16:15 13/05/2003, you wrote: >Is there anyway to only allow mail from a certain user or domain to go to >the spam/notspam users? >So only 1 user can submit spam or any users form a certain domain can >submit spam to be learned. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 16:26:47 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: DNSBLs In-Reply-To: Message-ID: <5.2.0.9.2.20030513162530.05257460@imap.ecs.soton.ac.uk> At 15:43 13/05/2003, you wrote: >Since setting up MailScanner and SA on our new Red Hat 9 server, we have >noticed and increase in SPAM messages. MailScanner is tagging the files >correctly, but I'm not sure that have the DNSBL setup correctly in >mailscanner.conf. Before MS i had the following line setup in sendmail.mc >and it seemed to do a pretty good job of catching the obvious: > >FEATURE(`dnsbl', `list.dsbl.org', `"Email blocked using ORDB.org - see >"')dnl > >This is the current setup in MailScanner.conf: > > This is the list of spam blacklists (RBLs) which you are using. ># See the "Spam List Definitions" file for more information about what ># you can put here. ># This can also be the filename of a ruleset. >Spam List = DSBL ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money >(except .ac.uk) You have to define what the DSBL word means as well. Take a look in /etc/MailScanner/spam.lists.conf and you will see the entries for a bunch of other DNSBLs. Basically, you need to add DSBL list.dsbl.org. to the file. Then reload MailScanner. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 16:37:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: Mail Archive feature bug? In-Reply-To: Message-ID: <5.2.0.9.2.20030513163001.04aa0ec0@imap.ecs.soton.ac.uk> At 15:30 13/05/2003, you wrote: >I am using the archive feature in MailScanner to do a realtime backup of >all incoming and outgoing e-mail into our system. > >I have noticed however that also e-mail gets through that would otherwise >be blocked/discarded because of a too high spam score. > >Is this intentional behaviour? I have all the chinese spam crap and other >mails above a certain score silently deleted. The deletion works ok but it >is still sent to the archive. I'd rather keep the archive clean as well :) Yes, it is entirely intentional. It archives all mail. The new release will have non-spam actions just like it currently has spam actions and high-scoring spam actions. So instead of using Archive Mail, you could use Non Spam Actions = deliver store. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 16:42:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: Mail Archive feature bug? In-Reply-To: Message-ID: <5.2.0.9.2.20030513164201.04af8cc8@imap.ecs.soton.ac.uk> At 16:22 13/05/2003, you wrote: >I personally prefer it the way it is now - archive everything. Don't worry, "Archive Mail" is not going away, I am just adding to the archiving options available. >Jason > > > -----Original Message----- > > From: Remco Barendse [mailto:mailscanner@BARENDSE.TO] > > Sent: Tuesday, May 13, 2003 10:30 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: [MAILSCANNER] Mail Archive feature bug? > > > > > > I am using the archive feature in MailScanner to do a > > realtime backup of > > all incoming and outgoing e-mail into our system. > > > > I have noticed however that also e-mail gets through that > > would otherwise > > be blocked/discarded because of a too high spam score. > > > > Is this intentional behaviour? I have all the chinese spam > > crap and other > > mails above a certain score silently deleted. The deletion > > works ok but it > > is still sent to the archive. I'd rather keep the archive > > clean as well :) > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 16:29:27 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: Spam rule wildcards... In-Reply-To: <3EC0EF3B.E9E1DC6F@dcg.com> References: <200305122300.h4CN0REG007818@frobozz.dcg.com> Message-ID: <5.2.0.9.2.20030513162846.030df618@imap.ecs.soton.ac.uk> At 14:12 13/05/2003, you wrote: >Julian Field wrote: > > That should do it. However, you could give the explicit regular > > expression in there if you want to: > > To: /^johndoe\+.*\@/ deliver > > (nothing is needed after the "\@" except for the closing "/" > > character. > >Ok -- sounds good. I'd like to do both in one line though -- but I'm not >great with regular expressions yet. (Maybe the above already does both in one >line? Hmmm... I'm not sure about the "." though -- makes me think it >wouldn't catch both...) Can someone give me a one line regexp that will cover >with and without the "+" addition? So, basically, I want these two >rules: > >To: johndoe@* deliver >To: johndoe+*@* deliver > >...as one regular expression. Of course, I don't want just johndoe*@* to >match, since I might have a user that is named johndoejr@domain.com that I >wouldn't want to match. Maybe something like this? > >To: /^johndoe(\+[_a-zA-Z0-9-]+)?\@/ deliver > >...but, again, I'm fairly new to regexp, so forgive whatever I have done there >if it is incorrect. :-) Your last suggestion looks fine to me. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 16:38:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: spamassassin 2.53 & MailScanner In-Reply-To: References: <5.2.1.1.2.20030509193304.026b5eb8@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030513163754.030f1ce0@imap.ecs.soton.ac.uk> At 15:40 13/05/2003, you wrote: >Is there any visible evidence to be found that DCC is (not) working as it >should? I can't see any changes in the mail headers or mail log. You should start to see DCC turn up in the spam reports. >On Fri, 9 May 2003, Julian Field wrote: > > > At 19:30 09/05/2003, you wrote: > > >Stupid question maybe, but I see lots of messages about DCC. What is DCC > > >and where can I find it? > > > > Distributed Checksum Clearinghouse > > http://www.rhyolite.com/anti-spam/dcc/ > > > > SpamAssassin will use it if it is installed. > > Download it from the link at the top of that web page, then > > unpack it > > cd into it > > ./configure > > make > > make install > > > > (Oh, it requires GNU make) > > > > then edit spam.assassin.prefs.conf > > Remove the line that sets the DCC rule to 0. > > Add > > dcc_path /usr/local/bin/dccproc > > > > Restart MailScanner. > > > > Please feel free to add this to the Faq-o-matic. > > > > >On Fri, 9 May 2003, Desai, Jason wrote: > > > > > > > I am not a spamassassin expert, but from what I can tell by looking > at the > > > > list of tests it does (http://spamassassin.rediris.es/tests.html), many > > > > tests score lower with "net". I assume that "net" means you do some > > > sort of > > > > check over the internet, such as an RBL lookup or a DCC check. So > if you > > > > only do RBL lookups but not DCC, Razor2, or Pyzor, some tests will > score > > > > even lower and may result in email not being tagged as spam. > > > > > > > > I was seeing a lot of spam get through until I installed DCC, > Razor2, and > > > > Pyzor. > > > > > > > > Hope this helps. > > > > > > > > Jason > > > > > > > > > -----Original Message----- > > > > > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > > > Sent: Thursday, May 08, 2003 6:31 PM > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Subject: Re: [MAILSCANNER] spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > I just installed DCC yesterday and am already seeing improved > > > > > results. You > > > > > might give that a shot. > > > > > > > > > > Mike > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: MailScanner mailing list > > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > > > > > > Sent: Thursday, May 08, 2003 8:32 AM > > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > > Subject: spamassassin 2.53 & MailScanner > > > > > > > > > > > > > > > > > > Dear All, > > > > > > > > > > > > Just wondering if anyone out there has any suggestions for > > > > > > improving/tweaking SpamAssassin (2.53) settings -- I am > > > > > > running MailScanner & SpamAssassin 2.53 but still getting a > > > > > > fair amount of spam not over the default score of 5, or > > > > > > sometimes even with a negative score. > > > > > > > > > > > > I'm running a pretty busy system that handles about 15-20k > > > > > > messages per day. > > > > > > > > > > > > I have tried lowering the score threshold but of course then > > > > > > I get more false positives. I've seen mention that > > > > > > SpamAssassin 2.60 is much improved but I hesitate to use it > > > > > > at this point. > > > > > > > > > > > > One idea I had was enabling Vipul's Razor, but I've never > > > > > > used it. Any input would be of interest. > > > > > > > > > > > > Thanks! > > > > > > > > > > > > -Ron > > > > > > > > > > > > > > > > > > > > > > > >-- > > >This message has been scanned for viruses and > > >dangerous content by MailScanner, and is > > >believed to be clean. > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 16:41:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <1052839767.442.33.camel@ws2.billbeau.net> References: <1052839504.442.27.camel@ws2.billbeau.net> <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> <3EC10D6E.4070007@pa.net> <1052839504.442.27.camel@ws2.billbeau.net> Message-ID: <5.2.0.9.2.20030513164029.030f3550@imap.ecs.soton.ac.uk> Please can you give us the relevant bits (e.g. the System Settings at the top) from your MailScanner.conf. We don't want all the comments as well, just the settings. And have you set which MTA to use in /etc/sysconfig/MailScanner and the "redhat-switchmail-nox" command? At 16:29 13/05/2003, you wrote: >This is the message I get in /var/log/mail/info when I send a test >message. > >May 13 08:26:40 fs1 postfix/nqmgr[18638]: ABF8DC7685: >to=, relay=none, delay=0, status=deferred >(deferred transport) >May 13 08:26:40 fs1 MailScanner[22090]: New Batch: Scanning 1 messages, >1209 bytes >May 13 08:26:52 fs1 MailScanner[22090]: Virus and Content Scanning: >Starting >May 13 08:26:52 fs1 MailScanner[22090]: Uninfected: Delivered 1 messages > > >These are the messages I get in /var/log/mail/error > > >May 13 08:17:59 fs1 postfix/nqmgr[22062]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:19:00 fs1 postfix/nqmgr[22063]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:20:01 fs1 postfix/nqmgr[22064]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:21:02 fs1 postfix/nqmgr[22065]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:22:03 fs1 postfix/nqmgr[22087]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:23:04 fs1 postfix/nqmgr[22092]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:24:05 fs1 postfix/nqmgr[22093]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:25:06 fs1 postfix/nqmgr[22096]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:26:07 fs1 postfix/nqmgr[22098]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:27:08 fs1 postfix/nqmgr[22107]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:28:09 fs1 postfix/nqmgr[22108]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted >May 13 08:29:10 fs1 postfix/nqmgr[22110]: fatal: qmgr_move: update >active/0/0B7971F2213 time stamps: Operation not permitted > > >On Tue, 2003-05-13 at 08:25, Bill Beauchemin wrote: > > I am running version 4.20 > > > > everything seems to be working but when it transfers files it seems to > > just send them into limbo. > > > > I followed the install adn it was working then installed f-prot and it > > stoped working > > > > > > On Tue, 2003-05-13 at 08:21, Leland J. Steinke wrote: > > > >> > > > >> > > > >>How do I do that? Im not using sendmail I am using postfix > > > >> > > > > > > did you follow the instructions at www.mailscanner.info on setting up > MS and > > > postfix? What version of MailScanner are you running? > > > > > > > > > Leland > > -- > > Bill Beauchemin > > www.billbeau.net > > > > Home Of > > Beau's Bullet > > PSCA R/S 29 > > and > > Beautie Goldens >-- >Bill Beauchemin >www.billbeau.net > > Home Of >Beau's Bullet > PSCA R/S 29 > and >Beautie Goldens -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From beau at BILLBEAU.NET Tue May 13 16:59:18 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <5.2.0.9.2.20030513164029.030f3550@imap.ecs.soton.ac.uk> References: <1052839504.442.27.camel@ws2.billbeau.net> <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> <3EC10D6E.4070007@pa.net> <1052839504.442.27.camel@ws2.billbeau.net> <5.2.0.9.2.20030513164029.030f3550@imap.ecs.soton.ac.uk> Message-ID: <1052841558.442.53.camel@ws2.billbeau.net> MailScanner.conf file settings un As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix.in/deferred Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine MTA = postfix /etc/sysconfig/MailScanner MTA = postfix "redhat-switchmail-nox" command does not work I am running aMandrake 9.1 On Tue, 2003-05-13 at 08:41, Julian Field wrote: > Please can you give us the relevant bits (e.g. the System Settings at the > top) from your MailScanner.conf. We don't want all the comments as well, > just the settings. > And have you set which MTA to use in /etc/sysconfig/MailScanner and the > "redhat-switchmail-nox" command? > > At 16:29 13/05/2003, you wrote: > >This is the message I get in /var/log/mail/info when I send a test > >message. > > > >May 13 08:26:40 fs1 postfix/nqmgr[18638]: ABF8DC7685: > >to=, relay=none, delay=0, status=deferred > >(deferred transport) > >May 13 08:26:40 fs1 MailScanner[22090]: New Batch: Scanning 1 messages, > >1209 bytes > >May 13 08:26:52 fs1 MailScanner[22090]: Virus and Content Scanning: > >Starting > >May 13 08:26:52 fs1 MailScanner[22090]: Uninfected: Delivered 1 messages > > > > > >These are the messages I get in /var/log/mail/error > > > > > >May 13 08:17:59 fs1 postfix/nqmgr[22062]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:19:00 fs1 postfix/nqmgr[22063]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:20:01 fs1 postfix/nqmgr[22064]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:21:02 fs1 postfix/nqmgr[22065]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:22:03 fs1 postfix/nqmgr[22087]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:23:04 fs1 postfix/nqmgr[22092]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:24:05 fs1 postfix/nqmgr[22093]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:25:06 fs1 postfix/nqmgr[22096]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:26:07 fs1 postfix/nqmgr[22098]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:27:08 fs1 postfix/nqmgr[22107]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:28:09 fs1 postfix/nqmgr[22108]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > >May 13 08:29:10 fs1 postfix/nqmgr[22110]: fatal: qmgr_move: update > >active/0/0B7971F2213 time stamps: Operation not permitted > > > > > >On Tue, 2003-05-13 at 08:25, Bill Beauchemin wrote: > > > I am running version 4.20 > > > > > > everything seems to be working but when it transfers files it seems to > > > just send them into limbo. > > > > > > I followed the install adn it was working then installed f-prot and it > > > stoped working > > > > > > > > > On Tue, 2003-05-13 at 08:21, Leland J. Steinke wrote: > > > > >> > > > > >> > > > > >>How do I do that? Im not using sendmail I am using postfix > > > > >> > > > > > > > > did you follow the instructions at www.mailscanner.info on setting up > > MS and > > > > postfix? What version of MailScanner are you running? > > > > > > > > > > > > Leland > > > -- > > > Bill Beauchemin > > > www.billbeau.net > > > > > > Home Of > > > Beau's Bullet > > > PSCA R/S 29 > > > and > > > Beautie Goldens > >-- > >Bill Beauchemin > >www.billbeau.net > > > > Home Of > >Beau's Bullet > > PSCA R/S 29 > > and > >Beautie Goldens > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From Kevin.Spicer at BMRB.CO.UK Tue May 13 17:06:10 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF592@pascal.priv.bmrb.co.uk> > > "redhat-switchmail-nox" command does not work I am running > aMandrake 9.1 > I think update-alternatives does a similar thing on Mandrake (can't remember the syntax off-hand though). Postfix is the default MTA for Mandrake anyway, so unless you've installed sendmail or something else previously it should all be properly set up. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From thomas.zajic at ROCKSTARVIENNA.COM Tue May 13 17:08:38 2003 From: thomas.zajic at ROCKSTARVIENNA.COM (Thomas Zajic) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <1052841558.442.53.camel@ws2.billbeau.net> References: <1052839504.442.27.camel@ws2.billbeau.net> <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> <3EC10D6E.4070007@pa.net> <1052839504.442.27.camel@ws2.billbeau.net> <5.2.0.9.2.20030513164029.030f3550@imap.ecs.soton.ac.uk> <1052841558.442.53.camel@ws2.billbeau.net> Message-ID: <20030513160838.GB342@thomas.neo.at> On Tue, May 13, 2003 at 08:59:18AM -0700, Bill Beauchemin wrote: > MailScanner.conf file settings > > un As User = postfix ^^ Are you missing an "R" in your config file, or did this happen during copy/paste? -- ----------------------------- Thomas Zajic system administrator ROCKSTAR VIENNA www.rockstarvienna.com From copper_shotgun at HOTMAIL.COM Tue May 13 17:14:03 2003 From: copper_shotgun at HOTMAIL.COM (Richard Alexander) Date: Thu Jan 12 21:18:03 2006 Subject: DNSBLs Message-ID: Thanks to all for the help. Adding the line back to sendmail.mc did the trick. I was using this before and it blocked the mail before users saw it. After i setup MS/SA i added it: (FEATURE(`dnsbl', `list.dsbl.org', `"Email blocked using ORDB.org - see >"')dnl) to the mailscanner.conf and defined it in the spam.lists.conf. MS was checking list.dsbl.org and tagging the mail as it should, but now users were seeing more spam than they were used to seeing. THANKS From beau at BILLBEAU.NET Tue May 13 17:16:43 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <20030513160838.GB342@thomas.neo.at> References: <1052839504.442.27.camel@ws2.billbeau.net> <000b01c31961$d2bade90$6901a8c0@home.middlefinger.net> <3EC10D6E.4070007@pa.net> <1052839504.442.27.camel@ws2.billbeau.net> <5.2.0.9.2.20030513164029.030f3550@imap.ecs.soton.ac.uk> <1052841558.442.53.camel@ws2.billbeau.net> <20030513160838.GB342@thomas.neo.at> Message-ID: <1052842603.442.60.camel@ws2.billbeau.net> Yeah it didnt paste the R Run As User = postfix Would there be an issue if the directory /var/spool/mail had the permissions like this drwxrwsr-x 2 root mail 4096 May 13 06:07 mail/ On Tue, 2003-05-13 at 09:08, Thomas Zajic wrote: > On Tue, May 13, 2003 at 08:59:18AM -0700, Bill Beauchemin wrote: > > > MailScanner.conf file settings > > > > un As User = postfix > ^^ > Are you missing an "R" in your config file, or did this happen during > copy/paste? > -- > ----------------------------- > Thomas Zajic > system administrator > > ROCKSTAR VIENNA > www.rockstarvienna.com -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From robbyv at DISASTER.COM Tue May 13 17:20:37 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:03 2006 Subject: Bayes setup In-Reply-To: <5.2.0.9.2.20030513164244.02f53c80@imap.ecs.soton.ac.uk> References: Message-ID: <5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com> Hows that a job for the MTA. I want to make it so only certain users/domains can send mail to say spam@foo.com. Thought that would be a rule in mailscanner somewhere. At 04:42 PM 5/13/2003 +0100, you wrote: >That's a job for your MTA, it's nothing to do with MailScanner. > >At 16:15 13/05/2003, you wrote: >>Is there anyway to only allow mail from a certain user or domain to go to >>the spam/notspam users? >>So only 1 user can submit spam or any users form a certain domain can >>submit spam to be learned. > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support Rob Vicchiullo robv@disaster.com http://www.disaster.com (518) 218-0900 From Kevin.Spicer at BMRB.CO.UK Tue May 13 17:33:23 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:03 2006 Subject: URGENT: MailScanner issue on Linux mail server Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF593@pascal.priv.bmrb.co.uk> > Yeah it didnt paste the R > > Run As User = postfix > > Would there be an issue if the directory /var/spool/mail had the > permissions like this > > drwxrwsr-x 2 root mail 4096 May 13 06:07 mail/ > Looks about right, my Mandrake machines with postfix (9.0 the one I looked at) has 775 root:mail, this isn't a problem becuase local mail delivery is handled by procmail which runs sgid mail (you might like to check /usr/bin/procmail is setgid mail!). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mikea at MIKEA.ATH.CX Tue May 13 17:38:34 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:04 2006 Subject: Bayes setup In-Reply-To: <5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com>; from robbyv@DISASTER.COM on Tue, May 13, 2003 at 12:20:37PM -0400 References: <5.2.0.9.2.20030513164244.02f53c80@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com> Message-ID: <20030513113834.A15830@mikea.ath.cx> On Tue, May 13, 2003 at 12:20:37PM -0400, Rob V wrote: > Hows that a job for the MTA. I want to make it so only certain > users/domains can send mail to say spam@foo.com. > Thought that would be a rule in mailscanner somewhere. > > > At 04:42 PM 5/13/2003 +0100, you wrote: > >That's a job for your MTA, it's nothing to do with MailScanner. > > > >At 16:15 13/05/2003, you wrote: > >>Is there anyway to only allow mail from a certain user or domain to go to > >>the spam/notspam users? > >>So only 1 user can submit spam or any users form a certain domain can > >>submit spam to be learned. For sendmail, you need to read the README for the sendmail config files; on my FreeBSD 4.3 system, it's at /usr/src/contrib/sendmail/cf/README and it gives all manner of useful stuff that can be done with the various config files. Apologies if you already knew this. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From beau at BILLBEAU.NET Tue May 13 17:37:25 2003 From: beau at BILLBEAU.NET (Bill Beauchemin) Date: Thu Jan 12 21:18:04 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF593@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF593@pascal.priv.bmrb.co.uk> Message-ID: <1052843845.461.70.camel@ws2.billbeau.net> The mail looks like it is being sent to /var/spool/postfix/incomming and stays there. is it suppose to go to /var/spool/mail? That is where the pop server seems to be looking. there is mail in the incomming directory du -k [root@fs1 incoming]# du -k 4 ./A 12 ./7 36 ./B 4 ./8 8 ./0 0 ./E 4 ./6 1660 ./4 188 ./C 20 ./3 0 ./D 4 ./5 8 ./9 184 ./1 0 ./2 0 ./F 2132 . On Tue, 2003-05-13 at 09:33, Spicer, Kevin wrote: > > Yeah it didnt paste the R > > > > Run As User = postfix > > > > Would there be an issue if the directory /var/spool/mail had the > > permissions like this > > > > drwxrwsr-x 2 root mail 4096 May 13 06:07 mail/ > > > > Looks about right, my Mandrake machines with postfix (9.0 the one I looked at) has 775 root:mail, this isn't a problem becuase local mail delivery is handled by procmail which runs sgid mail (you might like to check /usr/bin/procmail is setgid mail!). > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. -- Bill Beauchemin www.billbeau.net Home Of Beau's Bullet PSCA R/S 29 and Beautie Goldens From dwinkler at ALGORITHMICS.COM Tue May 13 17:45:05 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:04 2006 Subject: Feature Request: Multiple Levels of Actions Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> Feature request: I'd like to have another level of spam actions but instead of creating Mid-scoring spam config options why not create something like the rule files... Spam Actions = /opt/MailScanner/etc/rules/spam.actions.rules spam.actions.rules would contain something like: 9 modify "{Spam?}", deliver 15 modify "{Spam?}", striphtml, deliver max delete with the first line applying to mails which score 9 or below, the second to >9 <=15, and the last for anything >15. You could have as many or few as needed. This would eliminate the need for the following config options: Spam Modify Subject Spam Subject Text High Scoring Spam Modify Subject High Scoring Spam Subject Text Spam Actions High Scoring Spam Actions I'd find this handy anyways, Derek Winkler Security Administrator Algorithmics Inc., Toronto Tel: (416) 217-4107 Fax: (416) 971-6263 www.algorithmics.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030513/218ade7b/attachment.html From Kevin.Spicer at BMRB.CO.UK Tue May 13 17:59:59 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:04 2006 Subject: URGENT: MailScanner issue on Linux mail server Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF595@pascal.priv.bmrb.co.uk> > The mail looks like it is being sent to /var/spool/postfix/incomming > and stays there. is it suppose to go to /var/spool/mail? > That is where > the pop server seems to be looking. there is mail in the incomming > directory > That sounds right, the local mailer should deliver into /var/spool/mail, postfix should be using procmail to do local delivery. Sounds like postfix isn't running the outgoing queue after MailScanner processes the mails. So either that postfix process isn't running or something is stopping it working. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From richard at SHEFLUG.CO.UK Tue May 13 18:05:21 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: <200305101254.14363.richard@sheflug.co.uk> References: <200305101148.29315.richard@sheflug.co.uk> <5.2.1.1.2.20030510124927.026a8f50@imap.ecs.soton.ac.uk> <200305101254.14363.richard@sheflug.co.uk> Message-ID: Hi Spent the last few days since last week hacking away at my SuSE 8.2 workstation with Postfix. Mailscanner and Spamassassin 2.54 from CPAN. Right now I'm getting some good logs in /var/log/mail...... May 13 17:29:46 postfix/smtpd[310]: 8A1E7226DE: client=localhost[127.0.0.1] May 13 17:29:46 postfix/cleanup[332]: 8A1E7226DE: message-id=<5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com May 13 17:29:46 postfix/qmgr[18225]: 8A1E7226DE: from=, size=3401, nrcpt=1 (queue a ctive) May 13 17:29: amavis[358]: starting. amavis 0.3.12pre8 Mon Mar 17 18:52:54 UTC 2003 May 13 17:29:47 postfix/smtpd[318]: connect from localhost[127.0.0.1] May 13 17:29:47 postfix/smtpd[318]: D5D3A35B6E: client=localhost[127.0.0.1] May 13 17:29:47 postfix/cleanup[312]: D5D3A35B6E: message-id=<5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com May 13 17:29:47 postfix/qmgr[18225]: D5D3A35B6E: from=, size=3627, nrcpt=1 (queue However, when spam arrives I find that it is not tagged or checked by Spamassassin. Neither does Mailscanner do anything to the spam either. I've removed any reference to Spamassassin in the procmail config files. It's been explained to me that Mailscanner starts Spamassassin and maintains it. This being the case I have very carefully checked the Mailscanner config file. Can't spot anything and no error messages in the logs. Is there any way that I can restart Spamassassin or stop it ? Can't find any way to do this. If I can re-start it I might be able to get an error message. Already tried ... ' # spamd -D' ... with the result.. debug: Score set 0 chosen. debug: running in taint mode? no Could not create INET socket: Address already in use IO::Socket::INET: Address already in use This is probably because Spamassassin is already running. "Score set 0 chosen" doesn't make any sense to me either. All the rules are set in the Spamassassin local.cf. Thanks Richard www.sheflug.co.uk From raymond at PROLOCATION.NET Tue May 13 18:07:33 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: Message-ID: Hi! > May 13 17:29: amavis[358]: starting. amavis 0.3.12pre8 Mon UH ?? > Is there any way that I can restart Spamassassin or stop it ? Can't > find any way to do this. If I can re-start it I might be able to get > an error message. Already tried ... ' # spamd -D' ... with the > result.. Is Amavis still running ? Bye, Raymond. From richard at SHEFLUG.CO.UK Tue May 13 18:37:44 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: References: Message-ID: Raymond > Is Amavis still running ? Yes. But, what's it got to with Spamassassin ? Amavis the the default ant-virus software for e-mail scanning. Richard From raymond at PROLOCATION.NET Tue May 13 18:54:12 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: Message-ID: Hi! > > Is Amavis still running ? > Yes. But, what's it got to with Spamassassin ? Amavis the the default > ant-virus software for e-mail scanning. Amavis is like MailScanner right ? Perhaps i dont understand, but in my eyes you should either run one of them. Bye, Raymond. From richard at SHEFLUG.CO.UK Tue May 13 19:17:29 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: References: Message-ID: Raymond > Yes. But, what's it got to with Spamassassin ? Amavis the the default > ant-virus software for e-mail scanning. > > Amavis is like MailScanner right ? Perhaps i don't understand, but in my > eyes you should either run one of them. Yes. But, I've set the /etc/MailScanner/MailScanner.conf file so that a virus scanner is not loaded. I'd like to use Mailscanner just for spam checking. I thought that's what Mailscanner was for ? As I understand it Mailscanner loads Spamassassin and checks for spam. Thanks Richard From raymond at PROLOCATION.NET Tue May 13 19:38:26 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: Message-ID: Hi! > > Amavis is like MailScanner right ? Perhaps i don't understand, but in my > > eyes you should either run one of them. > Yes. But, I've set the /etc/MailScanner/MailScanner.conf file so that > a virus scanner is not loaded. I'd like to use Mailscanner just for > spam checking. I thought that's what Mailscanner was for ? > > As I understand it Mailscanner loads Spamassassin and checks for spam. I think your setup is very strange. Do you have a clear view of the current process yourself ? Whats picking up the mail? Whats dropping the mail ? Can you draw a process line of how you think you set it up ? Is MailScanner picking up the mails, is Amavis picking up the mail, where is mail placed afterwards ? Why you even wanna keep using Amavis in this setup, it makes your setup very strange and CPU intensive. Just follow the guides how to setup MailScanner, it runs just fine, if you want to make it do something else, fine, but please only do that if you have expert knowledge of what you are doing currently... The path should be: MTA -> MailScanner -> export path ... (either local delivery or MTA alike) In your setup you use some parts of Amavis, and expects MailScanner to just pick that up... Bye, Raymond. From richard at SHEFLUG.CO.UK Tue May 13 19:55:31 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: References: Message-ID: Raymond > I think your setup is very strange. Do you have a clear view of the > current process yourself ? Whats picking up the mail? Whats dropping the > mail ? Can you draw a process line of how you think you set it up ? Thank for the help but it ain't going to work. Been building computers for five years and working on then since the first ICL business computer came along in 1973. Thanks Richard From raymond at PROLOCATION.NET Tue May 13 20:03:01 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: Message-ID: Hi! > > I think your setup is very strange. Do you have a clear view of the > > current process yourself ? Whats picking up the mail? Whats dropping the > > mail ? Can you draw a process line of how you think you set it up ? > Thank for the help but it ain't going to work. Been building > computers for five years and working on then since the first ICL business > computer came along in 1973. It might help if you put down some of the things i asked... Bye, Raymond. From richard at SHEFLUG.CO.UK Tue May 13 20:27:26 2003 From: richard at SHEFLUG.CO.UK (Richard Ibbotson) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: References: Message-ID: Raymond > It might help if you put down some of the things i asked... Oh.. sorry about that. I did but it didn't make any difference. I can see what you mean but I think this might take another week to sort out and I've got to go somewhere else for the rest of this week. Maybe later. Thanks Richard From jaearick at COLBY.EDU Tue May 13 20:35:01 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:04 2006 Subject: Feature Request: Multiple Levels of Actions In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> Message-ID: Julian, I would sure use this setup too. I would use it as: #---deliver (hopefully) non-spam, less than 4 <4 deliver #---deliver maybe-spam, range 4-9 4 modify "{Spam?}", deliver #---let my procmail rules trap probable spam, range 9-12 9 modify "{HIGH SPAM}", forward jaearick@colby.edu #---certain spam, delete it, range > 12 >12 delete Tis a great suggestion... --- Jeff Earickson On Tue, 13 May 2003, Derek Winkler wrote: > Date: Tue, 13 May 2003 12:45:05 -0400 > From: Derek Winkler > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Feature Request: Multiple Levels of Actions > > > Feature request: > > I'd like to have another level of spam actions but instead of creating > Mid-scoring spam config options why not create something like the rule > files... > > Spam Actions = /opt/MailScanner/etc/rules/spam.actions.rules > > spam.actions.rules would contain something like: > > 9 modify "{Spam?}", deliver > 15 modify "{Spam?}", striphtml, deliver > max delete > > with the first line applying to mails which score 9 or below, the second to > >9 <=15, and the last for anything >15. You could have as many or few as > needed. > > This would eliminate the need for the following config options: > > Spam Modify Subject > Spam Subject Text > High Scoring Spam Modify Subject > High Scoring Spam Subject Text > Spam Actions > High Scoring Spam Actions > > I'd find this handy anyways, > > Derek Winkler > Security Administrator > Algorithmics Inc., Toronto > Tel: (416) 217-4107 > Fax: (416) 971-6263 > www.algorithmics.com > From peter at UCGBOOK.COM Tue May 13 22:29:44 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:04 2006 Subject: Encrypting Email In-Reply-To: <005501c318b3$1868cd80$6901a8c0@home.middlefinger.net> References: <005501c318b3$1868cd80$6901a8c0@home.middlefinger.net> Message-ID: <1052861383.2090.2.camel@rocco.bonivart.home> You should look into the TLS protocol. It uses SSL for encryption between domains without any user intervention. PGP is not well suited for domain-domain encryption. /Peter Bonivart --Unix lovers do it in the Sun On Mon, 2003-05-12 at 20:19, Mike Kercher wrote: > The objective is to have forms submitted via https encrypted. Client to client > is easy using PGP or similar on the Win desktops. > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ernest W. Lessenger > > Sent: Monday, May 12, 2003 12:40 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Encrypting Email > > > > > > At 12:30 PM 5/12/2003 -0500, you wrote: > > >I only need to do this for a few email accounts and it has > > to do with > > >HIPAA compliance. I'm not even sure yet whether or not it will be a > > >requirement, but I want to be prepared. > > > > What email client do the users have? It would probably be > > fairly simple to write a rule that will check to ensure that > > the data is encrypted (look for the proper attachment/mime > > type) as it leaves. You would have to install a client on > > each machine (PGP 8.0 or Outlook), but that's probably the > > way this should be done regardless. > > > > --Ernest W. Lessenger > > OACYS Technology > > From mailscanner at ecs.soton.ac.uk Tue May 13 23:00:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: Less Confused In-Reply-To: References: <200305101254.14363.richard@sheflug.co.uk> <200305101148.29315.richard@sheflug.co.uk> <5.2.1.1.2.20030510124927.026a8f50@imap.ecs.soton.ac.uk> <200305101254.14363.richard@sheflug.co.uk> Message-ID: <5.2.1.1.2.20030513225504.012c3ba8@imap.ecs.soton.ac.uk> At 18:05 13/05/2003, you wrote: >However, when spam arrives I find that it is not tagged or checked by >Spamassassin. Neither does Mailscanner do anything to the spam >either. I've removed any reference to Spamassassin in the >procmail config files. It's been explained to me that Mailscanner >starts Spamassassin and maintains it. This being the case I have very >carefully checked the Mailscanner config file. Can't spot anything >and no error messages in the logs. > >Is there any way that I can restart Spamassassin or stop it ? Can't >find any way to do this. There is nothing to start or stop. SpamAssassin is a big function library. 2 of the client front-ends for it are the "spamassassin" script and "spamd" / "spamc". Both of these methods involve considerable overhead and are slow, which is why MailScanner doesn't use them. MailScanner interfaces directly with SpamAssassin's Perl API. You can't start or stop MailScanner in the same way that you can't start or stop your glibc. Amavis does nasty things within Postfix that are pretty much incompatible with the way MailScanner works. Amavis tries to get involved in the message delivery process, which I personally think is a bad idea. MailScanner does not interfere with either SMTP service or message delivery, it sits in the middle instead of at one end. My advice would be to reduce your setup to a simple Postfix system not using SpamAsassin, amavis, spamd, spamc or anything like that at all. Then follow the MailScanner installation instructions (which are very simple). Once MailScanner is installed, all you need to do to use SpamAssassin is set Use SpamAssassin = yes in MailScanner.conf. No daemons to start or procmail setups to write, nothing like that at all. Just 1 configuration switch. I hope that helps explain it a bit. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From robibaro at ROBIBARO.COM Tue May 13 23:02:24 2003 From: robibaro at ROBIBARO.COM (Eric Robibaro) Date: Thu Jan 12 21:18:04 2006 Subject: Encrypting Email In-Reply-To: <004401c318a4$417c1560$6901a8c0@home.middlefinger.net> References: <004401c318a4$417c1560$6901a8c0@home.middlefinger.net> Message-ID: <8731609.1052848944@[10.0.18.7]> There should be maybe an even dozen of scripts that already do this on the sites you usually suspect for this (hotscripts.com, scriptdex... etc...) I found this after a minute of googling, it might be what you require You might also want to look into project anubis if you require extra capabilities in any area including MUA as well as MTA (my dedicated machine has one built in, but I believe that was a custom patch off formmail, I could be wrong) hope this helped --On May 12, 2003 11:33 -0500 Mike Kercher wrote: > Has anyone implemented a system to encrypt emails using GPG or something > similar at the MTA? It'd be nice if there was an option in MS to do this > on a per domain basis. > > Mike From raymond at PROLOCATION.NET Tue May 13 23:18:30 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.0.9.2.20030513115628.031032a8@imap.ecs.soton.ac.uk> Message-ID: Hi! > >I am currently running roughly 60,000 messages through 2.54, and will then > >do 2.53, to see what the spam score distribution looks like. This will tell > >us if it will detect more spam, and whether you need to move your threshold > >score. Will post later when I have some results. > Attached is a gif of the distribution of spam scores you get with my 60,000 > message test set. > Basically it generates a lot less "<=0" values and a lots more 1, 2 and 3 > values to compensate. Once you get up to 5 or so, the differences between > the 2.53 and 2.54 are pretty minimal. Nice graphs. I have upgraded to 2.54 on my boxes, and also installed Razor2. If i have time i will have an eye on DCC and Pyzor... Razor2 took up several hits allready, so is looking like a quick win. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Tue May 13 23:09:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: Bayes setup In-Reply-To: <5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com> References: <5.2.0.9.2.20030513164244.02f53c80@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030513230318.03347eb0@imap.ecs.soton.ac.uk> MailScanner has never got involved in complete refusal of mail delivery to/from certain addresses. For one thing it always involves having 2 conditions in 1 line of a ruleset (ie. if from foo and to bar then do this), which my configuration compiler isn't clever enough to cope with. It's adaptable enough to handle 99% of its uses 99% of the time. It would be nice if those were 100, but there are limits to the hours in a day :-) It's also always been a thing I reckon the MTA is in a better position to do, as refusal of SMTP connections is something it is written for and is already very good at. At 17:20 13/05/2003, you wrote: >Hows that a job for the MTA. I want to make it so only certain >users/domains can send mail to say spam@foo.com. >Thought that would be a rule in mailscanner somewhere. > > >At 04:42 PM 5/13/2003 +0100, you wrote: >>That's a job for your MTA, it's nothing to do with MailScanner. >> >>At 16:15 13/05/2003, you wrote: >>>Is there anyway to only allow mail from a certain user or domain to go to >>>the spam/notspam users? >>>So only 1 user can submit spam or any users form a certain domain can >>>submit spam to be learned. >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > >Rob Vicchiullo >robv@disaster.com >http://www.disaster.com >(518) 218-0900 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 23:20:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: Feature Request: Multiple Levels of Actions In-Reply-To: References: <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> Message-ID: <5.2.1.1.2.20030513230948.0333bc28@imap.ecs.soton.ac.uk> Implementing a file like you suggest is not necessarily very easy. As soon as I do that, someone will want the ranges to be allowed to overlap, adding the list of actions as appropriate (and what happens when they clash?). Then you will need to be able to set this per user or per domain, so it has to be setup from another ruleset. So it's quite a bit of work, and I don't think it's necessary. Read on... This can already be very easily done with a small Custom Function. In MailScanner.conf set Required SpamAssassin Score = 4 Spam Subject Text = {Spam?} Spam Actions = deliver High Scoring SpamAssassin Score = 9 High Scoring Spam Subject Text = {HIGH SPAM} High Scoring Spam Actions = &HighScoringSpamActions Then in CustomConfig.pm sub HighScoringSpamActions { my($message) = @_; my $score = $message->{sascore}; # Field names at top of Message.pm return 'forward jaearick@colby.edu' if $score<=12; return 'delete'; } There, that wasn't too painful was it? At 20:35 13/05/2003, you wrote: >Julian, > >I would sure use this setup too. I would use it as: > > #---deliver (hopefully) non-spam, less than 4 > <4 deliver > > #---deliver maybe-spam, range 4-9 > 4 modify "{Spam?}", deliver > > #---let my procmail rules trap probable spam, range 9-12 > 9 modify "{HIGH SPAM}", forward jaearick@colby.edu > > #---certain spam, delete it, range > 12 > >12 delete > >Tis a great suggestion... > >--- Jeff Earickson > >On Tue, 13 May 2003, Derek Winkler wrote: > > > Date: Tue, 13 May 2003 12:45:05 -0400 > > From: Derek Winkler > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Feature Request: Multiple Levels of Actions > > > > > > Feature request: > > > > I'd like to have another level of spam actions but instead of creating > > Mid-scoring spam config options why not create something like the rule > > files... > > > > Spam Actions = /opt/MailScanner/etc/rules/spam.actions.rules > > > > spam.actions.rules would contain something like: > > > > 9 modify "{Spam?}", deliver > > 15 modify "{Spam?}", striphtml, deliver > > max delete > > > > with the first line applying to mails which score 9 or below, the second to > > >9 <=15, and the last for anything >15. You could have as many or few as > > needed. > > > > This would eliminate the need for the following config options: > > > > Spam Modify Subject > > Spam Subject Text > > High Scoring Spam Modify Subject > > High Scoring Spam Subject Text > > Spam Actions > > High Scoring Spam Actions > > > > I'd find this handy anyways, > > > > Derek Winkler > > Security Administrator > > Algorithmics Inc., Toronto > > Tel: (416) 217-4107 > > Fax: (416) 971-6263 > > www.algorithmics.com > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue May 13 23:31:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: References: <5.2.0.9.2.20030513115628.031032a8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030513232932.02cf1028@imap.ecs.soton.ac.uk> At 23:18 13/05/2003, you wrote: >Hi! > > > >I am currently running roughly 60,000 messages through 2.54, and will then > > >do 2.53, to see what the spam score distribution looks like. This will > tell > > >us if it will detect more spam, and whether you need to move your > threshold > > >score. Will post later when I have some results. > > > Attached is a gif of the distribution of spam scores you get with my 60,000 > > message test set. > > Basically it generates a lot less "<=0" values and a lots more 1, 2 and 3 > > values to compensate. Once you get up to 5 or so, the differences between > > the 2.53 and 2.54 are pretty minimal. > >Nice graphs. > >I have upgraded to 2.54 on my boxes, and also installed Razor2. If i have >time i will have an eye on DCC and Pyzor... Razor2 took up several hits >allready, so is looking like a quick win. I haven't tried Pyzor yet, but dcc is dead easy to install. Type "dcc" into Google, and click on the 2nd hit. Click on the version number at the top of the web page. Save that on your mail server. Unpack it and cd into it. ./configure make make install Edit /etc/MailScanner/spam.assassin.prefs.conf, remove the "DCC" line in there altogether and put in dcc_path /usr/local/bin/dccproc Then restart MailScanner. That's it. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Tue May 13 23:33:11 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.2.20030513232932.02cf1028@imap.ecs.soton.ac.uk> Message-ID: <000201c3199f$a4a706d0$6901a8c0@home.middlefinger.net> pyzor was a bit of a bitch to install on one of my machines. I finally figured out that my Python2.2.2 compile was crashing because X wasn't installed. After I did a minimal X installation via apt-get, it was easy. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Tuesday, May 13, 2003 5:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spamassassin 2.54 released > > > At 23:18 13/05/2003, you wrote: > >Hi! > > > > > >I am currently running roughly 60,000 messages through 2.54, and > > > >will then do 2.53, to see what the spam score distribution looks > > > >like. This will > > tell > > > >us if it will detect more spam, and whether you need to move your > > threshold > > > >score. Will post later when I have some results. > > > > > Attached is a gif of the distribution of spam scores you > get with my > > > 60,000 message test set. Basically it generates a lot less "<=0" > > > values and a lots more 1, 2 and 3 values to compensate. > Once you get > > > up to 5 or so, the differences between the 2.53 and 2.54 > are pretty > > > minimal. > > > >Nice graphs. > > > >I have upgraded to 2.54 on my boxes, and also installed Razor2. If i > >have time i will have an eye on DCC and Pyzor... Razor2 took > up several > >hits allready, so is looking like a quick win. > > I haven't tried Pyzor yet, but dcc is dead easy to install. > Type "dcc" into Google, and click on the 2nd hit. Click on > the version number at the top of the web page. Save that on > your mail server. Unpack it and cd into it. ./configure make > make install Edit /etc/MailScanner/spam.assassin.prefs.conf, > remove the "DCC" line in there altogether and put in dcc_path > /usr/local/bin/dccproc Then restart MailScanner. > > That's it. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From raymond at PROLOCATION.NET Tue May 13 23:49:14 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.2.20030513232932.02cf1028@imap.ecs.soton.ac.uk> Message-ID: Hi! > >I have upgraded to 2.54 on my boxes, and also installed Razor2. If i have > >time i will have an eye on DCC and Pyzor... Razor2 took up several hits > >allready, so is looking like a quick win. > I haven't tried Pyzor yet, but dcc is dead easy to install. > Type "dcc" into Google, and click on the 2nd hit. > Click on the version number at the top of the web page. > Save that on your mail server. Pyzor is EASY also. bunzip2 pyzor-*.tar.bz2 cd pyzor-* python setup.py build python setup.py install pyzor discover Ready. Bye, Raymond. From raymond at PROLOCATION.NET Tue May 13 23:50:52 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: <000201c3199f$a4a706d0$6901a8c0@home.middlefinger.net> Message-ID: Hi! > pyzor was a bit of a bitch to install on one of my machines. I finally figured > out that my Python2.2.2 compile was crashing because X wasn't installed. After > I did a minimal X installation via apt-get, it was easy. On the RH9 box i just installed it there were no problems at all. No X there either btw, install went very smooth. Bye, Raymond. From michele at BLACKNIGHTSOLUTIONS.COM Wed May 14 00:17:13 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: References: <000201c3199f$a4a706d0$6901a8c0@home.middlefinger.net> Message-ID: <5.2.1.1.0.20030514011640.03120a48@blacknightsolutions.com> How resource intensive is Pyzor? ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From raymond at PROLOCATION.NET Wed May 14 00:20:11 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.0.20030514011640.03120a48@blacknightsolutions.com> Message-ID: Hi! > How resource intensive is Pyzor? Its running under Python, not THAT intensive... About the same as razor2, my feeling is that Pyzor is slightly faster. The 'only' problem i have with it is that there is just _1_ server for it... Bye, Raymond. From gerry at DORFAM.CA Wed May 14 00:22:30 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: Message-ID: On Wed, 14 May 2003, Raymond Dijkxhoorn wrote: > > Nice graphs. > > I have upgraded to 2.54 on my boxes, and also installed Razor2. If i have > time i will have an eye on DCC and Pyzor... Razor2 took up several hits > allready, so is looking like a quick win. > > Bye, > Raymond. I get a lot of DCC hits and they usually add several points to the spam score. I haven't seen a single time when DCC had a false positive either. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From olympio.lista at PRATICA.COM.BR Wed May 14 00:21:07 2003 From: olympio.lista at PRATICA.COM.BR (=?iso-8859-1?Q?Olympio_Renn=F3?=) Date: Thu Jan 12 21:18:04 2006 Subject: Spam messages in digest mode Message-ID: <006001c319a6$55b38600$2445f6c8@pratica.com.br> Hi developer team, I use Mailscanner with Spamassassim, work fine, thanks mailscanner team. I have one suggestion if possible: The Mailscanner have options into Mailscanner.conf for spam :(deliver,delete,store,bounce,forward,striphtml) I like new option for store temporary message in the quarantine, same "store", but send to users, only one message for day, with all messages heads, in the digest mode. For see the specific message in the digest, the hyperlink, in head, redirect to message in html format, stored in the quarantine derectory. Thanks. Olympio Renn? www.pratica.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030513/c98f2302/attachment.html From mike at CAMAROSS.NET Wed May 14 00:27:04 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: Message-ID: <000001c319a7$2a3f7320$6901a8c0@home.middlefinger.net> All of mine are RHAS 2.1 > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn > Sent: Tuesday, May 13, 2003 5:51 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spamassassin 2.54 released > > > Hi! > > > pyzor was a bit of a bitch to install on one of my machines. I > > finally figured out that my Python2.2.2 compile was > crashing because X > > wasn't installed. After I did a minimal X installation via > apt-get, > > it was easy. > > On the RH9 box i just installed it there were no problems at > all. No X there either btw, install went very smooth. > > Bye, > Raymond. > From gerry at DORFAM.CA Wed May 14 02:29:12 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:04 2006 Subject: razor2 working? Message-ID: I just upgraded to 2.54 of spamassassin and was running through some testing to be sure everything was working. I can't seem to get razor2 operational. I checked my /root/.razor directory and all seems ok with the exception that razor-agent.log is over 10MB!! However, when I checked that file it looks like razor2 hasn't been working for the past couple of days. Running spamassassin -t -D < sample-spam.txt shows that razor2 is timing out. Is anyone else having trouble reaching the razor servers or is this something on my end? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mike at CAMAROSS.NET Wed May 14 02:50:39 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:04 2006 Subject: razor2 working? In-Reply-To: Message-ID: <000301c319bb$38af30d0$6901a8c0@home.middlefinger.net> You may need to run razor-admin -discover to refresh your server list. It may be that your list is out of date. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gerry Doris > Sent: Tuesday, May 13, 2003 8:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: razor2 working? > > > I just upgraded to 2.54 of spamassassin and was running > through some testing to be sure everything was working. > > I can't seem to get razor2 operational. I checked my > /root/.razor directory and all seems ok with the exception > that razor-agent.log is over 10MB!! However, when I checked > that file it looks like razor2 hasn't been working for the > past couple of days. Running > > spamassassin -t -D < sample-spam.txt > > shows that razor2 is timing out. Is anyone else having > trouble reaching the razor servers or is this something on my end? > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > From robbyv at DISASTER.COM Wed May 14 04:39:40 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:04 2006 Subject: solaris init.d In-Reply-To: <000001c3185e$c1b71720$fc32000a@4> Message-ID: <5.1.0.14.2.20030513233852.01fe9208@mailhost.disaster.com> Does anyone have a good sendmail+mailscanner init.d start/stop script for solaris? From gerry at DORFAM.CA Wed May 14 05:04:36 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:04 2006 Subject: razor2 working? In-Reply-To: <000301c319bb$38af30d0$6901a8c0@home.middlefinger.net> Message-ID: On Tue, 13 May 2003, Mike Kercher wrote: > You may need to run razor-admin -discover to refresh your server list. It may > be that your list is out of date. > > Mike It looks like my Net::DNS was corrupted somehow. It appears that razor stopped working a few days ago...about the time we had some severe thunderstorms that went through and knocked out the power. Everything seems to come back up ok...but maybe not??? I re-installed Net::DNS and all is working again. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From tom at TILMANT.COM Wed May 14 05:42:04 2003 From: tom at TILMANT.COM (=?iso-8859-1?B?VLI=?=) Date: Thu Jan 12 21:18:04 2006 Subject: RH9 Parser.pm error In-Reply-To: Message-ID: <000201c319d3$2de71a60$6eeb14ac@doublet> Ron, Thanks for the advice, it worked but I found problems with other programs which required Perl modules. I ended up removing the Perl 5.6 directory (A suggestion in the MS mail archives), left the 5.8 directory and reinstalled MS. I also had to reinstall other Perl modules again :-( I am just surprise that RH would not have handled this during the upgrade. Thanks again Ron and Julian for your help. Tom -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron Pool Sent: Tuesday, May 13, 2003 5:31 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: RH9 Parser.pm error I upgraded a RH7.3 box to RH9 this weekend, installed the new MailScanner, and ran into the exact same problem. To solve it, I installed MIME::Parser, not HTML::Parser, this way: perl -MCPAN -e shell o conf prerequisites_policy ask install MIME::Parser quit If I recall correctly, CPAN wanted to add a few prerequisites for MIME::Parser, so I let it. -- Ron -- Ron Pool Internet: amp1@cornell.edu Computer Services, NYSAES; Food Research Lab; West North St.; Geneva, NY 14456 On Mon, 12 May 2003, T? wrote: > perl -MCPAN -e shell > o conf prerequisites_policy ask > install HTML::Parser > quit > Julian, > > I followed your instructions below to manual install the HTML::Parser > and it was installed in the same directory as the upgraded RPM. I am > still getting the error. > > Tom > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, May 12, 2003 3:11 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: RH9 Parser.pm error > > At 09:53 12/05/2003, you wrote: > > >I have just upgraded from RH7.3 to RH9 and now receive the following > error > >when starting Mailscanner: > > Ah! There's your problem. Upgrading results in a load of Perl modules > being > installed in the wrong place, due to a new version of Perl in RH8 and 9. > > You can safely leave the RPM's in place, but use CPAN to install the > modules again. > perl -MCPAN -e shell > o conf prerequisites_policy ask > install HTML::Parser > quit > > > > > > > >[root@ns MailScanner-4.20-1]# /etc/init.d/MailScanner start > > > >Starting MailScanner daemons: > > > > incoming sendmail: [ OK ] > > > > outgoing sendmail: [ OK ] > > > > MailScanner: Can't locate MIME/Parser.pm in @INC (@INC > > contains: /usr/lib/MailScanner > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 > > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm > line 40. > > > >BEGIN failed--compilation aborted at > >/usr/lib/MailScanner/MailScanner/Message.pm line 40. > > > >Compilation failed in require at /usr/sbin/MailScanner line 48. > > > >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 48. > > > >[ OK ] > > > > > > > >I have checked and the RPM has been installed at > >/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/HTML/Parser.pm > . > >If I try to uninstall the rpm, it errors out with perl(HTML::Parser) is > >needed by (installed) perl-libwww-perl-5.65-6. I have checked the > >threads and it seems that others have it installed on RH9 and dont have > >the problem. I appreciate any help. > > > > > > > >Tom > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From email at ace.net.au Wed May 14 05:42:25 2003 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:18:04 2006 Subject: Bayes setup In-Reply-To: <5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com> References: <5.2.1.1.2.20030513121935.011afba8@mailhost.disaster.com> Message-ID: <200305141412250890.059F1996@smtp1.ace.net.au> On 13/05/2003 at 12:20 PM Rob V wrote: >Hows that a job for the MTA. I want to make it so only certain >users/domains can send mail to say spam@foo.com. >Thought that would be a rule in mailscanner somewhere. Just a thought, if you leave spam@foo.com open, if it gets spammed, then your system will auto-learn them :-) Peter From robbyv at DISASTER.COM Wed May 14 07:02:13 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin Message-ID: Is there anyway to have mailscanner look for a users spamassassin user_prefs file? basically I need to have peruser whitelists. Is there anyway to do this? From raymond at PROLOCATION.NET Wed May 14 07:24:20 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: razor2 working? In-Reply-To: Message-ID: Hi! > shows that razor2 is timing out. Is anyone else having trouble reaching > the razor servers or is this something on my end? Works fine here... May 14 08:13:31 vmx01 MailScanner[10506]: Message h4E6DNNH016206 from 12.142.66.116 (babybmoua@juno.com) to hicom.nl is spam, SpamAssassin (score=25.8, required 5, BANG_EXERCISE, BAYES_80, DATE_IN_PAST_03_06, FORGED_JUNO_RCVD, FORGED_MUA_OUTLOOK, HTML_20_30, IMPOTENCE, MIME_HTML_ONLY, MISSING_MIMEOLE, MONEY_BACK, NORMAL_HTTP_TO_IP, PENIS_ENLARGE, PENIS_ENLARGE2, PYZOR_CHECK, RAZOR2_CF_RANGE_91_100, RAZOR2_CHECK, REMOVE_PAGE, SOME_BREAKTHROUGH) Bye, Raymond. From mailscanner at BARENDSE.TO Wed May 14 07:46:34 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:04 2006 Subject: webmaster & postmaster mails? Message-ID: Is there anything in MailScanner that 'protects' mail to webmaster@ and postmaster@ ?? The linux box isn't storing any mail, it's simply forwarding it to an Exchange server. I have put any mails to these two addresses in the blacklist for immediate deletion but mail still gets delivered. The header does mention that the address is blacklisted (as it should), which is ok. The mail does not reach the Exchange server (because it is blacklisted???), this is ok too but.... mails pop up being delivered to the local postmaster on the linux box. The latter shouldn't happen as I have specified that mail for those addresses should be deleted. Is this a bug or feature? :) I know that normally you wouldn't want to send mail to webmaster or postmaster to /dev/null but I have never received even one legitimate e-mail on those addresses in 8 years! From raymond at PROLOCATION.NET Wed May 14 09:00:51 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.2.20030513232932.02cf1028@imap.ecs.soton.ac.uk> Message-ID: Hi! > >I have upgraded to 2.54 on my boxes, and also installed Razor2. If i have > >time i will have an eye on DCC and Pyzor... Razor2 took up several hits > >allready, so is looking like a quick win. > > I haven't tried Pyzor yet, but dcc is dead easy to install. > Type "dcc" into Google, and click on the 2nd hit. I have all three running now. Looking good. Razor2, Pyzor and DCC. All three were pretty easy to install also. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed May 14 10:11:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: webmaster & postmaster mails? In-Reply-To: Message-ID: <5.2.1.1.2.20030514101035.02496c58@imap.ecs.soton.ac.uk> At 07:46 14/05/2003, you wrote: >Is there anything in MailScanner that 'protects' mail to webmaster@ and >postmaster@ ?? No. > The linux box isn't storing any mail, it's simply >forwarding it to an Exchange server. > >I have put any mails to these two addresses in the blacklist for >immediate deletion but mail still gets delivered. > >The header does mention that the address is blacklisted (as it should), >which is ok. The mail does not reach the Exchange server (because it is >blacklisted???), this is ok too but.... mails pop up being delivered to >the local postmaster on the linux box. > >The latter shouldn't happen as I have specified that mail for those >addresses should be deleted. How have you implemented this? >Is this a bug or feature? :) Probably a feature :) >I know that normally you wouldn't want to send mail to webmaster or >postmaster to /dev/null but I have never received even one legitimate >e-mail on those addresses in 8 years! -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 14 10:10:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: spamassassin In-Reply-To: Message-ID: <5.2.1.1.2.20030514100821.02447950@imap.ecs.soton.ac.uk> At 07:02 14/05/2003, you wrote: >Is there anyway to have mailscanner look for a users spamassassin >user_prefs file? basically I need to have peruser whitelists. Is there >anyway to do this? Take a look in /usr/lib/MailScanner/MailScanner/CustomConfig.pm. There is a chunk of code which implements per-user and per-domain spam white/blacklists in there, which is dead easy to use. Just read the comments at the start of the per-domain white/blacklist code and it will tell you what you need to do. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From denis at IMSLTD.COM Wed May 14 10:27:07 2003 From: denis at IMSLTD.COM (Denis Croombs) Date: Thu Jan 12 21:18:04 2006 Subject: Ensim, Redhat 7.2 & Mailscanner and Spamassassin Message-ID: <00f501c319fb$00f4ba30$0e01a8c0@denisy2k.imsltd.com> Hi Has anyone any experience of using Mailscanner and Spamassassin on RedHat 7.2 Server with Ensim on multiple domains ? (good or bad) Thanks Denis From smhickel at CHARTERMI.NET Wed May 14 11:56:33 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:04 2006 Subject: razor2 working? In-Reply-To: Message-ID: I installed razor 2 and the non-SDK .gz failed to install and told me to install it manually. On another machine it worked fine. On the working-fine machine I couldn't figure out from the instructions how to turn it on in spamassassin or mailscanner. Steve On Wed, 14 May 2003, Gerry Doris wrote: > On Tue, 13 May 2003, Mike Kercher wrote: > > > You may need to run razor-admin -discover to refresh your server list. It may > > be that your list is out of date. > > > > Mike > > It looks like my Net::DNS was corrupted somehow. It appears that razor > stopped working a few days ago...about the time we had some severe > thunderstorms that went through and knocked out the power. Everything > seems to come back up ok...but maybe not??? > > I re-installed Net::DNS and all is working again. > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > From mailscanner at ecs.soton.ac.uk Wed May 14 12:01:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: razor2 working? In-Reply-To: References: Message-ID: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> If I remember rightly, SpamAssassin just "finds it" and starts using it. You should see mention of RAZOR in the spam reports, assuming you Log Spam = yes. At 11:56 14/05/2003, you wrote: >I installed razor 2 and the non-SDK .gz failed to install and told me to >install it manually. On another machine it worked fine. On the >working-fine machine I couldn't figure out from the instructions how to >turn it on in spamassassin or mailscanner. > >Steve > > >On Wed, 14 May 2003, Gerry Doris wrote: > > > On Tue, 13 May 2003, Mike Kercher wrote: > > > > > You may need to run razor-admin -discover to refresh your server > list. It may > > > be that your list is out of date. > > > > > > Mike > > > > It looks like my Net::DNS was corrupted somehow. It appears that razor > > stopped working a few days ago...about the time we had some severe > > thunderstorms that went through and knocked out the power. Everything > > seems to come back up ok...but maybe not??? > > > > I re-installed Net::DNS and all is working again. > > > > -- > > Gerry > > > > "The lyfe so short, the craft so long to learne" Chaucer > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at BARENDSE.TO Wed May 14 12:26:59 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:04 2006 Subject: webmaster & postmaster mails? In-Reply-To: <5.2.1.1.2.20030514101035.02496c58@imap.ecs.soton.ac.uk> Message-ID: :) This is in my MailScanner.conf (albeit in a rule file) Is Definitely Spam = To: webmaster@xxx.com yes Spam Actions = To: webmaster@xxx.com delete This works for e-mail to any e-mail address, (i have 30 entries or so) except for postmaster and webmaster. I have made sure that the default action line is the last line. On Wed, 14 May 2003, Julian Field wrote: > At 07:46 14/05/2003, you wrote: > >Is there anything in MailScanner that 'protects' mail to webmaster@ and > >postmaster@ ?? > > No. > > > The linux box isn't storing any mail, it's simply > >forwarding it to an Exchange server. > > > >I have put any mails to these two addresses in the blacklist for > >immediate deletion but mail still gets delivered. > > > >The header does mention that the address is blacklisted (as it should), > >which is ok. The mail does not reach the Exchange server (because it is > >blacklisted???), this is ok too but.... mails pop up being delivered to > >the local postmaster on the linux box. > > > >The latter shouldn't happen as I have specified that mail for those > >addresses should be deleted. > > How have you implemented this? > > >Is this a bug or feature? :) > > Probably a feature :) > > >I know that normally you wouldn't want to send mail to webmaster or > >postmaster to /dev/null but I have never received even one legitimate > >e-mail on those addresses in 8 years! > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From raymond at PROLOCATION.NET Wed May 14 12:55:14 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: mailscanner-mrtg In-Reply-To: <200305141349.11740.linux@mostert.nom.za> Message-ID: Hi! > built for i386-linux-thread-multi (output of perl -v) > I installed mailscanner-mrtg here but got no output I tryed running it > manually and this is what I got > [root@mailscanner MailScanner]# /usr/sbin/mailscanner-mrtg > Unknown 'strict' tag(s) '%Config $hostname $Total $Total2 $debug $cmd' at > /usr/sbin/mailscanner-mrtg line 30 > BEGIN failed--compilation aborted at /usr/sbin/mailscanner-mrtg line 30. > Any ideas ? You have to edit the script, its a little ugly script :)) There is a line that isnt needed, can look it up if needed. Bye, Raymond. From linux at mostert.nom.za Wed May 14 13:33:55 2003 From: linux at mostert.nom.za (Mozzi) Date: Thu Jan 12 21:18:04 2006 Subject: mailscanner-mrtg In-Reply-To: References: Message-ID: <200305141433.55610.linux@mostert.nom.za> On Wednesday 14 May 2003 13:55, you wrote: > Hi! > > > built for i386-linux-thread-multi (output of perl -v) > > I installed mailscanner-mrtg here but got no output I tryed running it > > manually and this is what I got > > [root@mailscanner MailScanner]# /usr/sbin/mailscanner-mrtg > > Unknown 'strict' tag(s) '%Config $hostname $Total $Total2 $debug $cmd' at > > /usr/sbin/mailscanner-mrtg line 30 > > BEGIN failed--compilation aborted at /usr/sbin/mailscanner-mrtg line 30. > > > > Any ideas ? > > You have to edit the script, its a little ugly script :)) > There is a line that isnt needed, can look it up if needed. Maybe you should I cannot see it > > Bye, > Raymond. From mike at CAMAROSS.NET Wed May 14 13:40:19 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:04 2006 Subject: razor2 working? In-Reply-To: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> Message-ID: <4afb01c31a15$fab61c20$6701a8c0@home.middlefinger.net> That is correct. SA finds and uses Razor, DCC and Pyzor automagically. I always reload MailScanner just for good measure after installation. Had to anyway after installing DCC due to config changes needed in MS. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 14, 2003 6:02 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: razor2 working? If I remember rightly, SpamAssassin just "finds it" and starts using it. You should see mention of RAZOR in the spam reports, assuming you Log Spam = yes. At 11:56 14/05/2003, you wrote: >I installed razor 2 and the non-SDK .gz failed to install and told me >to install it manually. On another machine it worked fine. On the >working-fine machine I couldn't figure out from the instructions how to >turn it on in spamassassin or mailscanner. > >Steve > > >On Wed, 14 May 2003, Gerry Doris wrote: > > > On Tue, 13 May 2003, Mike Kercher wrote: > > > > > You may need to run razor-admin -discover to refresh your server > list. It may > > > be that your list is out of date. > > > > > > Mike > > > > It looks like my Net::DNS was corrupted somehow. It appears that > > razor stopped working a few days ago...about the time we had some > > severe thunderstorms that went through and knocked out the power. > > Everything seems to come back up ok...but maybe not??? > > > > I re-installed Net::DNS and all is working again. > > > > -- > > Gerry > > > > "The lyfe so short, the craft so long to learne" Chaucer > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at DERRINGER.CO.UK Wed May 14 14:03:33 2003 From: mailscanner at DERRINGER.CO.UK (Michael Derringer) Date: Thu Jan 12 21:18:04 2006 Subject: Ensim, Redhat 7.2 & Mailscanner and Spamassassin In-Reply-To: <00f501c319fb$00f4ba30$0e01a8c0@denisy2k.imsltd.com> Message-ID: <000201c31a19$4b5879e0$54dc6f83@corpus.cam.ac.uk> > > Hi > > Has anyone any experience of using Mailscanner and > Spamassassin on RedHat 7.2 Server with Ensim on multiple > domains ? (good or bad) I am successfully using Mailscanner with Ensim on RedHat 7.2. Mailscanner functions on the initial sendmail for the server, before it is handed over to Ensim's virthostmail which then delivers to the domains, so all email can be scanned or by using rules in Mailscanner just one domain. Works fine on my system, but currently when users adjust aliases, Ensim restarts sendmail (not Mailscanner) causing a few problems. I am currently investigating the python scripts to fix this. Michael -- Michael John Derringer Corpus Christi College tel : (+44) 1223 525652 Cambridge CB2 1RH fax : (+44) 870 7059088 United Kingdom mobile : (+44) 7884 497174 From raymond at PROLOCATION.NET Wed May 14 14:08:03 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:04 2006 Subject: mailscanner-mrtg In-Reply-To: <200305141433.55610.linux@mostert.nom.za> Message-ID: Hi! > > > Unknown 'strict' tag(s) '%Config $hostname $Total $Total2 $debug $cmd' at > > > /usr/sbin/mailscanner-mrtg line 30 > > > BEGIN failed--compilation aborted at /usr/sbin/mailscanner-mrtg line 30. > > You have to edit the script, its a little ugly script :)) > > There is a line that isnt needed, can look it up if needed. > Maybe you should I cannot see it Try this one, workd for me on RH9. =) Bye, Raymond. -------------- next part -------------- #!/usr/bin/perl -w # mailscanner-mrtg - Extensive monitoring for MailScanner machines # Copyright (C) 2002 Dale Lovelace # With various bits shamelessly stolen from others # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if Queue Dir now not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # Ok, so this is not very good perl code. I'm not a perl coder! # Hell, I'm not ANY coder... Please Please make modifications # and send them back to me!!! # # Dale Lovelace # # RDL 11/15/2002 Comments to dlovelace@hotels.com # # All Your Base Are Belong To Us! # #use strict qw{%Config $hostname $Total $Total2 $debug $cmd}; use FileHandle; # Change this line if your config file is in a non-standard location! my($configfile) = "/etc/MailScanner/mailscanner-mrtg.conf"; my($hostname) = `hostname`; my($Total) = 0; my($Total2) = 0; my($debug) = 0; my($cmd) = shift; ReadConfFile(); my($UpTime) = GetUpTime(); if ($debug) { Debug ("Using Stuff!") } # You mean to tell me perl doesn't have a friggin' switch command???? if (defined($cmd)) { SWITCH: { if ($cmd eq "cpu") { Cpu(); last SWITCH; }; if ($cmd eq "inqueue") { InQueue(); last SWITCH; }; if ($cmd eq "iptraffic") { IpTraffic(); last SWITCH; }; if ($cmd eq "loadavg") { LoadAvg(); last SWITCH; }; if ($cmd eq "mail") { Mail(); last SWITCH; }; if ($cmd eq "mailbytes") { MailBytes(); last SWITCH; }; if ($cmd eq "mailscanner") { MailScanner(); last SWITCH; }; if ($cmd eq "memory") { Memory(); last SWITCH; }; if ($cmd eq "outqueue") { OutQueue(); last SWITCH; }; if ($cmd eq "rootusage") { RootUsage(); last SWITCH; }; if ($cmd eq "sendmail") { SendMail(); last SWITCH; }; if ($cmd eq "spam") { Spam(); last SWITCH; }; if ($cmd eq "spoolusage") { SpoolUsage(); last SWITCH; }; if ($cmd eq "virus") { Virus(); last SWITCH; } print"\n"; print "ERROR: Unknown command-line option $cmd\n"; Usage(); } } else { Usage(); } if ($debug) { Debug("Non-Debug Program Output Begins Here"); } print "$Total\n"; print "$Total2\n"; print "$UpTime\n"; print "MailScanner at $hostname\n"; sub Cpu { if ($debug) { Debug("Beginning sub Cpu") } my($getcpu); if ($Config{"sarbinary"}) { $getcpu= `$Config{"sarbinary"} -u 1 5 | grep Average`; $getcpu=~ /^Average:\s+all\s+(\d+)\.(\d+)\s+\d+\.\d+\s+(\d+)\.(\d+)\s+\d+\.\d+/; # We output the total of User + System CPU Utilization $Total= $1 + $3; # We want to output a whole number, so round up if the decimal is > .50 if (($2 + $4) > 50) { $Total ++; } if ($debug) { Debug("getcpu", $getcpu); Debug("User CPU Percentage", $1); Debug("User CPU Fraction", $2); Debug("System CPU Percentage", $3); Debug("System CPU Fraction", $4); Debug("Total", $Total); } } else { die "ERROR: Sar Binary not specified in $configfile\n"; } if ($debug) { Debug("Leaving sub Cpu") } } sub Debug { print "DEBUG : " . $_[0]; print " = " . $_[1] if ($_[1]); print "\n"; } sub FixMonth { if ($debug) { Debug("Beginning sub FixMonth") } my($month) = shift; if ($debug) { Debug("month before fixing", $month) } SWITCH: { if ($month eq "0") { $month = "Jan"; last SWITCH; } if ($month eq "1") { $month = "Feb"; last SWITCH; } if ($month eq "2") { $month = "Mar"; last SWITCH; } if ($month eq "3") { $month = "Apr"; last SWITCH; } if ($month eq "4") { $month = "May"; last SWITCH; } if ($month eq "5") { $month = "Jun"; last SWITCH; } if ($month eq "6") { $month = "Jul"; last SWITCH; } if ($month eq "7") { $month = "Aug"; last SWITCH; } if ($month eq "8") { $month = "Sep"; last SWITCH; } if ($month eq "9") { $month = "Oct"; last SWITCH; } if ($month eq "10") { $month = "Nov"; last SWITCH; } if ($month eq "11") { $month = "Dec"; last SWITCH; } $month = "BAD"; } if ($debug) { Debug("month after fixing", $month) } if ($debug) { Debug("Leaving sub FixMonth") } return $month } sub GetUpTime { if ($debug) { Debug("Starting sub GetUpTime") } my($getuptime); # Thanks to Kris Stumpner for this new and improved GetUpTime! # If your box is up less than 1 day the first regex will hit. # The second hits for uptime > 1 day! if ($Config{"uptimecommand"}) { $getuptime = `$Config{"uptimecommand"}`; if ($debug) { Debug("getuptime", $getuptime) } if ($getuptime =~ /^\s+\d+:\d+.+\s+up\s+(\d+:\d+.+),/) { return $1; } elsif ($getuptime =~ /^\s+\d+:\d+.+\s+up\s+(\d+)\s+(\w+),/) { return $1 . " " . $2; } else { return "UpTime can not be computed"; } } else { die "ERROR: UpTime Command not specified in $configfile\n"; } if ($debug) { Debug("Leaving sub GetUpTime") } } sub IpTraffic { if ($debug) { Debug("Beginning sub IpTraffic") } my($iptraffic, @iptraffic, $ethdev, $bytesIN, $bytesOUT); if ($Config{"sarbinary"}) { $iptraffic=`$Config{"sarbinary"} -n DEV 1 5`; @iptraffic=split /\n/, $iptraffic; foreach $line (@iptraffic) { if ($line =~ /Average:\s+eth\d\s+/) { $line =~ /Average:\s+eth(\d)\s+\d+\.\d+\s+\d+\.\d+\s+(\d+)\.\d+\s+(\d+)\.\d+.+/; $ethdev = $1; $bytesIN = $2; $bytesOUT = $3; if ($debug) { Debug("line", $line); Debug("Ethernet Device", "eth" . $ethdev); Debug("bytesIN", $bytesIN); Debug("bytesOUT", $bytesOUT); } $Total += $bytesIN; $Total2 += $bytesOUT; } } } else { die "ERROR: Sar Binary not specified in $configfile\n"; } if ($debug) { Debug("Total", $Total); Debug("Total2", $Total2); Debug("Leaving sub IpTraffic"); } } sub InQueue { if ($debug) { Debug("Beginning sub InQueue") } if ($Config{"incomingqueuedir"}) { use File::Find; if ($debug) { Debug ("use File::Find", "True") } find(\&Wanted, $Config{"incomingqueuedir"}); # File::Find counts the directory name as a file... Shrug... $Total--; } else { die "ERROR: Incoming Queue Dir not specified in $configfile\n"; } if ($debug) { Debug("Total", $Total); Debug("Leaving sub InQueue"); } } sub LoadAvg { if ($debug) { Debug("Beginning sub LoadAvg") } my($loadavg, @loadavg, $l); if ($Config{"sarbinary"}) { $loadavg = `$Config{"sarbinary"} -q 1 5`; if ($debug) { Debug("loadavg", $loadavg) } @loadavg = split /\n/, $loadavg; foreach $line (@loadavg) { if ($line =~ /Average:/) { $line =~ /Average:\s+\d+\s+\d+\s+(\d+)\.(\d+)\s+\d+\.\d+.+/; if ($debug) { Debug("line", $line); Debug("Load Average Real", $1); Debug("Load Average Decimal", $2); } $Total = $1; if ($2 gt 50) { $Total++ } } } } else { die "ERROR: Sar Binary not specified in $configfile\n"; } if ($debug) { Debug("Total", $Total); Debug("Leaving sub LoadAvg"); } } sub Mail { if ($debug) { Debug("Beginning sub Mail") } my($sec,$hour,$mday,$mon,$year,$wday,$yday,$isdst,$month); if ($Config{"parseentiremaillog"} eq "yes") { if ($debug) { Debug("Parse Entire Mail Log", "yes") } } else { if ($debug) { Debug("Parse Entire Mail Log", "no") } ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $month = FixMonth($mon); if ($debug) { Debug("sec", $sec); Debug("min", $min); Debug("hour", $hour); Debug("mday", $mday); Debug("mon", $mon); Debug("year", $year); Debug("wday", $wday); Debug("yday", $yday); Debug("isdst", $isdst); Debug("month", $month); } } open(LOG, $Config{"maillog"}) or (die "Cannot access maillog $Config{'maillog'} $!"); while() { chomp; if ($Config{"parseentiremaillog"} eq "yes") { if (/sendmail\[\d+\]/i) { $Total += $1 if /nrcpts=(\d+),/i; } } else { if (/$month\s+$mday.+/) { if (/sendmail\[\d+\]/i) { $Total += $1 if /nrcpts=(\d+),/i; } } } next; } close LOG; if ($debug) { Debug("Total", $Total); Debug("Leaving sub Mail"); } } sub MailBytes { if ($debug) { Debug("Beginning sub MailBytes") } my($sec,$hour,$mday,$mon,$year,$wday,$yday,$isdst,$month); if ($Config{"parseentiremaillog"} eq "yes") { if ($debug) { Debug("Parse Entire Mail Log", "yes") } } else { if ($debug) { Debug("Parse Entire Mail Log", "no") } ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $month = FixMonth($mon); if ($debug) { Debug("sec", $sec); Debug("min", $min); Debug("hour", $hour); Debug("mday", $mday); Debug("mon", $mon); Debug("year", $year); Debug("wday", $wday); Debug("yday", $yday); Debug("isdst", $isdst); Debug("month", $month); } } sub BytesFromSendmail { if (/.+sendmail\[\d+\]:\s+\w+:\s+from=\S+,\s+size=(\d+),.+/i) { return $1; } else { return 0; } } sub BytesFromMailScanner { if (/.+MailScanner\[\d+\]:\s+New\s+Batch:\s+Scanning\s+\d+\s+Messages,\s+(\d+)\s+bytes.+/) { return $1; } else { return 0; } } open(LOG, $Config{"maillog"}) or (die "Cannot access maillog $Config{'maillog'} $!"); while() { chomp; if ($Config{"parseentiremaillog"} eq "yes") { if (lc($Config{"calculatemailbytes"}) eq "sendmail") { $Total += &BytesFromSendmail($_); } elsif (lc($Config{"calculatemailbytes"}) eq "mailscanner") { $Total += &BytesFromMailScanner($_); } else { die "ERROR: Calculate Mail Bytes value not specified in $configfile"; } } else { if (/$month\s+$mday.+/) { if (lc($Config{"calculatemailbytes"}) eq "sendmail") { $Total += &BytesFromSendmail($_); } elsif (lc($Config{"calculatemailbytes"}) eq "mailscanner") { $Total += &BytesFromMailScanner($_); } else { die "ERROR: Calculate Mail Bytes value not specified in $configfile"; } } } next; } close LOG; if ($debug) { Debug("Total", $Total); Debug("Leaving sub Mail"); } } sub MailScanner { if ($debug) { Debug("Beginning sub MailScanner") } @ps = `ps ax`; foreach $p (@ps) { if ($p =~ /MailScanner/) { $Total ++ } } if ($debug) { Debug("Restart Threshhold", $Config{"restartthreshhold"}) } if ($Config{"restartthreshhold"}) { if ($Total < $Config{"restartthreshhold"}) { if ($debug) { Debug("Restarting MailScanner") } `$Config{"restartmailscanner"}`; } } if ($debug) { Debug("Total", $Total); Debug("Leaving sub MailScanner"); } } sub Memory { if ($debug) { Debug("Beginning sub Memory") } my($meminfo, @meminfo); if ($Config{"sarbinary"}) { $meminfo = `$Config{"sarbinary"} -r 1 5`; if($debug) { Debug("meminfo", $meminfo) } @meminfo = split /\n/, $meminfo; foreach $line (@meminfo) { if ($line =~ /^Average:/) { $line =~ /Average:\s+(\d+)\s+(\d+)\s+(\d+)\.(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\.(\d+).+/; $kbmemfree = $1; $kbmemused = $2; $percentmemusedReal = $3; $percentmemusedDecimal = $4; $kbmemshrd = $5; $kbbuffers = $6; $kbcached = $7; $kbswpfree = $8; $kbswpused = $9; $percentswpusedReal = $10; $percentswpusedDecimal = $11; if ($debug) { Debug("line", $line); Debug("kbmemfree", $kbmemfree); Debug("kbmemused", $kbmemused); Debug("percentmemusedReal", $percentmemusedReal); Debug("percentmemusedDecimal", $percentmemusedDecimal); Debug("kbmemshrd", $kbmemshrd); Debug("kbbuffers", $kbbuffers); Debug("kbcached", $kbcached); Debug("kbswpfree", $kbswpfree); Debug("kbswpused", $kbswpused); Debug("percentswpusedReal", $percentswpusedReal); Debug("percentswpusedDecimal", $percentswpusedDecimal); } # Total used memory $Total = $kbmemused; # Total memory -actually- in use $Total2 = $Total-$kbmemshrd-$kbbuffers-$kbcached; # I want the output in MegaBytes! $Total = int($Total / 1000); $Total2 = int($Total2 / 1000); } } } else { die "ERROR: Sar Binary not specified in $configfile\n"; } if ($debug) { Debug("Total", $Total); Debug("Total2", $Total2); Debug("Leaving sub Memory"); } } sub OutQueue { if ($debug) { Debug("Beginning sub OutQueue") } if ($Config{"outgoingqueuedir"}) { use File::Find; if ($debug) { Debug ("use File::Find", "True") } find(\&Wanted, $Config{"outgoingqueuedir"}); # File::Find counts the directory name as a file... Shrug... $Total--; } else { die "ERROR: Outgoing Queue Dir not specified in $configfile\n"; } if ($debug) { Debug("Total", $Total); Debug("Leaving sub OutQueue"); } } sub RootUsage { if ($debug) { Debug("Beginning sub RootUsage") } $_ = `df -k / | grep -v "Filesystem"`; ($device, $size, $used, $free, $Total, $mount) = split(/\s+/); chop($Total); if ($debug) { Debug("device", $device); Debug("size", $size); Debug("used", $used); Debug("free", $free); Debug("mount", $mount); Debug("Total (percent)", $Total); Debug("Leaving sub RootUsage"); } } sub SendMail { if ($debug) { Debug("Beginning sub SendMail") } @ps = `ps ax`; foreach $p (@ps) { if ($p =~ /sendmail:/) { $Total ++; } } if ($debug) { Debug("Total", $Total); Debug("Leaving sub SendMail"); } } sub Spam { if ($debug) { Debug("Beginning sub Spam") } my($sec,$hour,$mday,$mon,$year,$wday,$yday,$isdst,$month); my($spam) = 0; my($blocked) = 0; if ($Config{"parseentirespamlog"} eq "yes") { if ($debug) { Debug("Parse Entire Spam Log", "yes") } } else { if ($debug) { Debug("Parse Entire Spam Log", "no") } ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $month = FixMonth($mon); if ($debug) { Debug("sec", $sec); Debug("min", $min); Debug("hour", $hour); Debug("mday", $mday); Debug("mon", $mon); Debug("year", $year); Debug("wday", $wday); Debug("yday", $yday); Debug("isdst", $isdst); Debug("month", $month); } } open(LOG, $Config{"spamlog"}) or (warn("Cannot access file $Config{'spamlog'}"), next); while() { chomp; if ($Config{"parseentirespamlog"} eq "yes") { if (/MailScanner\[\d+\]/i) { if (/Spam Checks: Found (\d+) spam messages/i) { $spam += $1 } } elsif (/sendmail\[\d+\]/i) { if (/reject=55\d/i) { $blocked ++ } } } else { if (/$month\s+$mday/) { if (/MailScanner\[\d+\]/i) { if (/Spam Checks: Found (\d+) spam messages/i) { $spam += $1 } } elsif (/sendmail\[\d+\]/i) { if (/reject=55\d/i) { $blocked ++ } } } } next; } close LOG; # Ok. $blocked = the number of mails Sendmail rejected with a 550 # error code. This is the error code you should use to reject domains, # senders, receivers etc. you have problems with. We want the total # to be everything MailScanner & SpamAssassin caught ($spam) plus # everything rejected by sendmail with a 550 ($blocked) so the total # that shows up on mrtg will be all mails blocked, stopped, rejected # et. al. The mails that were blocked by a sendmail with a 550 will # then show up as the red line on the graph. $Total = $spam + $blocked; $Total2 = $blocked; if ($debug) { Debug("Total", $Total); Debug("Total2", $Total2); Debug("Leaving sub Spam"); } } sub SpoolUsage { if ($debug) { Debug("Beginning sub Spoolusage") } $_ = `df -k /var/spool | grep -v "Filesystem"`; ($device, $size, $used, $free, $Total, $mount) = split(/\s+/); chop($Total); if ($debug) { Debug("device", $device); Debug("size", $size); Debug("used", $used); Debug("free", $free); Debug("mount", $mount); Debug("Total (percent)", $Total); Debug("Leaving sub SpoolUsage"); } } sub Usage { print "\n"; print "USAGE:\n"; print $0 . " option\n"; print "Where option is one of the following:\n"; print "\n"; print "cpu : returns the cpu utilization percentage\n"; print "iptraffic : returns the amount of ip traffic on all ethernet device\n"; print "inqueue : returns the number of files in the incoming mail queue\n"; print "loadavg : returns the current load average\n"; print "mail : returns the amount of mail relayed today\n"; print "mailbytes : returns the bytes of mail relayed today\n"; print "mailscanner : returns the number of copies of mailscanner running\n"; print "memory : returns the amount of ram being used\n"; print "outqueue : returns the number of files in the outgoing mail queue\n"; print "rootusage : returns the percent of disk space available in \\ \n"; print "sendmail : returns the number of copies of sendmail running\n"; print "spam : returns the number of mails marked as spam today\n"; print "spoolusage : returns the percent of disk space available in \\var\\spool \n"; print "virus : returns the number of virus' caught today\n"; print "\n"; exit(1); } sub Virus { if ($debug) { Debug("Beginning sub Virus") } my($sec,$hour,$mday,$mon,$year,$wday,$yday,$isdst,$month); if ($Config{"parseentireviruslog"} eq "yes") { if ($debug) { Debug("Parse Entire Virus Log", "yes") } } else { if ($debug) { Debug("Parse Entire Virus Log", "no") } ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $month = FixMonth($mon); if ($debug) { Debug("sec", $sec); Debug("min", $min); Debug("hour", $hour); Debug("mday", $mday); Debug("mon", $mon); Debug("year", $year); Debug("wday", $wday); Debug("yday", $yday); Debug("isdst", $isdst); Debug("month", $month); } } open(LOG, $Config{"viruslog"}) or (warn("Cannot access viruslog skipping, $!"), next); while() { chomp; if ($Config{"parseentireviruslog"} eq "yes") { if (/MailScanner\[\d+\]/i) { $Total += $1 if /Found (\d+) viruses/i; } } else { if (/$month\s+$mday.+/) { if (/MailScanner\[\d+\]/i) { $Total += $1 if /Found (\d+) viruses/i; } } } next; } close LOG; if ($debug) { Debug("Total", $Total); Debug("Leaving sub Virus"); } } sub Wanted { $Total ++; } # # Read the configuration file. Borrowed from MailScanner :-) # These 3 subs are copyright Julian Field. Released under the GPL. # sub ItoE { my($val) = @_; lc($ItoE{$val}) or lc($val); } sub EtoI { my($val) = @_; lc($EtoI{$val}) or lc($val); } sub ReadConfFile { if ($debug) { Debug("Beginning sub ReadConfFile") ; Debug("configfile", $configfile); } # Slurp the whole file into a big hash. # Don't Complain if we see the same keyword more than once. my($fileh, $linecounter, $key, $value); $fileh = new FileHandle; $fileh->open($configfile) or die "Could not read configuration file " . $configfile . " " . $!; $linecounter = 0; while(<$fileh>) { $linecounter++; chomp; s/#.*$//; s/^\s+//; s/\s+$//; next if /^$/; $key = undef; $value = undef; /^(.*?)\s*=\s*(.*)$/; ($key,$value) = ($1,$2); $key = lc($key); $key =~ s/[^a-z0-9]//g; # Leave numbers and letters only # Translate the value to the internal (shorter) version of it $key = EtoI($key); $Config{$key} = $value; if ($debug) { Debug($key, $value) } # Not sure what this next line was for... # $LineNos doesn't show up anywhere else... #$LineNos{$key} = $linecounter; # Save where the value was stored } $fileh->close(); if ($debug) { Debug("Leaving sub ReadConfFile") } } 1; From henker at SHCOM.US Wed May 14 14:12:59 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:04 2006 Subject: Ensim, Redhat 7.2 & Mailscanner and Spamassassin In-Reply-To: <000201c31a19$4b5879e0$54dc6f83@corpus.cam.ac.uk> References: <000201c31a19$4b5879e0$54dc6f83@corpus.cam.ac.uk> Message-ID: On Wed, 14 May 2003, Michael Derringer wrote: > Works fine on my system, but currently when users adjust aliases, Ensim > restarts sendmail (not Mailscanner) causing a few problems. I am currently > investigating the python scripts to fix this. My way to circumvent that was: a) copy the parts from the existing /etc/init.d/sendmail to /etc/init.d/MailScanner that are required to build virtmail hashs and stuff added by Ensim b) cd /etc/init.d; mv sendmail sendmail.orig c) ln -s sendmail MailScanner Now everytime sendmail is restarted by any process, you basically restart MailScanner. Regards, Steffan From jaearick at COLBY.EDU Wed May 14 14:35:33 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:04 2006 Subject: solaris init.d In-Reply-To: <5.1.0.14.2.20030513233852.01fe9208@mailhost.disaster.com> References: <5.1.0.14.2.20030513233852.01fe9208@mailhost.disaster.com> Message-ID: IMHO, there should be two different init scripts for these: one for sendmail (Sun's script works fine for public-domain sendmail too), and one for MailScanner. Combining the scripts breaks the UNIX philosophy of "a command does one job well, not a lot of jobs poorly". --- Jeff Earickson On Tue, 13 May 2003, Rob V wrote: > Date: Tue, 13 May 2003 23:39:40 -0400 > From: Rob V > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: solaris init.d > > Does anyone have a good sendmail+mailscanner init.d start/stop script for > solaris? > From t.d.lee at DURHAM.AC.UK Wed May 14 15:04:15 2003 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:18:04 2006 Subject: solaris init.d In-Reply-To: <5.1.0.14.2.20030513233852.01fe9208@mailhost.disaster.com> References: <5.1.0.14.2.20030513233852.01fe9208@mailhost.disaster.com> Message-ID: On Tue, 13 May 2003, Rob V wrote: > Does anyone have a good sendmail+mailscanner init.d start/stop script for > solaris? Alas, it is somewhat less straightforward than that. Solaris' own sendmail "init.d" and its attendant "/etc/default/sendmail" change from release to release (e.g. from Solaris 8 to Solaris 9). So it is better to edit what they give you on that machine, rather than import a complete, but probably wrong and potentially harmful, script from a repository. Now what MIGHT be worth exploring is whether the MailScanner distribution could include a little Solaris script that would determine the Solaris release and attempt to apply a relevant patch/diff to the "init.d" for that particular release. Naturally, a similar model might be applicable to the various releases of other OSes. This might well be a job for the new "autoconf"-based stuff being planned for MailScanner. (Yes, I'm aware that, in general, autoconf should, in general, be programmed for features, not OSes, but this might be a valid exception.) (Note to Julian: You may recall that I contributed some autoconf stuff to MailScanner several months ago. If you wish to explore the OS-dependent patching of "init.d" scripts, and to do so in an autoconf-driven way, then I'll be happy to exchange ideas with you.) -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : From dgeorgiades at POWERENG.COM Wed May 14 15:56:05 2003 From: dgeorgiades at POWERENG.COM (Derrick Georgiades) Date: Thu Jan 12 21:18:04 2006 Subject: solaris init.d Message-ID: I use these two on Solaris 9 on sparc. Derrick Georgiades POWER Engineers, Inc. -----Original Message----- From: David Lee [mailto:t.d.lee@DURHAM.AC.UK] Sent: Wednesday, May 14, 2003 8:04 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: solaris init.d On Tue, 13 May 2003, Rob V wrote: > Does anyone have a good sendmail+mailscanner init.d start/stop script for > solaris? Alas, it is somewhat less straightforward than that. Solaris' own sendmail "init.d" and its attendant "/etc/default/sendmail" change from release to release (e.g. from Solaris 8 to Solaris 9). So it is better to edit what they give you on that machine, rather than import a complete, but probably wrong and potentially harmful, script from a repository. Now what MIGHT be worth exploring is whether the MailScanner distribution could include a little Solaris script that would determine the Solaris release and attempt to apply a relevant patch/diff to the "init.d" for that particular release. Naturally, a similar model might be applicable to the various releases of other OSes. This might well be a job for the new "autoconf"-based stuff being planned for MailScanner. (Yes, I'm aware that, in general, autoconf should, in general, be programmed for features, not OSes, but this might be a valid exception.) (Note to Julian: You may recall that I contributed some autoconf stuff to MailScanner several months ago. If you wish to explore the OS-dependent patching of "init.d" scripts, and to do so in an autoconf-driven way, then I'll be happy to exchange ideas with you.) -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------- next part -------------- #!/sbin/sh # # process=MailScanner virusdir="/opt/MailScanner/bin" config="/opt/MailScanner/etc/MailScanner.conf" SERVER_PID_FILE="/queue/MailScanner/var/MailScanner.pid" PID_CHECK=`/usr/bin/ps -e -o pid -o args | /usr/bin/fgrep $virusdir/$process | /usr/bin/grep -v grep | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` case "$1" in 'start') if [ "$PID_CHECK" = "" ]; then PATH=${virusdir}:$PATH echo Starting virus scanner... $process $config else echo Running with pid $PID_CHECK fi ;; 'stop') [ -f $SERVER_PID_FILE ] && kill `head -1 $SERVER_PID_FILE` /usr/bin/pkill -x MailScanner ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 -------------- next part -------------- #!/sbin/sh # #ident "@(#)sendmail 1.19 01/12/05 SMI" ERRMSG1='WARNING: /var/mail is NFS-mounted without setting actimeo=0,' ERRMSG2='this can cause mailbox locking and access problems.' SERVER_PID_FILE="/var/run/sendmail.pid" CLIENT_PID_FILE="/queue/sendmailqueue.pid" DEFAULT_FILE="/etc/default/sendmail" ALIASES_FILE="/etc/mail/aliases" check_queue_interval_syntax() { default="15m" if [ $# -lt 1 ]; then answer=$default return fi if echo $1 | egrep '^([0-9]*[1-9][0-9]*[smhdw])+$' >/dev/null 2>&1; then answer=$1 else answer=$default fi } case "$1" in 'start') if [ -f /usr/lib/sendmail -a -f /etc/mail/sendmail.cf ]; then if [ ! -d /queue/mqueue ]; then /usr/bin/mkdir -m 0750 /queue/mqueue /usr/bin/chown root:bin /queue/mqueue fi if [ ! -f $ALIASES_FILE.db ] && [ ! -f $ALIASES_FILE.dir ] \ && [ ! -f $ALIASES_FILE.pag ]; then /usr/sbin/newaliases fi MODE="-bd" OPTIONS="-ODeliveryMode=queueonly -OQueueDirectory=/queue/mqueue .in" [ -f $DEFAULT_FILE ] && . $DEFAULT_FILE # # * MODE should be "-bd" or null (MODE= or MODE="") or # left alone. Anything else and you're on your own. # * QUEUEOPTION should be "p" or null (as above). # * [CLIENT]QUEUEINTERVAL should be set to some legal value; # sanity checks are done below. # * [CLIENT]OPTIONS are catch-alls; set with care. # if [ -n "$QUEUEOPTION" -a "$QUEUEOPTION" != "p" ]; then QUEUEOPTION="" fi if [ -z "$QUEUEOPTION" -o -n "$QUEUEINTERVAL" ]; then check_queue_interval_syntax $QUEUEINTERVAL QUEUEINTERVAL=$answer fi check_queue_interval_syntax $CLIENTQUEUEINTERVAL CLIENTQUEUEINTERVAL=$answer /usr/lib/sendmail $MODE $OPTIONS & /usr/lib/sendmail -q$QUEUEINTERVAL $CLIENTOPTIONS -OPidFile=$CLI ENT_PID_FILE & # # ETRN_HOSTS should be of the form # "s1:c1.1,c1.2 s2:c2.1 s3:c3.1,c3.2,c3.3" # i.e., white-space separated groups of server:client where # client can be one or more comma-separated names; N.B. that # the :client part is optional; see etrn(1M) for details. # server is the name of the server to prod; a mail queue run # is requested for each client name. This is comparable to # running "/usr/lib/sendmail -qRclient" on the host server. # # See RFC 1985 for more information. # for i in $ETRN_HOSTS; do SERVER=`echo $i | /usr/bin/sed -e 's/:.*$//'` CLIENTS=`echo $i | /usr/bin/sed -n -e 's/,/ /g' \ -e '/:/s/^.*://p'` /usr/sbin/etrn $SERVER $CLIENTS >/dev/null 2>&1 & done fi if /usr/bin/nawk 'BEGIN{s = 1} $2 == "/var/mail" && $3 == "nfs" && $4 !~ /actimeo=0/ && $4 !~ /noac/{s = 0} END{exit s}' /etc/mnttab; then /usr/bin/logger -p mail.crit "$ERRMSG1" /usr/bin/logger -p mail.crit "$ERRMSG2" fi ;; 'stop') [ -f $SERVER_PID_FILE ] && kill `head -1 $SERVER_PID_FILE` if [ -f $CLIENT_PID_FILE ]; then kill `head -1 $CLIENT_PID_FILE` rm -f $CLIENT_PID_FILE fi /usr/bin/pkill -x -u 0 sendmail ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 From adkinss at OHIO.EDU Wed May 14 16:18:42 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:18:04 2006 Subject: Queston... WAS Re: razor2 working? In-Reply-To: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> Message-ID: <1717087190.1052911122@Callisto> --On Wednesday, May 14, 2003 12:01 PM +0100 Julian Field wrote: > If I remember rightly, SpamAssassin just "finds it" and starts using it. > You should see mention of RAZOR in the spam reports, assuming you Log Spam > = yes. This brings up a nagging question that I have... If my memory serves me right, I just install the perl modules associated with some of the RBLs, such as Razor or Razor2, and Spam Assassin just simply starts using it. Is there any more controls than that? For instance, what if I have it installed but don't want it to be used at that moment, or simply disable it for a period of time? Is there a way to do that in Spam Assassin? Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030514/c1b55596/attachment.bin From jaearick at COLBY.EDU Wed May 14 16:45:34 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:04 2006 Subject: Feature Request: Multiple Levels of Actions In-Reply-To: <5.2.1.1.2.20030513230948.0333bc28@imap.ecs.soton.ac.uk> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> <5.2.1.1.2.20030513230948.0333bc28@imap.ecs.soton.ac.uk> Message-ID: Julian, Ahh the wonders of perl... This looks great on paper but didn't seem to work, hmmm. After making the twiddles to MailScanner.conf and CustomConfig.pm (I put the routine below at the bottom of the file, before the ending 1;), I stopped and restarted MailScanner. The syslog said: May 14 11:10:51 emerald MailScanner[3380]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 14 11:10:52 emerald MailScanner[3380]: Config: calling custom init function HighScoringSpamActions May 14 11:11:01 emerald MailScanner[3412]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 14 11:11:02 emerald MailScanner[3412]: Config: calling custom init function HighScoringSpamActions May 14 11:11:11 emerald MailScanner[3430]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 14 11:11:12 emerald MailScanner[3430]: Config: calling custom init function HighScoringSpamActions (repeat...) and the system load dropped of towards zero. Not a good sign -- I hope MailScanner wasn't busy deleting email. Ugh. I changed High Scoring Spam Actions back to the previous version and restarted again. --- Jeff On Tue, 13 May 2003, Julian Field wrote: > Date: Tue, 13 May 2003 23:20:54 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Feature Request: Multiple Levels of Actions > > Implementing a file like you suggest is not necessarily very easy. As soon > as I do that, someone will want the ranges to be allowed to overlap, adding > the list of actions as appropriate (and what happens when they clash?). > Then you will need to be able to set this per user or per domain, so it has > to be setup from another ruleset. > > So it's quite a bit of work, and I don't think it's necessary. > Read on... > > This can already be very easily done with a small Custom Function. > In MailScanner.conf set > Required SpamAssassin Score = 4 > Spam Subject Text = {Spam?} > Spam Actions = deliver > High Scoring SpamAssassin Score = 9 > High Scoring Spam Subject Text = {HIGH SPAM} > High Scoring Spam Actions = &HighScoringSpamActions > > Then in CustomConfig.pm > > sub HighScoringSpamActions { > my($message) = @_; > > my $score = $message->{sascore}; # Field names at top of Message.pm > > return 'forward jaearick@colby.edu' if $score<=12; > return 'delete'; > } > > There, that wasn't too painful was it? > > > At 20:35 13/05/2003, you wrote: > >Julian, > > > >I would sure use this setup too. I would use it as: > > > > #---deliver (hopefully) non-spam, less than 4 > > <4 deliver > > > > #---deliver maybe-spam, range 4-9 > > 4 modify "{Spam?}", deliver > > > > #---let my procmail rules trap probable spam, range 9-12 > > 9 modify "{HIGH SPAM}", forward jaearick@colby.edu > > > > #---certain spam, delete it, range > 12 > > >12 delete > > > >Tis a great suggestion... > > > >--- Jeff Earickson > > > >On Tue, 13 May 2003, Derek Winkler wrote: > > > > > Date: Tue, 13 May 2003 12:45:05 -0400 > > > From: Derek Winkler > > > Reply-To: MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Feature Request: Multiple Levels of Actions > > > > > > > > > Feature request: > > > > > > I'd like to have another level of spam actions but instead of creating > > > Mid-scoring spam config options why not create something like the rule > > > files... > > > > > > Spam Actions = /opt/MailScanner/etc/rules/spam.actions.rules > > > > > > spam.actions.rules would contain something like: > > > > > > 9 modify "{Spam?}", deliver > > > 15 modify "{Spam?}", striphtml, deliver > > > max delete > > > > > > with the first line applying to mails which score 9 or below, the second to > > > >9 <=15, and the last for anything >15. You could have as many or few as > > > needed. > > > > > > This would eliminate the need for the following config options: > > > > > > Spam Modify Subject > > > Spam Subject Text > > > High Scoring Spam Modify Subject > > > High Scoring Spam Subject Text > > > Spam Actions > > > High Scoring Spam Actions > > > > > > I'd find this handy anyways, > > > > > > Derek Winkler > > > Security Administrator > > > Algorithmics Inc., Toronto > > > Tel: (416) 217-4107 > > > Fax: (416) 971-6263 > > > www.algorithmics.com > > > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From jase at SENSIS.COM Wed May 14 17:09:41 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:04 2006 Subject: Queston... WAS Re: razor2 working? Message-ID: There are some options you can set in spam.assassin.prefs.conf such as: use_dcc 0 or score DCC_CHECK 0 Both of the above examples would disable dcc checks. Personally, I would use the first example to disable DCC instead of the second. There are options such as use_pyzor, use_razor2, and use_bayes. For more info on options you can put in spam.assassin.prefs.conf, check out http://spamassassin.org/doc/Mail_SpamAssassin_Conf.html Jason > -----Original Message----- > From: Scott Adkins [mailto:adkinss@OHIO.EDU] > Sent: Wednesday, May 14, 2003 11:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Queston... WAS Re: razor2 working? > > > --On Wednesday, May 14, 2003 12:01 PM +0100 Julian Field > wrote: > > > If I remember rightly, SpamAssassin just "finds it" and > starts using it. > > You should see mention of RAZOR in the spam reports, > assuming you Log Spam > > = yes. > > This brings up a nagging question that I have... If my memory > serves me > right, I just install the perl modules associated with some > of the RBLs, > such as Razor or Razor2, and Spam Assassin just simply starts > using it. > > Is there any more controls than that? For instance, what if I have it > installed but don't want it to be used at that moment, or > simply disable > it for a period of time? Is there a way to do that in Spam Assassin? > > Scott > -- > > +------------------------------------------------------------- > ----------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ From mailscanner at ecs.soton.ac.uk Wed May 14 17:06:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: Queston... WAS Re: razor2 working? In-Reply-To: <1717087190.1052911122@Callisto> References: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030514170632.034cd810@imap.ecs.soton.ac.uk> At 16:18 14/05/2003, you wrote: >--On Wednesday, May 14, 2003 12:01 PM +0100 Julian Field > wrote: > >>If I remember rightly, SpamAssassin just "finds it" and starts using it. >>You should see mention of RAZOR in the spam reports, assuming you Log Spam >>= yes. > >This brings up a nagging question that I have... If my memory serves me >right, I just install the perl modules associated with some of the RBLs, >such as Razor or Razor2, and Spam Assassin just simply starts using it. > >Is there any more controls than that? For instance, what if I have it >installed but don't want it to be used at that moment, or simply disable >it for a period of time? Is there a way to do that in Spam Assassin? In SpamAssassin, you disable individual features by setting the appropriate rule scores to 0. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed May 14 17:08:09 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: Feature Request: Multiple Levels of Actions In-Reply-To: References: <5.2.1.1.2.20030513230948.0333bc28@imap.ecs.soton.ac.uk> <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> <06EE2C86D3DAD5119A6C0060943F3C97055E6F71@tormail1.algorithmics.com> <5.2.1.1.2.20030513230948.0333bc28@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030514170710.0428f2d8@imap.ecs.soton.ac.uk> At 16:45 14/05/2003, you wrote: >Julian, > > Ahh the wonders of perl... This looks great on paper but didn't >seem to work, hmmm. After making the twiddles to MailScanner.conf and >CustomConfig.pm (I put the routine below at the bottom of the file, >before the ending 1;), I stopped and restarted MailScanner. The syslog >said: > >May 14 11:10:51 emerald MailScanner[3380]: MailScanner E-Mail Virus >Scanner version 4.20-3 starting... >May 14 11:10:52 emerald MailScanner[3380]: Config: calling custom init >function HighScoringSpamActions >May 14 11:11:01 emerald MailScanner[3412]: MailScanner E-Mail Virus >Scanner version 4.20-3 starting... >May 14 11:11:02 emerald MailScanner[3412]: Config: calling custom init >function HighScoringSpamActions >May 14 11:11:11 emerald MailScanner[3430]: MailScanner E-Mail Virus >Scanner version 4.20-3 starting... >May 14 11:11:12 emerald MailScanner[3430]: Config: calling custom init >function HighScoringSpamActions >(repeat...) Yes, that's exactly what I would expect. You start up 5 child processes, each of which inits HighScoringSpamActions. >and the system load dropped of towards zero. So there isn't much mail flowing. No problem. > Not a good sign -- I hope >MailScanner wasn't busy deleting email. Ugh. I changed High Scoring >Spam Actions back to the previous version and restarted again. > >--- Jeff > >On Tue, 13 May 2003, Julian Field wrote: > > > Date: Tue, 13 May 2003 23:20:54 +0100 > > From: Julian Field > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Feature Request: Multiple Levels of Actions > > > > Implementing a file like you suggest is not necessarily very easy. As soon > > as I do that, someone will want the ranges to be allowed to overlap, adding > > the list of actions as appropriate (and what happens when they clash?). > > Then you will need to be able to set this per user or per domain, so it has > > to be setup from another ruleset. > > > > So it's quite a bit of work, and I don't think it's necessary. > > Read on... > > > > This can already be very easily done with a small Custom Function. > > In MailScanner.conf set > > Required SpamAssassin Score = 4 > > Spam Subject Text = {Spam?} > > Spam Actions = deliver > > High Scoring SpamAssassin Score = 9 > > High Scoring Spam Subject Text = {HIGH SPAM} > > High Scoring Spam Actions = &HighScoringSpamActions > > > > Then in CustomConfig.pm > > > > sub HighScoringSpamActions { > > my($message) = @_; > > > > my $score = $message->{sascore}; # Field names at top of Message.pm > > > > return 'forward jaearick@colby.edu' if $score<=12; > > return 'delete'; > > } > > > > There, that wasn't too painful was it? > > > > > > At 20:35 13/05/2003, you wrote: > > >Julian, > > > > > >I would sure use this setup too. I would use it as: > > > > > > #---deliver (hopefully) non-spam, less than 4 > > > <4 deliver > > > > > > #---deliver maybe-spam, range 4-9 > > > 4 modify "{Spam?}", deliver > > > > > > #---let my procmail rules trap probable spam, range 9-12 > > > 9 modify "{HIGH SPAM}", forward jaearick@colby.edu > > > > > > #---certain spam, delete it, range > 12 > > > >12 delete > > > > > >Tis a great suggestion... > > > > > >--- Jeff Earickson > > > > > >On Tue, 13 May 2003, Derek Winkler wrote: > > > > > > > Date: Tue, 13 May 2003 12:45:05 -0400 > > > > From: Derek Winkler > > > > Reply-To: MailScanner mailing list > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Feature Request: Multiple Levels of Actions > > > > > > > > > > > > Feature request: > > > > > > > > I'd like to have another level of spam actions but instead of creating > > > > Mid-scoring spam config options why not create something like the rule > > > > files... > > > > > > > > Spam Actions = /opt/MailScanner/etc/rules/spam.actions.rules > > > > > > > > spam.actions.rules would contain something like: > > > > > > > > 9 modify "{Spam?}", deliver > > > > 15 modify "{Spam?}", striphtml, deliver > > > > max delete > > > > > > > > with the first line applying to mails which score 9 or below, the > second to > > > > >9 <=15, and the last for anything >15. You could have as many or > few as > > > > needed. > > > > > > > > This would eliminate the need for the following config options: > > > > > > > > Spam Modify Subject > > > > Spam Subject Text > > > > High Scoring Spam Modify Subject > > > > High Scoring Spam Subject Text > > > > Spam Actions > > > > High Scoring Spam Actions > > > > > > > > I'd find this handy anyways, > > > > > > > > Derek Winkler > > > > Security Administrator > > > > Algorithmics Inc., Toronto > > > > Tel: (416) 217-4107 > > > > Fax: (416) 971-6263 > > > > www.algorithmics.com > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From robbyv at DISASTER.COM Wed May 14 17:19:10 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:04 2006 Subject: solaris init.d In-Reply-To: Message-ID: <5.2.1.1.2.20030514121824.0113f938@mailhost.disaster.com> Does the pkill -x MailScanner work for you? Whenver I run that it still leaves behind several Mailscanner processes. At 08:56 AM 5/14/2003 -0600, you wrote: >I use these two on Solaris 9 on sparc. > >Derrick Georgiades >POWER Engineers, Inc. > > >-----Original Message----- >From: David Lee [mailto:t.d.lee@DURHAM.AC.UK] >Sent: Wednesday, May 14, 2003 8:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: solaris init.d > > >On Tue, 13 May 2003, Rob V wrote: > > > Does anyone have a good sendmail+mailscanner init.d start/stop script for > > solaris? > >Alas, it is somewhat less straightforward than that. Solaris' own >sendmail "init.d" and its attendant "/etc/default/sendmail" change from >release to release (e.g. from Solaris 8 to Solaris 9). So it is better to >edit what they give you on that machine, rather than import a complete, >but probably wrong and potentially harmful, script from a repository. > >Now what MIGHT be worth exploring is whether the MailScanner distribution >could include a little Solaris script that would determine the Solaris >release and attempt to apply a relevant patch/diff to the "init.d" for >that particular release. > >Naturally, a similar model might be applicable to the various releases of >other OSes. This might well be a job for the new "autoconf"-based stuff >being planned for MailScanner. (Yes, I'm aware that, in general, autoconf >should, in general, be programmed for features, not OSes, but this might >be a valid exception.) > > >(Note to Julian: You may recall that I contributed some autoconf stuff to >MailScanner several months ago. If you wish to explore the OS-dependent >patching of "init.d" scripts, and to do so in an autoconf-driven way, then >I'll be happy to exchange ideas with you.) > >-- > >: David Lee I.T. Service : >: Systems Programmer Computer Centre : >: University of Durham : >: http://www.dur.ac.uk/t.d.lee/ South Road : >: Durham : >: Phone: +44 191 334 2752 U.K. : > > Rob Vicchiullo robv@disaster.com http://www.disaster.com (518) 218-0900 From mailscanner at ecs.soton.ac.uk Wed May 14 17:50:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:04 2006 Subject: solaris init.d In-Reply-To: <5.2.1.1.2.20030514121824.0113f938@mailhost.disaster.com> References: Message-ID: <5.2.1.1.2.20030514175022.01eeea28@imap.ecs.soton.ac.uk> At 17:19 14/05/2003, you wrote: >Does the pkill -x MailScanner work for you? >Whenver I run that it still leaves behind several Mailscanner processes. Still there after 5 - 10 seconds? MailScanner cleans up after itself when killed, which does take a few seconds. >At 08:56 AM 5/14/2003 -0600, you wrote: >>I use these two on Solaris 9 on sparc. >> >>Derrick Georgiades >>POWER Engineers, Inc. >> >> >>-----Original Message----- >>From: David Lee [mailto:t.d.lee@DURHAM.AC.UK] >>Sent: Wednesday, May 14, 2003 8:04 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: solaris init.d >> >> >>On Tue, 13 May 2003, Rob V wrote: >> >> > Does anyone have a good sendmail+mailscanner init.d start/stop script for >> > solaris? >> >>Alas, it is somewhat less straightforward than that. Solaris' own >>sendmail "init.d" and its attendant "/etc/default/sendmail" change from >>release to release (e.g. from Solaris 8 to Solaris 9). So it is better to >>edit what they give you on that machine, rather than import a complete, >>but probably wrong and potentially harmful, script from a repository. >> >>Now what MIGHT be worth exploring is whether the MailScanner distribution >>could include a little Solaris script that would determine the Solaris >>release and attempt to apply a relevant patch/diff to the "init.d" for >>that particular release. >> >>Naturally, a similar model might be applicable to the various releases of >>other OSes. This might well be a job for the new "autoconf"-based stuff >>being planned for MailScanner. (Yes, I'm aware that, in general, autoconf >>should, in general, be programmed for features, not OSes, but this might >>be a valid exception.) >> >> >>(Note to Julian: You may recall that I contributed some autoconf stuff to >>MailScanner several months ago. If you wish to explore the OS-dependent >>patching of "init.d" scripts, and to do so in an autoconf-driven way, then >>I'll be happy to exchange ideas with you.) >> >>-- >> >>: David Lee I.T. Service : >>: Systems Programmer Computer Centre : >>: University of Durham : >>: http://www.dur.ac.uk/t.d.lee/ South Road : >>: Durham : >>: Phone: +44 191 334 2752 U.K. : >> > >Rob Vicchiullo >robv@disaster.com >http://www.disaster.com >(518) 218-0900 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From dgeorgiades at POWERENG.COM Wed May 14 17:53:56 2003 From: dgeorgiades at POWERENG.COM (Derrick Georgiades) Date: Thu Jan 12 21:18:04 2006 Subject: solaris init.d Message-ID: Works for me. Have you tried straight from command line? Since I had /usr/bin/pkill in the script. which pkill? My MailScanner processes die instantly for me. Sorry but I am not an expert on pkill. -----Original Message----- From: Rob V [mailto:robbyv@DISASTER.COM] Sent: Wednesday, May 14, 2003 10:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: solaris init.d Does the pkill -x MailScanner work for you? Whenver I run that it still leaves behind several Mailscanner processes. At 08:56 AM 5/14/2003 -0600, you wrote: >I use these two on Solaris 9 on sparc. > >Derrick Georgiades >POWER Engineers, Inc. > > >-----Original Message----- >From: David Lee [mailto:t.d.lee@DURHAM.AC.UK] >Sent: Wednesday, May 14, 2003 8:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: solaris init.d > > >On Tue, 13 May 2003, Rob V wrote: > > > Does anyone have a good sendmail+mailscanner init.d start/stop script for > > solaris? > >Alas, it is somewhat less straightforward than that. Solaris' own >sendmail "init.d" and its attendant "/etc/default/sendmail" change from >release to release (e.g. from Solaris 8 to Solaris 9). So it is better to >edit what they give you on that machine, rather than import a complete, >but probably wrong and potentially harmful, script from a repository. > >Now what MIGHT be worth exploring is whether the MailScanner distribution >could include a little Solaris script that would determine the Solaris >release and attempt to apply a relevant patch/diff to the "init.d" for >that particular release. > >Naturally, a similar model might be applicable to the various releases of >other OSes. This might well be a job for the new "autoconf"-based stuff >being planned for MailScanner. (Yes, I'm aware that, in general, autoconf >should, in general, be programmed for features, not OSes, but this might >be a valid exception.) > > >(Note to Julian: You may recall that I contributed some autoconf stuff to >MailScanner several months ago. If you wish to explore the OS-dependent >patching of "init.d" scripts, and to do so in an autoconf-driven way, then >I'll be happy to exchange ideas with you.) > >-- > >: David Lee I.T. Service : >: Systems Programmer Computer Centre : >: University of Durham : >: http://www.dur.ac.uk/t.d.lee/ South Road : >: Durham : >: Phone: +44 191 334 2752 U.K. : > > Rob Vicchiullo robv@disaster.com http://www.disaster.com (518) 218-0900 From dheller at ALLHELLER.NET Wed May 14 18:31:40 2003 From: dheller at ALLHELLER.NET (David Heller) Date: Thu Jan 12 21:18:05 2006 Subject: Need Mailscanner startup script Message-ID: <3EC27D7C.6010003@allheller.net> Hi Can anyone send me the mailscanner startup script that goes in /etc/rc.d/init.d ? I'm running Mandrake 9.0 and I installed using the tar file and not the rpm. When I installed mailscanner everything installed alright except for that one file. The rpm package does not install correctly on my system. Thanks, Dave ps email me directly if you prefer to keep the traffic down. dheller@allheller.net From dheller at ALLHELLER.NET Wed May 14 18:42:08 2003 From: dheller at ALLHELLER.NET (David Heller) Date: Thu Jan 12 21:18:05 2006 Subject: URGENT: MailScanner issue on Linux mail server In-Reply-To: <1052837009.442.6.camel@ws2.billbeau.net> References: <1052837009.442.6.camel@ws2.billbeau.net> Message-ID: <3EC27FF0.6040103@allheller.net> Make sure the file /tmp/FprotBusy.lock is writable. I have mine set to chmod 666 FProtBusy.lock If that file is not writable your mail will never get delivered. because it will just sit there waiting for f-prot to scan it. Good Luck, Dave Bill Beauchemin wrote: >I installed MailScanner along with F-Prot AV on a system runnning >postfix. I can see in the log file that MailScanner is processing and >F-prot is scanning then the email is delivered. Where in the heck is it >delivered to? No one is getting mail in /var/spool/mail and if I try >popping the email it doesnt find any email. So am I missing something in >the MailScanner.conf or did installing F-Prot screw it up? >-- >Bill Beauchemin >www.billbeau.net > > Home Of >Beau's Bullet > PSCA R/S 29 > and >Beautie Goldens > > From dwinkler at ALGORITHMICS.COM Wed May 14 18:45:13 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:05 2006 Subject: Feature Request: Multiple Levels of Actions Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6F76@tormail1.algorithmics.com> So... I can implement this by: -creating InitSpamActions, which would load my config from it's own file into an array -creating SpamActionsSubject, which would decide whether to modify subject or not -creating SpamActions, which would return the actions based on score from array created in InitSpamActions Using the following config options Required SpamAssassin Score=5 (or whatever) Would my functions not even be called unless this was reached? Spam Subject Text = &SpamActionsSubject Spam Actions = &SpamActions and leaving out "High Scoring SpamAssassin Score", "High Scoring Spam Subject Text" and "High Scoring Spam Actions" since they wouldn't be needed anymore? -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Tuesday, May 13, 2003 6:21 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: Feature Request: Multiple Levels of Actions Implementing a file like you suggest is not necessarily very easy. As soon as I do that, someone will want the ranges to be allowed to overlap, adding the list of actions as appropriate (and what happens when they clash?). Then you will need to be able to set this per user or per domain, so it has to be setup from another ruleset. So it's quite a bit of work, and I don't think it's necessary. Read on... This can already be very easily done with a small Custom Function. In MailScanner.conf set Required SpamAssassin Score = 4 Spam Subject Text = {Spam?} Spam Actions = deliver High Scoring SpamAssassin Score = 9 High Scoring Spam Subject Text = {HIGH SPAM} High Scoring Spam Actions = &HighScoringSpamActions Then in CustomConfig.pm sub HighScoringSpamActions { my($message) = @_; my $score = $message->{sascore}; # Field names at top of Message.pm return 'forward jaearick@colby.edu' if $score<=12; return 'delete'; } There, that wasn't too painful was it? At 20:35 13/05/2003, you wrote: >Julian, > >I would sure use this setup too. I would use it as: > > #---deliver (hopefully) non-spam, less than 4 > <4 deliver > > #---deliver maybe-spam, range 4-9 > 4 modify "{Spam?}", deliver > > #---let my procmail rules trap probable spam, range 9-12 > 9 modify "{HIGH SPAM}", forward jaearick@colby.edu > > #---certain spam, delete it, range > 12 > >12 delete > >Tis a great suggestion... > >--- Jeff Earickson > >On Tue, 13 May 2003, Derek Winkler wrote: > > > Date: Tue, 13 May 2003 12:45:05 -0400 > > From: Derek Winkler > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Feature Request: Multiple Levels of Actions > > > > > > Feature request: > > > > I'd like to have another level of spam actions but instead of creating > > Mid-scoring spam config options why not create something like the rule > > files... > > > > Spam Actions = /opt/MailScanner/etc/rules/spam.actions.rules > > > > spam.actions.rules would contain something like: > > > > 9 modify "{Spam?}", deliver > > 15 modify "{Spam?}", striphtml, deliver > > max delete > > > > with the first line applying to mails which score 9 or below, the second to > > >9 <=15, and the last for anything >15. You could have as many or few as > > needed. > > > > This would eliminate the need for the following config options: > > > > Spam Modify Subject > > Spam Subject Text > > High Scoring Spam Modify Subject > > High Scoring Spam Subject Text > > Spam Actions > > High Scoring Spam Actions > > > > I'd find this handy anyways, > > > > Derek Winkler > > Security Administrator > > Algorithmics Inc., Toronto > > Tel: (416) 217-4107 > > Fax: (416) 971-6263 > > www.algorithmics.com > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030514/ec3b8c49/attachment.html From mailscanner at ecs.soton.ac.uk Wed May 14 18:49:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:05 2006 Subject: Need Mailscanner startup script In-Reply-To: <3EC27D7C.6010003@allheller.net> Message-ID: <5.2.1.1.2.20030514184855.01efc4b8@imap.ecs.soton.ac.uk> Attached. At 18:31 14/05/2003, you wrote: >Hi > >Can anyone send me the mailscanner startup script that goes in >/etc/rc.d/init.d ? I'm running Mandrake 9.0 and I installed using the >tar file and not the rpm. When I installed mailscanner everything >installed alright except for that one file. The rpm package does not >install correctly on my system. > >Thanks, > >Dave > >ps email me directly if you prefer to keep the traffic down. >dheller@allheller.net -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.init.rh Type: application/octet-stream Size: 7832 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030514/81f6efda/MailScanner.init.obj -------------- next part -------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From robbyv at DISASTER.COM Wed May 14 19:08:54 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:05 2006 Subject: spam retrieval Message-ID: Wondering if anyone has implemented a way for a user to retrieve his/her spam. Either thru mail or thru the web. Basically I need a way for a user to be able to view their spam and decide if it really is spam if it is fine if it isnt then send it to them. From ernest at OACYS.COM Wed May 14 19:18:39 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:05 2006 Subject: spam retrieval In-Reply-To: Message-ID: <5.2.0.9.2.20030514111653.02ca5d78@mail.oacys.com> What MTA/MUA are you using? I believe there are many, many webmail programs that will read standard mbox or maildir files. You could set procmail (or equivalent) to do local delivery to a different mbox based on the ham/spam content, and then rewrite the webmail app to be handle re-delivery. --Ernest At 07:08 PM 5/14/2003 +0100, you wrote: >Wondering if anyone has implemented a way for a user to retrieve his/her >spam. >Either thru mail or thru the web. >Basically I need a way for a user to be able to view their spam and decide >if it really is spam if it is fine if it isnt then send it to them. From mailscanner at ecs.soton.ac.uk Wed May 14 19:21:18 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:05 2006 Subject: spam retrieval In-Reply-To: <5.2.0.9.2.20030514111653.02ca5d78@mail.oacys.com> References: Message-ID: <5.2.1.1.2.20030514192035.01e8dbb0@imap.ecs.soton.ac.uk> For some of our users, we just deliver the {SPAM?} into an auto-spam mailbox and then let them check the mailbox themselves (using IMAP). At 19:18 14/05/2003, you wrote: >What MTA/MUA are you using? I believe there are many, many webmail programs >that will read standard mbox or maildir files. You could set procmail (or >equivalent) to do local delivery to a different mbox based on the ham/spam >content, and then rewrite the webmail app to be handle re-delivery. > >--Ernest > >At 07:08 PM 5/14/2003 +0100, you wrote: >>Wondering if anyone has implemented a way for a user to retrieve his/her >>spam. >>Either thru mail or thru the web. >>Basically I need a way for a user to be able to view their spam and decide >>if it really is spam if it is fine if it isnt then send it to them. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Wed May 14 19:29:15 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:05 2006 Subject: Need Mailscanner startup script In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011753BD@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011753BD@pascal.priv.bmrb.co.uk> Message-ID: <1052936958.15123.4.camel@bach.kevinspicer.co.uk> I know you've already installed it, but the rpm does actually install okay on Mandrake 9.0. You need to use the nodeps option to the install.sh script, but otherwise a default Mandrake install (with development packages) should install okay. I've also installed on a stripped down Mandrake box - but I had to install a few development packages to get it to build) On Wed, 2003-05-14 at 18:31, David Heller wrote: Hi Can anyone send me the mailscanner startup script that goes in /etc/rc.d/init.d ? I'm running Mandrake 9.0 and I installed using the tar file and not the rpm. When I installed mailscanner everything installed alright except for that one file. The rpm package does not install correctly on my system. Thanks, Dave ps email me directly if you prefer to keep the traffic down. dheller@allheller.net BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From dheller at ALLHELLER.NET Wed May 14 20:34:59 2003 From: dheller at ALLHELLER.NET (David Heller) Date: Thu Jan 12 21:18:05 2006 Subject: Need Mailscanner startup script In-Reply-To: <3EC27D7C.6010003@allheller.net> References: <3EC27D7C.6010003@allheller.net> Message-ID: <3EC29A63.3090703@allheller.net> Hi I'm all set now thanks for the speedy replies. :-) Dave From mbowman at UDCOM.COM Wed May 14 20:30:28 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist Message-ID: Hi Has anyone written a Web Based program that will allow a client to update their own spam.whitelist.rules and/or spam.blacklist.rules ? My future config will be (assuming this syntax is correct) Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules >> spam.whitelist.rules To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules >> udcom.whitest.rules From: @adomain.tld yes If there was a program that could just edit their own domain.whitelist.rules that would be magic. Naturally the only person that has write access is a userid that I assign them. Anyone got something that they are using ? Thanks Matthew From hh at HACKHAWK.NET Wed May 14 20:37:15 2003 From: hh at HACKHAWK.NET (Hack Hawk) Date: Thu Jan 12 21:18:05 2006 Subject: spamassassin 2.54 released In-Reply-To: Message-ID: <5.2.1.1.0.20030514123455.03620b70@mail.nightsource.com> At 12:36 PM 5/12/03, Jeff A. Earickson wrote: >see www.spamassassin.org... I upgraded to 2.44. The only problem I ran into is that now that the tag text is removed from the subject line, Eudora had trouble filtering into my spam folder. I had to choose AnyHeader containing ***** in order to filter again. There doesn't appear to be any other good header to filter from. Anyone else using something different to filter the spam on the client end? Thanks - Rich From hh at HACKHAWK.NET Wed May 14 20:40:00 2003 From: hh at HACKHAWK.NET (Hack Hawk) Date: Thu Jan 12 21:18:05 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.0.20030514123455.03620b70@mail.nightsource.com> References: Message-ID: <5.2.1.1.0.20030514123936.0303d880@mail.nightsource.com> At 12:37 PM 5/14/03, you wrote: >At 12:36 PM 5/12/03, Jeff A. Earickson wrote: >>see www.spamassassin.org... > >I upgraded to 2.44. I meant FROM 2.44 - rich From craig at STRONG-BOX.NET Wed May 14 20:44:21 2003 From: craig at STRONG-BOX.NET (Craig Pratt) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: Message-ID: <757876EE-8644-11D7-AB2B-000393B9390A@strong-box.net> On Wednesday, May 14, 2003, at 12:30 PM, Matthew Bowman wrote: > Hi > > Has anyone written a Web Based program that will allow a client to > update > their own spam.whitelist.rules and/or spam.blacklist.rules ? WebMin is a great program for this kind of thing - and there have been posts about a beta WebMin module for MailScanner (http://lushsoft.dyndns.org/mailscanner-webmin/). I haven't tried it yet. But if done in the tradition of other WebMin modules, it's easy to delegate/limit control on a per-user basis using WebMin. So even if the MailScanner webmin module doesn't do it now, it would be a great place to start. Craig > > My future config will be (assuming this syntax is correct) > > Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > >>> spam.whitelist.rules > > To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules > >>> udcom.whitest.rules > > From: @adomain.tld yes > > > If there was a program that could just edit their own > domain.whitelist.rules that would be magic. Naturally the only person > that > has write access is > a userid that I assign them. > > Anyone got something that they are using ? > > Thanks > > Matthew > --- Craig Pratt Strongbox Network Services Inc. mailto:craig@strong-box.net -- This message checked for dangerous content by MailScanner on StrongBox. From mailscanner at ecs.soton.ac.uk Wed May 14 20:56:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:05 2006 Subject: spamassassin 2.54 released In-Reply-To: <5.2.1.1.0.20030514123455.03620b70@mail.nightsource.com> References: Message-ID: <5.2.1.1.2.20030514205420.02310ea8@imap.ecs.soton.ac.uk> At 20:37 14/05/2003, you wrote: >At 12:36 PM 5/12/03, Jeff A. Earickson wrote: >>see www.spamassassin.org... > >I upgraded to 2.44. The only problem I ran into is that now that the tag >text is removed from the subject line, Eudora had trouble filtering into my >spam folder. MailScanner's subject line tagging hasn't changed. Just look for "{Spam?}" in the subject line as you did before. >I had to choose AnyHeader containing ***** in order to filter again. ? Have you changed the "Spam Stars" character to "*" instead of the default "s"? > There >doesn't appear to be any other good header to filter from. Anyone else >using something different to filter the spam on the client end? X-MailScanner-SpamScore: containing as many "s" characters as you want. Or X-MailScanner-SpamCheck: starting with "spam". -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Wed May 14 20:58:59 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:05 2006 Subject: Need Mailscanner startup script In-Reply-To: <3EC27D7C.6010003@allheller.net> Message-ID: Hi! > Can anyone send me the mailscanner startup script that goes in > /etc/rc.d/init.d ? I'm running Mandrake 9.0 and I installed using the > tar file and not the rpm. When I installed mailscanner everything > installed alright except for that one file. The rpm package does not > install correctly on my system. Simply look with mc inside the rpm and get it out. Easy as that. bye. Raymond. From mailscanner at ecs.soton.ac.uk Wed May 14 20:58:50 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender virus scanner Message-ID: <5.2.1.1.2.20030514205725.021da880@imap.ecs.soton.ac.uk> I have just put up 4.21-5 incorporating support for the "Bitdefender" virus scanner. Don't all rush at once :-) It also includes a Postfix fix which was first released in 4.21-4. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sean at DIGISILK.NET Wed May 14 20:30:06 2003 From: sean at DIGISILK.NET (Sean Closson) Date: Thu Jan 12 21:18:05 2006 Subject: spamassassin string Message-ID: <1052940606.5370.14.camel@george.digisilk.net> Just in case anyone encounters this issue, I thought I'd send this out. I was seeing some warnings in my maillog about looking up a string ("Looked up unknown string spamassassin in language translation file /etc/MailScanner/reports/en/languages.conf") I just added a line to the languages.conf file that reads "spamassassin = SpamAssassin" and restarted MailScanner to resolve the problem. Apologies if this is old news or not applicable to most people. From ree at THUNDERSTAR.NET Wed May 14 11:06:42 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender virus scanner In-Reply-To: <5.2.1.1.2.20030514205725.021da880@imap.ecs.soton.ac.uk> Message-ID: I had a look at Bitdefender - anyone know whether their free Linux workstation version is legal to use under mailscanner? Or is that considered "server" use. Also anyone have info on how good it is? On Wed, 14 May 2003, Julian Field wrote: > I have just put up 4.21-5 incorporating support for the "Bitdefender" virus > scanner. Don't all rush at once :-) > It also includes a Postfix fix which was first released in 4.21-4. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From ree at THUNDERSTAR.NET Wed May 14 11:06:42 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender virus scanner In-Reply-To: <5.2.1.1.2.20030514205725.021da880@imap.ecs.soton.ac.uk> Message-ID: <<< No Message Collected >>> From ree at THUNDERSTAR.NET Wed May 14 11:06:42 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender virus scanner In-Reply-To: <5.2.1.1.2.20030514205725.021da880@imap.ecs.soton.ac.uk> Message-ID: <<< No Message Collected >>> From ree at THUNDERSTAR.NET Wed May 14 11:09:29 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <757876EE-8644-11D7-AB2B-000393B9390A@strong-box.net> Message-ID: How about a user controlled quarantine via a web interface? Anyone know of anything like this already worked out for Mail Scanner? Probably there would need to be global controls on what type of quarantined messages the user could deal with or not... Actually, now that I think of it, this is simple to do if users are already accessing their mail via a web based interface that supports filters, but if not, it would be nice for spam to quarantined globally and then users can check for false positives themselves via a web based interface. Just some ideas. Regards, Ron On Wed, 14 May 2003, Craig Pratt wrote: > On Wednesday, May 14, 2003, at 12:30 PM, Matthew Bowman wrote: > > Hi > > > > Has anyone written a Web Based program that will allow a client to > > update > > their own spam.whitelist.rules and/or spam.blacklist.rules ? > > WebMin is a great program for this kind of thing - and there have been > posts about a beta WebMin module for MailScanner > (http://lushsoft.dyndns.org/mailscanner-webmin/). I haven't tried it > yet. > > But if done in the tradition of other WebMin modules, it's easy to > delegate/limit control on a per-user basis using WebMin. So even if the > MailScanner webmin module doesn't do it now, it would be a great place > to start. > > Craig > > > > > My future config will be (assuming this syntax is correct) > > > > Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > > > >>> spam.whitelist.rules > > > > To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules > > > >>> udcom.whitest.rules > > > > From: @adomain.tld yes > > > > > > If there was a program that could just edit their own > > domain.whitelist.rules that would be magic. Naturally the only person > > that > > has write access is > > a userid that I assign them. > > > > Anyone got something that they are using ? > > > > Thanks > > > > Matthew > > > --- > Craig Pratt > Strongbox Network Services Inc. > mailto:craig@strong-box.net > > > -- > This message checked for dangerous content by MailScanner on StrongBox. > From ree at THUNDERSTAR.NET Wed May 14 11:09:29 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <757876EE-8644-11D7-AB2B-000393B9390A@strong-box.net> Message-ID: <<< No Message Collected >>> From smhickel at CHARTERMI.NET Wed May 14 21:51:13 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: Message-ID: What about webmin and the mailscanner.wbm. I believe it will edit the whitelist. You can assign users to webmin in the webmin interface. Steve On Wed, 14 May 2003, Matthew Bowman wrote: > Hi > > Has anyone written a Web Based program that will allow a client to update > their own spam.whitelist.rules and/or spam.blacklist.rules ? > > My future config will be (assuming this syntax is correct) > > Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > > >> spam.whitelist.rules > > To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules > > >> udcom.whitest.rules > > From: @adomain.tld yes > > > If there was a program that could just edit their own > domain.whitelist.rules that would be magic. Naturally the only person that > has write access is > a userid that I assign them. > > Anyone got something that they are using ? > > Thanks > > Matthew > From smhickel at CHARTERMI.NET Wed May 14 21:51:13 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: Message-ID: What about webmin and the mailscanner.wbm. I believe it will edit the whitelist. You can assign users to webmin in the webmin interface. Steve On Wed, 14 May 2003, Matthew Bowman wrote: > Hi > > Has anyone written a Web Based program that will allow a client to update > their own spam.whitelist.rules and/or spam.blacklist.rules ? > > My future config will be (assuming this syntax is correct) > > Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > > >> spam.whitelist.rules > > To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules > > >> udcom.whitest.rules > > From: @adomain.tld yes > > > If there was a program that could just edit their own > domain.whitelist.rules that would be magic. Naturally the only person that > has write access is > a userid that I assign them. > > Anyone got something that they are using ? > > Thanks > > Matthew > From ree at thunderstar.net Wed May 14 11:06:42 2003 From: ree at thunderstar.net (Ron E.) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender virus scanner In-Reply-To: <5.2.1.1.2.20030514205725.021da880@imap.ecs.soton.ac.uk> Message-ID: I had a look at Bitdefender - anyone know whether their free Linux workstation version is legal to use under mailscanner? Or is that considered "server" use. Also anyone have info on how good it is? On Wed, 14 May 2003, Julian Field wrote: > I have just put up 4.21-5 incorporating support for the "Bitdefender" virus > scanner. Don't all rush at once :-) > It also includes a Postfix fix which was first released in 4.21-4. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From ree at thunderstar.net Wed May 14 11:09:29 2003 From: ree at thunderstar.net (Ron E.) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <757876EE-8644-11D7-AB2B-000393B9390A@strong-box.net> Message-ID: How about a user controlled quarantine via a web interface? Anyone know of anything like this already worked out for Mail Scanner? Probably there would need to be global controls on what type of quarantined messages the user could deal with or not... Actually, now that I think of it, this is simple to do if users are already accessing their mail via a web based interface that supports filters, but if not, it would be nice for spam to quarantined globally and then users can check for false positives themselves via a web based interface. Just some ideas. Regards, Ron On Wed, 14 May 2003, Craig Pratt wrote: > On Wednesday, May 14, 2003, at 12:30 PM, Matthew Bowman wrote: > > Hi > > > > Has anyone written a Web Based program that will allow a client to > > update > > their own spam.whitelist.rules and/or spam.blacklist.rules ? > > WebMin is a great program for this kind of thing - and there have been > posts about a beta WebMin module for MailScanner > (http://lushsoft.dyndns.org/mailscanner-webmin/). I haven't tried it > yet. > > But if done in the tradition of other WebMin modules, it's easy to > delegate/limit control on a per-user basis using WebMin. So even if the > MailScanner webmin module doesn't do it now, it would be a great place > to start. > > Craig > > > > > My future config will be (assuming this syntax is correct) > > > > Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > > > >>> spam.whitelist.rules > > > > To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules > > > >>> udcom.whitest.rules > > > > From: @adomain.tld yes > > > > > > If there was a program that could just edit their own > > domain.whitelist.rules that would be magic. Naturally the only person > > that > > has write access is > > a userid that I assign them. > > > > Anyone got something that they are using ? > > > > Thanks > > > > Matthew > > > --- > Craig Pratt > Strongbox Network Services Inc. > mailto:craig@strong-box.net > > > -- > This message checked for dangerous content by MailScanner on StrongBox. > From rich at MAIL.WVNET.EDU Thu May 15 00:12:04 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: References: Message-ID: <1052953924.1495.11.camel@localhost.localdomain> > On Wed, 14 May 2003, Matthew Bowman wrote: > > > Hi > > > > Has anyone written a Web Based program that will allow a client to update > > their own spam.whitelist.rules and/or spam.blacklist.rules ? > > > > My future config will be (assuming this syntax is correct) > > > > Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > > > > >> spam.whitelist.rules > > > > To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules > > > > >> udcom.whitest.rules > > > > From: @adomain.tld yes > > > > > > If there was a program that could just edit their own > > domain.whitelist.rules that would be magic. Naturally the only person that > > has write access is > > a userid that I assign them. > > > > Anyone got something that they are using ? > > > > Thanks > > > > Matthew > > Is this actually valid? I didn't think you could have a rules file with entries which point to another rules file. I would really like to have separate whitelists/blacklists for different domains but can't figure out a way to do it. I just tried something like the above and got syntax errors. >May 14 18:56:52 barney MailScanner[16787]: Syntax error in line 22 of ruleset file /etc/MailScanner/rules/spam.blacklist.rules for keyword spamblacklist >May 14 18:56:52 barney MailScanner[16787]: Aborting due to syntax errors in /etc/MailScanner/rules/spam.blacklist.rules. Is this not possible or is it that I just don't know how to do it? Thanks. -- Richard Lynch From raymond at PROLOCATION.NET Thu May 15 01:04:53 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender In-Reply-To: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> Message-ID: Hi Julian, Would you be so kind to put in the bitdefender-wrapper script also ? :) It wasnt in the (rpm) distribution i tried... Is there a update script also for bitdefender ? Thanks, Raymond. From todd-lists at decagon.com Thu May 15 05:43:23 2003 From: todd-lists at decagon.com (todd Martin) Date: Thu Jan 12 21:18:05 2006 Subject: No subject Message-ID: Hi all, I'm running a much-older versions of MailScanner (3.12) and SpamAssassin (2.01) on my FreeBSD 4.7 box. Obviously I have lots to gain with an update! I'm very much looking forward to the new features and protection offered by MS 4. My users and I also can't wait to cut way back on our spam diet with a new SA version. Anybody have some suggestions for an upgrade strategy? I worry about downtime, lost mail, security holes, etc. while updating and testing the new configuration options. Also, I've been out of the loop for a while: what is the conventional wisdom for using the following? SA 2.54 v. 2.60? Default spam score? Bayes? DCC? Razor2? Relay lists? Sendmail anti-spam features to enable? Thanks, in advance, for sharing your experience. ~Todd From todd-lists at decagon.com Thu May 15 05:53:56 2003 From: todd-lists at decagon.com (todd Martin) Date: Thu Jan 12 21:18:05 2006 Subject: Upgrade strategy (help please) Message-ID: <3BBAA529-8691-11D7-9D07-000393CE7692@decagon.com> Hi all, Sorry about the duplicate. My original subject line went missing... I'm running a much-older versions of MailScanner (3.12) and SpamAssassin (2.01) on my FreeBSD 4.7 box. Obviously I have lots to gain with an update! I'm very much looking forward to the new features and protection offered by MS 4. My users and I also can't wait to cut way back on our spam diet with a new SA version. Anybody have some suggestions for an upgrade strategy? I worry about downtime, lost mail, security holes, etc. while updating and testing the new configuration options. Also, I've been out of the loop for a while: what is the conventional wisdom for using the following? SA 2.54 v. 2.60? Default spam score? Bayes? DCC? Razor2? Relay lists? Sendmail anti-spam features to enable? Thanks, in advance, for sharing your experience. ~Todd From raymond at PROLOCATION.NET Thu May 15 12:04:14 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender In-Reply-To: <5.2.0.9.2.20030515115121.043706d0@imap.ecs.soton.ac.uk> Message-ID: Hi! > >Would you be so kind to put in the bitdefender-wrapper script also ? :) > >It wasnt in the (rpm) distribution i tried... > Sorry. Is attached. Thanks! > >Is there a update script also for bitdefender ? > No, they claim it updates itself (?!?) I would rather schedule that myself, but ok, lets see how it works out :)) I have put in the script and its running on one of my boxes now. Bye, Raymond. From raymond at PROLOCATION.NET Thu May 15 12:07:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender In-Reply-To: Message-ID: Hi! > Thanks! > > > >Is there a update script also for bitdefender ? > > > No, they claim it updates itself (?!?) > > I would rather schedule that myself, but ok, lets see how it works out :)) > I have put in the script and its running on one of my boxes now. Seems to work, what worries is that its not picking up even the new virusses... have a look: Report: F-Prot: /var/spool/MailScanner/incoming/28437/./h4FB5nWS028476/test.zip->Gaq.scr Infection: W32/Klez.H@mm F-Prot: /var/spool/MailScanner/incoming/28437/./h4FB5nWS028476/test.zip->Hacker.scr Infection: W32/Lentin.H@mm F-Prot: /var/spool/MailScanner/incoming/28437/./h4FB5nWS028476/test.zip->Movie_0074.mpeg.pif Infection: W32/Sobig.A@mm F-Prot: /var/spool/MailScanner/incoming/28437/./h4FB5nWS028476/test.zip->picacu.exe Infection: W32/Klez.H@mm F-Prot: /var/spool/MailScanner/incoming/28437/./h4FB5nWS028476/test.zip->xx.scr Infection: W32/Ganda.A@mm ClamAV: test.zip contains Worm/Klez.H Bitdefender: Found virus Win32.Klez.H@mm in file test.zip Bitdefender: Found virus Win32.Klez.H@mm in file test.zip I would not want that one running alone :)) Bye, Raymond. From mailscanner at ecs.soton.ac.uk Thu May 15 11:51:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender In-Reply-To: References: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030515115121.043706d0@imap.ecs.soton.ac.uk> At 01:04 15/05/2003, you wrote: >Hi Julian, > >Would you be so kind to put in the bitdefender-wrapper script also ? :) >It wasnt in the (rpm) distribution i tried... Sorry. Is attached. >Is there a update script also for bitdefender ? No, they claim it updates itself (?!?) -------------- next part -------------- A non-text attachment was scrubbed... Name: bitdefender-wrapper Type: application/octet-stream Size: 1346 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/3c1e8647/bitdefender-wrapper.obj -------------- next part -------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 11:41:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:05 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <1052953924.1495.11.camel@localhost.localdomain> References: Message-ID: <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> At 00:12 15/05/2003, you wrote: > > On Wed, 14 May 2003, Matthew Bowman wrote: > > > > > Hi > > > > > > Has anyone written a Web Based program that will allow a client to update > > > their own spam.whitelist.rules and/or spam.blacklist.rules ? > > > > > > My future config will be (assuming this syntax is correct) > > > > > > Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > > > > > > >> spam.whitelist.rules > > > > > > To: udcom.com /etc/Mailscanner/rules/udcom.whitelist.rules > > > > > > >> udcom.whitest.rules > > > > > > From: @adomain.tld yes > > > > > > > > > If there was a program that could just edit their own > > > domain.whitelist.rules that would be magic. Naturally the only person > that > > > has write access is > > > a userid that I assign them. > > > > > > Anyone got something that they are using ? > > > > > > Thanks > > > > > > Matthew > > > > >Is this actually valid? I didn't think you could have a rules file with >entries which point to another rules file. I would really like to have >separate whitelists/blacklists for different domains but can't figure >out a way to do it. > >I just tried something like the above and got syntax errors. > > >May 14 18:56:52 barney MailScanner[16787]: Syntax error in line 22 of >ruleset file /etc/MailScanner/rules/spam.blacklist.rules for keyword >spamblacklist > >May 14 18:56:52 barney MailScanner[16787]: Aborting due to syntax >errors in /etc/MailScanner/rules/spam.blacklist.rules. > >Is this not possible or is it that I just don't know how to do it? Okay, I admit I was waiting for someone to say that ;-) You are quite right, you can't have rulesets that point to rulesets. The per-domain and per-user (and per-IP) black/whitelist support is done via Custom Functions in CustomConfig.pm. Take a look in there and you'll find everything you need to get this going. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 12:19:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:05 2006 Subject: Bitdefender In-Reply-To: References: <5.2.0.9.2.20030515115121.043706d0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030515121914.044574b0@imap.ecs.soton.ac.uk> At 12:04 15/05/2003, you wrote: >Hi! > > > >Would you be so kind to put in the bitdefender-wrapper script also ? :) > > >It wasnt in the (rpm) distribution i tried... > > > Sorry. Is attached. > >Thanks! > > > >Is there a update script also for bitdefender ? > > > No, they claim it updates itself (?!?) > >I would rather schedule that myself, but ok, lets see how it works out :)) >I have put in the script and its running on one of my boxes now. There is no separate program to run to do an update, I haven't read enough docs to know what it's actually doing, but it does have an ini file that says where it should get updates from. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From m.sapsed at BANGOR.AC.UK Thu May 15 13:00:07 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:05 2006 Subject: Outlook Express and headers References: <1051904509.24998.19.camel@croithine> Message-ID: <3EC38147.1030300@bangor.ac.uk> Thomas DuVally wrote: > Since OE has NO reasonable ability to filter on message headers, I have > been asked to look into solutions to modify how mail gets tagged for > spam. Right now we tag in the headers with the report and the "s"'s, > but do not modify the subject line. Users can then filter to their > hearts content... unless they have OE. > > The proposal to modify the subject line has been rejected and the > request to modify the body has been put forth. Preferable at the end. If your mail is delivered by procmail, you could adopt the solution we've used. We've produced a web page which allows our "customers" to select filtering/deleting options based on Subject alteration but you could do it on the sss's line too. When the page is submitted something (I don't know what but could find out!) rewrites the "customer"'s .procmailrc by (un)commenting a collection of INCLUDE statements. This gives you a generic solution for all e-mail users and the filtering happens regardless of whether they use a desktop client (even a deficient one) or webmail if they're off site. Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From m.sapsed at BANGOR.AC.UK Thu May 15 13:21:57 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:05 2006 Subject: spamassassin 2.53 & MailScanner References: Message-ID: <3EC38665.7050506@bangor.ac.uk> Peter Bates wrote: > Yesterday or so I added the following refinement to > my spam.assassin.prefs.conf: > > score MSGID_GOOD_EXCHANGE -2.0 > > ... as I've been seeing an increasing number of messages > being scored low (the score above, being -5+ in the default > configuration can work against the other factors identifying > the message as 'spam') due to this rule... I'm guessing more > people are relaying through Microsoft Exchange servers, or > someone has found the mystical incantation to spoof the format > of Message-ID. My current tweaks to SA2.53 are: # local score alterations score MSGID_GOOD_EXCHANGE -0.5 score IN_REP_TO -0.3 rawbody __OBFUSCATING_COMMENT /[^\s>][^\s<]/ score OBFUSCATING_COMMENT 5 because in addition to the Message-ID's Peter's noticed I've seen In-reply-to: and some obfuscating comments which were more obfuscated than SA allowed for! (and I didn't think it scored them highly enough) I guess things like this get discussed on sa-talk? To get back on topic (just!) should these alterations go in MailScanner/etc/spam.assassin.prefs.conf or /etc/mail/spamassassin/local.cf or doesn't it matter? Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From m.sapsed at BANGOR.AC.UK Thu May 15 13:32:14 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:06 2006 Subject: SpamAssassin score below 7? References: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> Message-ID: <3EC388CE.1010506@bangor.ac.uk> ISP List wrote: > Anyone doing a SpamAssassin score threshold below 7? Have any problems > with false positives? I did a survey in March and reported: ------------ OK - I had 12 responses (although one wasn't a direct response but someone put the numbers in another message!) plus ourselves. Average ordinary threshold was 5.6 and average High score was 13.3. 6 of the 13 are using 5 as the low score, we're now using 4.5 and the lowest in standard use was 4.4 although someone said they used 4 personally but 5 for everyone else. The highest lower threshold was 9. On the High SpamAssassin Score, a number of people either didn't use it or left it at the default of 20. Just using the 6 who had changed the value, the average was 10. To some extent experience of the values will vary depending on the version of SpamAssassin in use. ----------- We're still using 4.5 and 10. We get some false positives on 4.5 and have a web page for people to request whitelist entries. We striphtml and 10 and I'm not aware of any fales positives at this level. These are using SA2.53 and by the sound of things it would be worthwhile to move to 2.54 since that appears to have incorporated at least one of the tweaks I've found necessary! (Sorry this is late - regulars may have noticed I'm catching up on a backlog!) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From dll at SCITOOLS.COM Thu May 15 14:25:41 2003 From: dll at SCITOOLS.COM (Dan Leavitt) Date: Thu Jan 12 21:18:06 2006 Subject: RBL checks timed out Message-ID: <00ce01c31ae5$7db9afe0$170aa8c0@DELL> Occasionally I get lots of timeouts with Infinite-Monkeys and SpamAssassin. I'm not sure why this is but changing the timeouts in MailScanner.conf may be necessary. Unfortunately, I'm not sure how long these things take in normal cases. Please consider adding the execution times in the log messages: May 11 04:49:44 server MailScanner[4394]: RBL checks: h4B8ndM10306 found in Infinite-Monkeys (5.4 sec) Thanks, Dan From Denis.Beauchemin at USHERBROOKE.CA Thu May 15 14:48:08 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:06 2006 Subject: OT: help with SA scores Message-ID: <1053006488.14290.237.camel@dbeauchemin.si.usherbrooke.ca> Hello, Could someone shed some light on the 4 numbers in SA score file: /usr/share/spamassassin/50_scores.cf:score FORGED_MUA_OIMO 4.295 2.799 4.295 2.796 Some users are getting their Outlook calendar emails flagged as SPAM and I believe the FORGED_MUA_OIMO is the culprit. Before I lower the score of this parameter I would like to understand why there are 4 different scores for it. Should I lower this parameter or whitelist my entire domain (it was not necessary until now)? Thanks again! -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From robbyv at DISASTER.COM Thu May 15 15:19:58 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin report Message-ID: Is there anyway to have MailScanner print the full spamassassin report. Spamassassin ussually reports something like this if you want: X-Spam-Report: 10.90 hits, 8 required; * -0.7 -- BODY: Contains a tollfree number * 2.9 -- BODY: Information on how to work at home (2) * 2.1 -- BODY: Once in a lifetime, apparently * 1.7 -- BODY: List removal information * 1.0 -- BODY: Drastically Reduced * 3.6 -- BODY: Spam phrases score is 21 to 34 (high) [score: 22] * 0.3 -- BODY: A WHOLE LINE OF YELLING DETECTED Is there anyway to have MailScanner include this ? From jase at SENSIS.COM Thu May 15 15:10:00 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin 2.53 & MailScanner Message-ID: > To get back on topic (just!) should these alterations go in > MailScanner/etc/spam.assassin.prefs.conf or > /etc/mail/spamassassin/local.cf or doesn't it matter? Taking the advise from someone else on this list (sorry I don't remember who), I have made /etc/mail/spamassassin/local.cf a symbolic link to my spam.assassin.prefs.conf file. This way, if I run spamassassin from the command line or sa-learn or anything else, it will use the same options that MailScanner uses. Jason From adkinss at OHIO.EDU Thu May 15 15:02:56 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:18:06 2006 Subject: Queston... WAS Re: razor2 working? In-Reply-To: <5.2.0.9.2.20030514170632.034cd810@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030514170632.034cd810@imap.ecs.soton.ac.uk> Message-ID: <1798941260.1052992976@Callisto> --On Wednesday, May 14, 2003 5:06 PM +0100 Julian Field wrote: > At 16:18 14/05/2003, you wrote: >> --On Wednesday, May 14, 2003 12:01 PM +0100 Julian Field >> wrote: >> >>> If I remember rightly, SpamAssassin just "finds it" and starts using it. >>> You should see mention of RAZOR in the spam reports, assuming you Log >>> Spam = yes. >> >> This brings up a nagging question that I have... If my memory serves me >> right, I just install the perl modules associated with some of the RBLs, >> such as Razor or Razor2, and Spam Assassin just simply starts using it. >> >> Is there any more controls than that? For instance, what if I have it >> installed but don't want it to be used at that moment, or simply disable >> it for a period of time? Is there a way to do that in Spam Assassin? > > In SpamAssassin, you disable individual features by setting the > appropriate rule scores to 0. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support Great... thanks... So, another question... for the purposes of testing out these RBLs on an individual by individual basis, is there a way to enable them in SA only for certain addresses, such as To: addresses? Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/1cae7a9b/attachment.bin From sylvain.phaneuf at IMSU.OXFORD.AC.UK Thu May 15 15:07:26 2003 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:18:06 2006 Subject: spam score for each test in header Message-ID: I don't know whether this has been discussed before, but I am wondering how difficult would that be to put the score of each spam test in the X-MailScanner-Information header? e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 Every now and then we have users who are suprised that a specific message has not been picked up as spam and we need to explain to them. Other less frequent situations are when we try to determine why a message is a false positive. We need to manually dig out the scores for each test and then see what would need changing. This is a feature I have seen with some commercial products, and it seems to be popular. Sylvain =========================================================== Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== From adkinss at OHIO.EDU Thu May 15 15:54:33 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:18:06 2006 Subject: spam score for each test in header In-Reply-To: References: Message-ID: <1802037522.1052996073@Callisto> Actually, I have been thinking the same thing. Users would like to know *which* rule added the most to the total score, or if there were rules that subtracted off some point, it would be nice to know which ones did that and by how much... Obviously, I have access to the rule files and can look them up, but most cannot. If we had an option to turn on the score values in the header, it would be quite useful! Scott --On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf wrote: > I don't know whether this has been discussed before, but I am wondering > how difficult would that be to put the score of each spam test in the > X-MailScanner-Information header? > > e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; > SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 > > Every now and then we have users who are suprised that a specific message > has not been picked up as spam and we need to explain to them. Other less > frequent situations are when we try to determine why a message is a false > positive. We need to manually dig out the scores for each test and then > see what would need changing. > > This is a feature I have seen with some commercial products, and it seems > to be popular. > > > > Sylvain > > =========================================================== > Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 > Information Management Services Unit - Medical Sciences Division > Oxford University | email : > sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | > fax : +44 (0) 1865 221322 Oxford OX3 9DU England > =========================================================== -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/1ec26c16/attachment.bin From jkf at ecs.soton.ac.uk Thu May 15 16:43:13 2003 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: Queston... WAS Re: razor2 working? In-Reply-To: <1798941260.1052992976@Callisto> References: <5.2.0.9.2.20030514170632.034cd810@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030514120055.034eee28@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030514170632.034cd810@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030515164258.03004fd8@imap.ecs.soton.ac.uk> At 15:02 15/05/2003, you wrote: >--On Wednesday, May 14, 2003 5:06 PM +0100 Julian Field > wrote: > >>At 16:18 14/05/2003, you wrote: >>>--On Wednesday, May 14, 2003 12:01 PM +0100 Julian Field >>> wrote: >>> >>>>If I remember rightly, SpamAssassin just "finds it" and starts using it. >>>>You should see mention of RAZOR in the spam reports, assuming you Log >>>>Spam = yes. >>> >>>This brings up a nagging question that I have... If my memory serves me >>>right, I just install the perl modules associated with some of the RBLs, >>>such as Razor or Razor2, and Spam Assassin just simply starts using it. >>> >>>Is there any more controls than that? For instance, what if I have it >>>installed but don't want it to be used at that moment, or simply disable >>>it for a period of time? Is there a way to do that in Spam Assassin? >> >>In SpamAssassin, you disable individual features by setting the >>appropriate rule scores to 0. >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > >Great... thanks... > >So, another question... for the purposes of testing out these RBLs on an >individual by individual basis, is there a way to enable them in SA only >for certain addresses, such as To: addresses? No, sorry. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From raymond at PROLOCATION.NET Thu May 15 16:58:42 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:06 2006 Subject: Bitdefender virus scanner In-Reply-To: Message-ID: Hi! > > I have just put up 4.21-5 incorporating support for the "Bitdefender" virus > > scanner. Don't all rush at once :-) > I dl'ed Bitdefender, but it doesn't detect the eicar string, is that a > feature ? I tested with 100 new virusses, it detected 57 (!) even CLamAV got them all. I dont wanna sound negative but these results are not even worth to be listed as supported scanner :) Bye, Raymond. From Richard.Lush at HP.COM Thu May 15 16:57:22 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:18:06 2006 Subject: SAVI Library compliation errors RH8 Message-ID: <13095CFC38D38E418844A18124E8EC77087727@sdcexcea01.emea.cpqcorp.net> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2832 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/b3771224/smime.bin From henker at SHCOM.US Thu May 15 16:52:04 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:06 2006 Subject: Bitdefender virus scanner In-Reply-To: <5.2.1.1.2.20030514205725.021da880@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030514205725.021da880@imap.ecs.soton.ac.uk> Message-ID: On Wed, 14 May 2003, Julian Field wrote: > I have just put up 4.21-5 incorporating support for the "Bitdefender" virus > scanner. Don't all rush at once :-) I dl'ed Bitdefender, but it doesn't detect the eicar string, is that a feature ? Regards, Steffan From henker at SHCOM.US Thu May 15 17:13:42 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:06 2006 Subject: Bitdefender virus scanner In-Reply-To: References: Message-ID: On Thu, 15 May 2003, Raymond Dijkxhoorn wrote: > I tested with 100 new virusses, it detected 57 (!) even CLamAV got them > all. I dont wanna sound negative but these results are not even worth to > be listed as supported scanner :) OK, thanks for the info, I guess it doesn't make sense to use Bitdefender in addition to clamav then :) Regards, Steffan From steve.freegard at LBSLTD.CO.UK Thu May 15 17:13:38 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:06 2006 Subject: SAVI Library compliation errors RH8 Message-ID: <67D9E7698329D411936E00508B6590B90279386D@neelix.lbsltd.co.uk> Hi Richard, Although I haven't had the same problem - I did have problems with Perl-SAVI under RH9 which were cured by doing an 'export LD_ASSUME_KERNEL=2.2.5' and 'export LANG=en_GB' - and re-running ./configure; make; make test etc. - you could try this and see if that cures your problem. Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. _____ From: Lush, Richard [mailto:Richard.Lush@HP.COM] Sent: 15 May 2003 16:57 To: MAILSCANNER@JISCMAIL.AC.UK Hi All, I'm having some problems compiling the Sophos SAVI Library. I've followed the instructions but get an error when running make test: [root@marajade SAVI-Perl-0.15]# make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/use....Can't load '/tmp/SAVI-Perl-0.15/blib/arch/auto/SAVI/SAVI.so' for module SAVI: /tmp/SAVI-Perl-0.15/blib/arch/auto/SAVI/SAVI.so: undefined symbol: SOPHOS_CLSID_SAVI2 at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229. at t/use.t line 8 Compilation failed in require at t/use.t line 8. BEGIN failed--compilation aborted at t/use.t line 8. t/use....dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED test 1 Failed 1/1 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/use.t 255 65280 1 1 100.00% 1 Failed 1/1 test scripts, 0.00% okay. 1/1 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 Sophos is installed ok and indeed I have been using it on this box which is RH8.0. Any ideas? Thanks Richard Lush Consulting and Integration Security Practice Reading UK Email richard.lush@hp.com Mobile +44 (0) 7788 916941 Office +44 (0) 118 920 2349 Fax +44 (0) 118 920 4612 D I S C L A I M E R The information contained in this communication is intended solely for use by the individual or entity to whom it is addressed. Use of this communication by others is prohibited. HP is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt nor for any special, incidental or consequential damages of any nature whatsoever resulting from receipt or use of this communication. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return or destroy the original message. Thank you. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/c24056ff/attachment.html From mailscanner at ecs.soton.ac.uk Thu May 15 17:10:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin report In-Reply-To: Message-ID: <5.2.0.9.2.20030515171009.0475fba0@imap.ecs.soton.ac.uk> At 15:19 15/05/2003, you wrote: >Is there anyway to have MailScanner print the full spamassassin report. >Spamassassin ussually reports something like this if you want: >X-Spam-Report: 10.90 hits, 8 required; > * -0.7 -- BODY: Contains a tollfree number > * 2.9 -- BODY: Information on how to work at home (2) > * 2.1 -- BODY: Once in a lifetime, apparently > * 1.7 -- BODY: List removal information > * 1.0 -- BODY: Drastically Reduced > * 3.6 -- BODY: Spam phrases score is 21 to 34 (high) > [score: 22] > * 0.3 -- BODY: A WHOLE LINE OF YELLING DETECTED > >Is there anyway to have MailScanner include this ? No, not at the moment. MailScanner's reports are rather more succinct than this huge report (I didn't like the original SA reports, so I wrote my own). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 16:42:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: SpamAssassin score below 7? In-Reply-To: <3EC388CE.1010506@bangor.ac.uk> References: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> Message-ID: <5.2.0.9.2.20030515164112.0471a5e8@imap.ecs.soton.ac.uk> I was using 9 with SpamAssassin 2.43. After 2 weeks of experimentation with a group of users, I now use 6 with SpamAssassin 2.54. No false positives in those 2 weeks, which contained 10,000 or so messages. At 13:32 15/05/2003, you wrote: >ISP List wrote: >>Anyone doing a SpamAssassin score threshold below 7? Have any problems >>with false positives? > >I did a survey in March and reported: >------------ >OK - I had 12 responses (although one wasn't a direct response but >someone put the numbers in another message!) plus ourselves. > >Average ordinary threshold was 5.6 and average High score was 13.3. > >6 of the 13 are using 5 as the low score, we're now using 4.5 and the >lowest in standard use was 4.4 although someone said they used 4 >personally but 5 for everyone else. The highest lower threshold was 9. > >On the High SpamAssassin Score, a number of people either didn't use it >or left it at the default of 20. Just using the 6 who had changed the >value, the average was 10. > >To some extent experience of the values will vary depending on the >version of SpamAssassin in use. >----------- > >We're still using 4.5 and 10. We get some false positives on 4.5 and >have a web page for people to request whitelist entries. We striphtml >and 10 and I'm not aware of any fales positives at this level. These are >using SA2.53 and by the sound of things it would be worthwhile to move >to 2.54 since that appears to have incorporated at least one of the >tweaks I've found necessary! > >(Sorry this is late - regulars may have noticed I'm catching up on a >backlog!) > >Cheers, > >Martin > >-- >Martin Sapsed >Information Services "Who do you say I am?" >University of Wales, Bangor Jesus of Nazareth -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 17:18:02 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: spam score for each test in header In-Reply-To: <1802037522.1052996073@Callisto> References: Message-ID: <5.2.0.9.2.20030515171631.02e49ff8@imap.ecs.soton.ac.uk> Very good idea. No sooner said than done :-) X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT 1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) Does that look okay to you? I would like to keep the original sort order (alphabetical) to make the code simpler. I'll release something later this evening if you like. It will make it to the stable release at the start of June. At 15:54 15/05/2003, you wrote: >Actually, I have been thinking the same thing. Users would like to >know *which* rule added the most to the total score, or if there were >rules that subtracted off some point, it would be nice to know which >ones did that and by how much... Obviously, I have access to the rule >files and can look them up, but most cannot. > >If we had an option to turn on the score values in the header, it >would be quite useful! > >Scott > >--On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf > wrote: > >>I don't know whether this has been discussed before, but I am wondering >>how difficult would that be to put the score of each spam test in the >>X-MailScanner-Information header? >> >>e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; >>SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 >> >>Every now and then we have users who are suprised that a specific message >>has not been picked up as spam and we need to explain to them. Other less >>frequent situations are when we try to determine why a message is a false >>positive. We need to manually dig out the scores for each test and then >>see what would need changing. >> >>This is a feature I have seen with some commercial products, and it seems >>to be popular. >> >> >> >>Sylvain >> >>=========================================================== >>Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 >>Information Management Services Unit - Medical Sciences Division >>Oxford University | email : >>sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | >>fax : +44 (0) 1865 221322 Oxford OX3 9DU England >>=========================================================== > > > >-- >+-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >+-----------------------------------------------------------------------+ > PGP Public Key available at > http://www.cns.ohiou.edu/~sadkins/pgp/ -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Thu May 15 17:44:50 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:06 2006 Subject: Bounce que Message-ID: <002c01c31b01$4df9f550$6f01a8c0@Laptop1> I have set my spam configuration to bounce all spam. Unfortunately this hogs up my que since most spammers don't use real address (I was shocked to find out :-) ) Does anyone know of a automated way to flush these messages in sendmail? Sanjay K. Patel From rabollinger at ATTBI.COM Thu May 15 17:47:00 2003 From: rabollinger at ATTBI.COM (Richard Bollinger) Date: Thu Jan 12 21:18:06 2006 Subject: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` Message-ID: <01f801c31b01$9bd12c80$8b030180@elliottturbo.com> We've been using version MailScanner version 3 quite a while very successfully. I'm building a new mail server, so I'm loading up the latest stuff... but it doesn't quite seem to work: When I send an email through the server with the eicar.com test, I get these messages: May 15 12:06:35 mail MailScanner[27539]: MailScanner E-Mail Virus Scanner version 4.15-13 starting... May 15 12:06:35 mail MailScanner[27539]: Using locktype = flock May 15 12:07:05 mail MailScanner[27539]: New Batch: Scanning 1 messages, 1401 bytes May 15 12:07:05 mail MailScanner[27539]: Virus and Content Scanning: Starting May 15 12:07:05 mail MailScanner[27539]: McAfee said "/usr/local/MailScanner/var-4.15-13/incoming/27539/h4FG73Q27541/eicar.com" May 15 12:07:05 mail MailScanner[27539]: McAfee said " Found: EICAR test file NOT a virus." May 15 12:07:05 mail MailScanner[27539]: /usr/local/MailScanner/var-4.15-13/incoming/27539/h4FG73Q27541/eicar.com Found: EICAR test file NOT a virus. May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: McAfee found 1 infections May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: Found 1 viruses May 15 12:07:05 mail MailScanner[27539]: Uninfected: Delivered 1 messages And the "Uninfected" message is forwarded on to the recipient with the bad attachment intact and mail headers proclaiming that it was not infected! For this test, I temporarily took out the filename rule which would otherwise have excluded the .COM file extension. With it in place, MS does remove the offending file and report same to all. Here's all of the changes in my config file from the distribution: --- MailScanner.conf.FCS Sat Apr 26 14:27:54 2003 +++ MailScanner.conf Wed May 14 17:06:30 2003 @@ -69,18 +69,18 @@ # which can in turn contain wildcards. # Example: /opt/MailScanner/etc/mqueue.in.list.conf # -Incoming Queue Dir = /var/spool/mqueue.in +Incoming Queue Dir = /usr/local/mqueue.in # Set location of outgoing mail queue. # This can also be the filename of a ruleset. -Outgoing Queue Dir = /var/spool/mqueue +Outgoing Queue Dir = /usr/local/mqueue # Set where to unpack incoming messages before scanning them -Incoming Work Dir = /var/spool/MailScanner/incoming +Incoming Work Dir = /usr/local/MailScanner/var/incoming # Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset. -Quarantine Dir = /var/spool/MailScanner/quarantine +Quarantine Dir = /usr/local/MailScanner/var/quarantine # Set where to store the process id number so you can stop MailScanner PID file = /opt/MailScanner/var/MailScanner.pid @@ -201,7 +201,7 @@ # space-separated list of virus scanners. For example: # Virus Scanners = sophos f-prot mcafee # -Virus Scanners = none +Virus Scanners = mcafee # The maximum length of time the commercial virus scanner is allowed to run # for 1 batch of messages (in seconds). @@ -225,7 +225,7 @@ # 3) The recipient will not receive the message, # unless the "Still Deliver Silent Viruses" option is set # This can also be the filename of a ruleset. -Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar +Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar Fizzer Livra # Still deliver (after cleaning) messages that contained viruses listed # in the above option ("Silent Viruses") to the recipient? @@ -366,7 +366,7 @@ # Do you want to quarantine the original *entire* message as well as # just the infected attachments? # This can also be the filename of a ruleset. -Quarantine Whole Message = no +Quarantine Whole Message = yes # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or @@ -609,7 +609,7 @@ # When a virus or attachment is replaced by a plain-text warning, # should the warning be in an attachment? If "no" then it will be # placed in-line. This can also be the filename of a ruleset. -Warning Is Attachment = yes +Warning Is Attachment = no # When a virus or attachment is replaced by a plain-text warning, # and that warning is an attachment, this is the filename of the @@ -655,7 +655,7 @@ # Include the full headers of each message in the notices sent to the local # system administrators? # This can also be the filename of a ruleset. -Notices Include Full Headers = no +Notices Include Full Headers = yes # Hide the directory path from all the system administrator notices. # The extra directory paths give away information about your setup, and @@ -674,12 +674,12 @@ # Where to send the notices. # This can also be the filename of a ruleset. -Notices To = postmaster +Notices To = virusmaster@elliott-turbo.com # Address of the local Postmaster, which is used as the "From" address in # virus warnings sent to users. # This can also be the filename of a ruleset. -Local Postmaster = postmaster +Local Postmaster = virusmaster@elliott-turbo.com # # Spam Detection and Virus Scanner Definitions From steve.freegard at LBSLTD.CO.UK Thu May 15 17:35:40 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:06 2006 Subject: Message Batches Message-ID: <67D9E7698329D411936E00508B6590B9027738C3@neelix.lbsltd.co.uk> Hi All, I've been running MailScanner site-wide for 8 days now, with huge success - however I've had a strange problem today. I had a problem with the update-virus-scanners script (which I'm still looking into) which resulted in a queue of around 50 messages waiting in /var/spool/mqueue.in. Once I'd sorted the problem, I restarted MailScanner which started processing the queue - however I noticed that it was taking a long time to process this backlog (with new messages going through straight away), upon investigation by doing a 'fuser *' in /var/spool/mqueue.in, I realised that one of the MailScanner children had picked up all 50+ messages and was running them through the various SA tests, RBL, Bayes etc. which took a while. It got me thinking - would it not be more efficient for each child to work to the batch size using the following: total messages in queue/max number of children = batch size per child - which would clear the queue more efficiently??? Or - do I have something incorretly configured?? - I'm running MS 4.20-3 + SA 2.54 on RedHat 9 + Sendmail. TIA, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From avi at CAXTONRVH.COM Thu May 15 17:45:29 2003 From: avi at CAXTONRVH.COM (Avi Levin) Date: Thu Jan 12 21:18:06 2006 Subject: IP address of spam Message-ID: The IP address identified by Mailscanner (4.14-9) in the log seems to be the last host that handed off the message to my SMTP server. In other words, the first "Received:" line in the envelope of each message. The problem I'm seeing with this, is that if I use Checkpoint's FW-1 SMTP proxy, or any other internal scanners, then MailScanner's reported IP address is no longer that of the actual sender. Shouldn't the sender's IP address be the one that's identified on the "Received: " header that immediately preceeds the "Message-ID:" and "From:" lines? And finally, which address is used for RBL and other list checks? Please let me know if you've got any insights into this. Thanks. ---Avi--- From m.sapsed at BANGOR.AC.UK Thu May 15 17:40:12 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:06 2006 Subject: spam score for each test in header References: <5.2.0.9.2.20030515171631.02e49ff8@imap.ecs.soton.ac.uk> Message-ID: <3EC3C2EC.6040507@bangor.ac.uk> Julian Field wrote: > Very good idea. No sooner said than done :-) > > X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, > DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT > 1.50, > INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, > ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) > > Does that look okay to you? Brilliant - top man! I thought I'd seen someone ask for that a while back and been told it was too tricky - obviously something different. > I would like to keep the original sort order (alphabetical) to make the > code simpler. I suppose we could let you off with that - everyone agreed? ;-) > I'll release something later this evening if you like. It will make it to > the stable release at the start of June. Don't know how you do all this and a support job in a Uni which is doubtless as understaffed as our's! Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From sevans at FOUNDATION.SDSU.EDU Thu May 15 18:13:58 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin 2.54 released Message-ID: The DCC website says: By default, DCC clients send to UDP port 6277 from an anonymous port. Thus, it is sufficient to open a firewall for clients to outgoing UDP packets to port 6277 and incoming packets from port 6277. The server goes to some lengths to try to respond from the same IP address at which it received a client's request. Could someone dicpher that for me. The 6277 incoming isn't initatiated by an outside source right? On a stateful firewall I only need to allow 6277 out correct. Steve Evans SDSU Foundation (619) 594-0653 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, May 13, 2003 3:32 PM To: MAILSCANNER@JISCMAIL.AC.UK At 23:18 13/05/2003, you wrote: >Hi! > > > >I am currently running roughly 60,000 messages through 2.54, and > > >will then do 2.53, to see what the spam score distribution looks > > >like. This will > tell > > >us if it will detect more spam, and whether you need to move your > threshold > > >score. Will post later when I have some results. > > > Attached is a gif of the distribution of spam scores you get with my > > 60,000 message test set. > > Basically it generates a lot less "<=0" values and a lots more 1, 2 > > and 3 values to compensate. Once you get up to 5 or so, the > > differences between the 2.53 and 2.54 are pretty minimal. > >Nice graphs. > >I have upgraded to 2.54 on my boxes, and also installed Razor2. If i >have time i will have an eye on DCC and Pyzor... Razor2 took up several >hits allready, so is looking like a quick win. I haven't tried Pyzor yet, but dcc is dead easy to install. Type "dcc" into Google, and click on the 2nd hit. Click on the version number at the top of the web page. Save that on your mail server. Unpack it and cd into it. ./configure make make install Edit /etc/MailScanner/spam.assassin.prefs.conf, remove the "DCC" line in there altogether and put in dcc_path /usr/local/bin/dccproc Then restart MailScanner. That's it. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From jase at SENSIS.COM Thu May 15 18:02:39 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:06 2006 Subject: IP address of spam Message-ID: This is one reason to let SpamAssassin do the RBL checks instead of MailScanner. I believe that SpamAssassin will check all of the Received header. Also, I would think that the Received header that immediately precedes the Message-Id and From headers could easily be spoofed by a spammer, so you really can't trust it. Jason > -----Original Message----- > From: Avi Levin [mailto:avi@CAXTONRVH.COM] > Sent: Thursday, May 15, 2003 12:45 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] IP address of spam > > > The IP address identified by Mailscanner (4.14-9) in the log > seems to be the > last host that handed off the message to my SMTP server. In > other words, > the first "Received:" line in the envelope of each message. > > The problem I'm seeing with this, is that if I use > Checkpoint's FW-1 SMTP > proxy, or any other internal scanners, then MailScanner's reported IP > address is no longer that of the actual sender. > > Shouldn't the sender's IP address be the one that's identified on the > "Received: " header that immediately preceeds the > "Message-ID:" and "From:" > lines? > > And finally, which address is used for RBL and other list checks? > > Please let me know if you've got any insights into this. > > Thanks. > ---Avi--- > From mike at CAMAROSS.NET Thu May 15 18:29:14 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:06 2006 Subject: Message Batches In-Reply-To: <67D9E7698329D411936E00508B6590B9027738C3@neelix.lbsltd.co.uk> Message-ID: <003801c31b07$81cf18a0$a91cbdcf@home.middlefinger.net> I really wouldn't worry about it too much. I've had 800+ messages in my queue and they all get processed in due time. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Freegard > Sent: Thursday, May 15, 2003 11:36 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Message Batches > > > Hi All, > > I've been running MailScanner site-wide for 8 days now, with > huge success - however I've had a strange problem today. > > I had a problem with the update-virus-scanners script (which > I'm still looking into) which resulted in a queue of around > 50 messages waiting in /var/spool/mqueue.in. > > Once I'd sorted the problem, I restarted MailScanner which > started processing the queue - however I noticed that it was > taking a long time to process this backlog (with new messages > going through straight away), upon investigation by doing a > 'fuser *' in /var/spool/mqueue.in, I realised that one of the > MailScanner children had picked up all 50+ messages and was > running them through the various SA tests, RBL, Bayes etc. > which took a while. > > It got me thinking - would it not be more efficient for each > child to work to the batch size using the following: total > messages in queue/max number of children = batch size per > child - which would clear the queue more efficiently??? > > Or - do I have something incorretly configured?? - I'm > running MS 4.20-3 + SA 2.54 on RedHat 9 + Sendmail. > > TIA, > Steve. > -- > Steve Freegard > Systems Manager > Littlehampton Book Services Ltd. > > -- > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the sender and delete the message from > your mailbox. > > This footnote also confirms that this email message has been > swept by MailScanner (www.mailscanner.info) for the presence > of computer viruses. > From ernest at OACYS.COM Thu May 15 18:28:37 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:06 2006 Subject: Message Batches In-Reply-To: <003801c31b07$81cf18a0$a91cbdcf@home.middlefinger.net> References: <67D9E7698329D411936E00508B6590B9027738C3@neelix.lbsltd.co.uk> Message-ID: <5.2.0.9.2.20030515102758.01e06b20@mail.oacys.com> At 12:29 PM 5/15/2003 -0500, you wrote: >I really wouldn't worry about it too much. I've had 800+ messages in my queue >and they all get processed in due time. What kind of delays are you seeing with that kind of load (and on what machine)? --Ernest From jase at SENSIS.COM Thu May 15 18:42:02 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin 2.54 released Message-ID: > > The DCC website says: > > By default, DCC clients send to UDP port 6277 from an anonymous port. > Thus, it is sufficient to open a firewall for clients to outgoing UDP > packets to port 6277 and incoming packets from port 6277. The server > goes to some lengths to try to respond from the same IP > address at which > it received a client's request. > > Could someone dicpher that for me. The 6277 incoming isn't > initatiated > by an outside source right? On a stateful firewall I only > need to allow > 6277 out correct. > That sounds correct to me. But I have seen some responses (I think they were from DCC) not come from port 6277. They just get blocked by my firewall. On my stateful firewall, I have allowed udp out to port 6277. Jason From mike at CAMAROSS.NET Thu May 15 18:50:35 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin string In-Reply-To: <1052940606.5370.14.camel@george.digisilk.net> Message-ID: <003a01c31b0a$7d2a8f70$a91cbdcf@home.middlefinger.net> mv'ing languages.conf.rpmnew to languages.conf resolves this problem as well. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sean Closson > Sent: Wednesday, May 14, 2003 2:30 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: spamassassin string > > > Just in case anyone encounters this issue, I thought I'd send > this out. > > I was seeing some warnings in my maillog about looking up a > string ("Looked up unknown string spamassassin in language > translation file > /etc/MailScanner/reports/en/languages.conf") > > I just added a line to the languages.conf file that reads > "spamassassin = SpamAssassin" and restarted MailScanner to > resolve the problem. > > Apologies if this is old news or not applicable to most people. > From mike at CAMAROSS.NET Thu May 15 18:51:23 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:06 2006 Subject: Message Batches In-Reply-To: <5.2.0.9.2.20030515102758.01e06b20@mail.oacys.com> Message-ID: <003b01c31b0a$99a20160$a91cbdcf@home.middlefinger.net> It could take up to 5 minutes or so. This is on a Proliant 1850R dual 600Mhz with a gig of RAM. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ernest W. Lessenger > Sent: Thursday, May 15, 2003 12:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Message Batches > > > At 12:29 PM 5/15/2003 -0500, you wrote: > >I really wouldn't worry about it too much. I've had 800+ > messages in > >my queue and they all get processed in due time. > > What kind of delays are you seeing with that kind of load > (and on what machine)? > > --Ernest > From jaearick at COLBY.EDU Thu May 15 18:52:27 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:06 2006 Subject: SpamAssassin score below 7? In-Reply-To: <3EC388CE.1010506@bangor.ac.uk> References: <5.1.1.6.2.20030502141552.03523e68@securemail.tulsaconnect.com> <3EC388CE.1010506@bangor.ac.uk> Message-ID: Hi, I currently run: Required SpamAssassin Score = 4 High SpamAssassin Score = 9 with SA 2.54 and razor2. In initial testing with a high score of 8, I had one false positive out of several hundred messages, like an 8.1, so I set the high score to 9. --- Jeff From mailscanner at ecs.soton.ac.uk Thu May 15 18:49:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: Message Batches In-Reply-To: <67D9E7698329D411936E00508B6590B9027738C3@neelix.lbsltd.co. uk> Message-ID: <5.2.1.1.2.20030515184503.0256c5f8@imap.ecs.soton.ac.uk> At 17:35 15/05/2003, you wrote: >It got me thinking - would it not be more efficient for each child to work >to the batch size using the following: total messages in queue/max number >of children = batch size per child - which would clear the queue more >efficiently??? At the moment, any child takes as many messages as it can up to the limits set in the batch size parameters. Counting the total number of messages that *can* be scanned is actually quite an expensive operation. At the moment it only has to be done once as messages are date-sorted then put in the batch. The file-locking operation only has to be done once. Changing to the method you suggest could only be done by adding them all to the batch and then by removing all the excess ones you don't want. Which means you need to remember what order they were added. Possible, but messy. >Or - do I have something incorretly configured?? - I'm running MS 4.20-3 + >SA 2.54 on RedHat 9 + Sendmail. > >TIA, >Steve. >-- >Steve Freegard >Systems Manager >Littlehampton Book Services Ltd. > >-- >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the sender and delete the message from your mailbox. > >This footnote also confirms that this email message has been swept by >MailScanner (www.mailscanner.info) for the presence of computer viruses. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 18:40:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: Bitdefender virus scanner In-Reply-To: References: Message-ID: <5.2.1.1.2.20030515183909.02564a20@imap.ecs.soton.ac.uk> At 16:58 15/05/2003, you wrote: >Hi! > > > > I have just put up 4.21-5 incorporating support for the "Bitdefender" > virus > > > scanner. Don't all rush at once :-) > > > I dl'ed Bitdefender, but it doesn't detect the eicar string, is that a > > feature ? > >I tested with 100 new virusses, it detected 57 (!) even CLamAV got them >all. I dont wanna sound negative but these results are not even worth to >be listed as supported scanner :) That's pretty useless isn't it. Fortunately it was very simple to support. It's free, but not worth the bother. I can't see how the updates might work either, it might just be that we've all got a very old one without any updates. But without a way of getting updates, that doesn't exactly help very much, does it? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 18:59:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` In-Reply-To: <01f801c31b01$9bd12c80$8b030180@elliottturbo.com> Message-ID: <5.2.1.1.2.20030515185638.025b1ce0@imap.ecs.soton.ac.uk> At 17:47 15/05/2003, you wrote: >We've been using version MailScanner version 3 quite a while very >successfully. I'm building a new >mail server, so I'm loading up the latest stuff... but it doesn't quite >seem to work: > >When I send an email through the server with the eicar.com test, I get >these messages: > >May 15 12:06:35 mail MailScanner[27539]: MailScanner E-Mail Virus Scanner >version 4.15-13 >starting... >May 15 12:06:35 mail MailScanner[27539]: Using locktype = flock >May 15 12:07:05 mail MailScanner[27539]: New Batch: Scanning 1 messages, >1401 bytes >May 15 12:07:05 mail MailScanner[27539]: Virus and Content Scanning: Starting >May 15 12:07:05 mail MailScanner[27539]: McAfee said >"/usr/local/MailScanner/var-4.15-13/incoming/27539/h4FG73Q27541/eicar.com" >May 15 12:07:05 mail MailScanner[27539]: McAfee said " Found: EICAR >test file NOT a virus." >May 15 12:07:05 mail MailScanner[27539]: >/usr/local/MailScanner/var-4.15-13/incoming/27539/h4FG73Q27541/eicar.com >Found: EICAR test >file NOT a virus. >May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: McAfee found 1 >infections >May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: Found 1 viruses >May 15 12:07:05 mail MailScanner[27539]: Uninfected: Delivered 1 messages > >And the "Uninfected" message is forwarded on to the recipient with the bad >attachment intact and >mail headers proclaiming that it was not infected! The path to the MailScanner "incoming" directory must be the *real* path, not a path including links. Otherwise it cannot parse the McAfee output as it doesn't know what directories to strip off the front of the report. It's in the comments in the MailScanner.conf file: # Note for McAfee users: do not use any symlinks with McAfee at all. It is # very strange but may not detect all viruses when # started from a symlink or scanning a directory path # including symlinks. >For this test, I temporarily took out the filename rule which would >otherwise have excluded the .COM >file extension. With it in place, MS does remove the offending file and >report same to all. > >Here's all of the changes in my config file from the distribution: >--- MailScanner.conf.FCS Sat Apr 26 14:27:54 2003 >+++ MailScanner.conf Wed May 14 17:06:30 2003 >@@ -69,18 +69,18 @@ > # which can in turn contain wildcards. > # Example: /opt/MailScanner/etc/mqueue.in.list.conf > # >-Incoming Queue Dir = /var/spool/mqueue.in >+Incoming Queue Dir = /usr/local/mqueue.in > > # Set location of outgoing mail queue. > # This can also be the filename of a ruleset. >-Outgoing Queue Dir = /var/spool/mqueue >+Outgoing Queue Dir = /usr/local/mqueue > > # Set where to unpack incoming messages before scanning them >-Incoming Work Dir = /var/spool/MailScanner/incoming >+Incoming Work Dir = /usr/local/MailScanner/var/incoming That should be "/usr/local/MailScanner/var-4.15-13/incoming". > # Set where to store infected and message attachments (if they are kept) > # This can also be the filename of a ruleset. >-Quarantine Dir = /var/spool/MailScanner/quarantine >+Quarantine Dir = /usr/local/MailScanner/var/quarantine > > # Set where to store the process id number so you can stop MailScanner > PID file = /opt/MailScanner/var/MailScanner.pid >@@ -201,7 +201,7 @@ > # space-separated list of virus scanners. For example: > # Virus Scanners = sophos f-prot mcafee > # >-Virus Scanners = none >+Virus Scanners = mcafee > > # The maximum length of time the commercial virus scanner is allowed to run > # for 1 batch of messages (in seconds). >@@ -225,7 +225,7 @@ > # 3) The recipient will not receive the message, > # unless the "Still Deliver Silent Viruses" option is set > # This can also be the filename of a ruleset. >-Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar >+Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar Fizzer Livra > > # Still deliver (after cleaning) messages that contained viruses listed > # in the above option ("Silent Viruses") to the recipient? >@@ -366,7 +366,7 @@ > # Do you want to quarantine the original *entire* message as well as > # just the infected attachments? > # This can also be the filename of a ruleset. >-Quarantine Whole Message = no >+Quarantine Whole Message = yes > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or >@@ -609,7 +609,7 @@ > # When a virus or attachment is replaced by a plain-text warning, > # should the warning be in an attachment? If "no" then it will be > # placed in-line. This can also be the filename of a ruleset. >-Warning Is Attachment = yes >+Warning Is Attachment = no > > # When a virus or attachment is replaced by a plain-text warning, > # and that warning is an attachment, this is the filename of the >@@ -655,7 +655,7 @@ > # Include the full headers of each message in the notices sent to the local > # system administrators? > # This can also be the filename of a ruleset. >-Notices Include Full Headers = no >+Notices Include Full Headers = yes > > # Hide the directory path from all the system administrator notices. > # The extra directory paths give away information about your setup, and >@@ -674,12 +674,12 @@ > > # Where to send the notices. > # This can also be the filename of a ruleset. >-Notices To = postmaster >+Notices To = virusmaster@elliott-turbo.com > > # Address of the local Postmaster, which is used as the "From" address in > # virus warnings sent to users. > # This can also be the filename of a ruleset. >-Local Postmaster = postmaster >+Local Postmaster = virusmaster@elliott-turbo.com > > # > # Spam Detection and Virus Scanner Definitions -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 18:54:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: spam score for each test in header In-Reply-To: <3EC3C2EC.6040507@bangor.ac.uk> References: <5.2.0.9.2.20030515171631.02e49ff8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030515185032.025cb5a0@imap.ecs.soton.ac.uk> At 17:40 15/05/2003, you wrote: >Don't know how you do all this and a support job in a Uni which is >doubtless as understaffed as our's! That's an easy one. Most people think they need to do everything themselves or someone will realise they don't do anything. I have 3 very good guys working for me, and I delegate absolutely everything I possibly can. They may not always do stuff the way I would have done it, but the results are always perfectly good so I leave them to get on with it. The only problem is letting them go on holiday. One of my best guys is off 2 weeks out of the next 3. I'm going to be completely swamped without him for 2 weeks :( Oh, and they aren't allowed to get sick. Flu jabs are compulsory :-) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From shawn at ADVANCEDMANAGED.COM Thu May 15 19:03:28 2003 From: shawn at ADVANCEDMANAGED.COM (shawn) Date: Thu Jan 12 21:18:06 2006 Subject: rav av Message-ID: <00d301c31b0c$49e04d60$300ff13f@pong> I was looking at all the different av packages. Right now I am using an eval of Rav for postfix (haven't installed mailscanner yet). I noticed some of you on this list using Rav. Which version are you using with mailscanner - desktop, server, smtp? thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/74c3a4c9/attachment.html From kevins at BMRB.CO.UK Thu May 15 19:17:33 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin 2.54 released In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011753F6@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011753F6@pascal.priv.bmrb.co.uk> Message-ID: <1053022653.15125.9.camel@bach.kevinspicer.co.uk> > On my stateful firewall, I have allowed udp out to port 6277. That works for me too. In case anyones interested you may also need to open tcp 2703 and tcp 7 for razor, as well as udp 24441 for pyzor. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Thu May 15 19:18:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: rav av In-Reply-To: <00d301c31b0c$49e04d60$300ff13f@pong> Message-ID: <5.2.1.1.2.20030515191748.0271be90@imap.ecs.soton.ac.uk> At 19:03 15/05/2003, you wrote: >I was looking at all the different av packages. Right now I am using an >eval of Rav for postfix (havent installed mailscanner yet). I noticed >some of you on this list using Rav. Which version are you using with >mailscanner desktop, server, smtp? You just need the command-line scanner. I suspect that the desktop one will do. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From robbyv at DISASTER.COM Thu May 15 19:15:14 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin report In-Reply-To: <5.2.0.9.2.20030515171009.0475fba0@imap.ecs.soton.ac.uk> References: Message-ID: <5.2.1.1.2.20030515141422.01199c80@mailhost.disaster.com> True I guess but they where helpful with a web app i wrote. It read through the spam report and let the user know why it was rejected. Guess I can come up with some sort of translator for your report. At 05:10 PM 5/15/2003 +0100, you wrote: >At 15:19 15/05/2003, you wrote: >>Is there anyway to have MailScanner print the full spamassassin report. >>Spamassassin ussually reports something like this if you want: >>X-Spam-Report: 10.90 hits, 8 required; >> * -0.7 -- BODY: Contains a tollfree number >> * 2.9 -- BODY: Information on how to work at home (2) >> * 2.1 -- BODY: Once in a lifetime, apparently >> * 1.7 -- BODY: List removal information >> * 1.0 -- BODY: Drastically Reduced >> * 3.6 -- BODY: Spam phrases score is 21 to 34 (high) >> [score: 22] >> * 0.3 -- BODY: A WHOLE LINE OF YELLING DETECTED >> >>Is there anyway to have MailScanner include this ? > >No, not at the moment. MailScanner's reports are rather more succinct than >this huge report (I didn't like the original SA reports, so I wrote my own). >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support Rob Vicchiullo robv@disaster.com http://www.disaster.com (518) 218-0900 From adkinss at OHIO.EDU Thu May 15 19:19:42 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:18:06 2006 Subject: spam score for each test in header In-Reply-To: <5.2.0.9.2.20030515171631.02e49ff8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030515171631.02e49ff8@imap.ecs.soton.ac.uk> Message-ID: <1814346692.1053008382@Callisto> That looks great! :) Would it be possible for you to post a patch that implements just the following? We aren't ready to upgrade to the latest version of MS until we can fully test it (using Sophos SAVI, etc). But the change below would easily be testable and implementable in the short run :-) Scott --On Thursday, May 15, 2003 5:18 PM +0100 Julian Field wrote: > Very good idea. No sooner said than done :-) > > X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, > DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT > 1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, > ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) > > Does that look okay to you? > I would like to keep the original sort order (alphabetical) to make the > code simpler. > > I'll release something later this evening if you like. It will make it to > the stable release at the start of June. > > At 15:54 15/05/2003, you wrote: >> Actually, I have been thinking the same thing. Users would like to >> know *which* rule added the most to the total score, or if there were >> rules that subtracted off some point, it would be nice to know which >> ones did that and by how much... Obviously, I have access to the rule >> files and can look them up, but most cannot. >> >> If we had an option to turn on the score values in the header, it >> would be quite useful! >> >> Scott >> >> --On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf >> wrote: >> >>> I don't know whether this has been discussed before, but I am wondering >>> how difficult would that be to put the score of each spam test in the >>> X-MailScanner-Information header? >>> >>> e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; >>> SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 >>> >>> Every now and then we have users who are suprised that a specific >>> message has not been picked up as spam and we need to explain to them. >>> Other less frequent situations are when we try to determine why a >>> message is a false positive. We need to manually dig out the scores for >>> each test and then see what would need changing. >>> >>> This is a feature I have seen with some commercial products, and it >>> seems to be popular. >>> >>> >>> >>> Sylvain >>> >>> =========================================================== >>> Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 >>> Information Management Services Unit - Medical Sciences Division >>> Oxford University | email : >>> sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | >>> fax : +44 (0) 1865 221322 Oxford OX3 9DU England >>> =========================================================== >> >> >> >> -- >> +-----------------------------------------------------------------------+ >> Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ >> UNIX Systems Engineer mailto:adkinss@ohio.edu >> ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >> +-----------------------------------------------------------------------+ >> PGP Public Key available at >> http://www.cns.ohiou.edu/~sadkins/pgp/ > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/bfa40196/attachment.bin From Phil.Leonard at DSIONLINE.COM Thu May 15 19:30:21 2003 From: Phil.Leonard at DSIONLINE.COM (Leonard, Phil) Date: Thu Jan 12 21:18:06 2006 Subject: AVG AV Message-ID: What about AVG AntiVirus http://www.grisoft.com/html ? Any chance of it being included at some time? I've been using it at the desktop level and it seems to work very well. Philip From rabollinger at ATTBI.COM Thu May 15 19:29:32 2003 From: rabollinger at ATTBI.COM (Richard Bollinger) Date: Thu Jan 12 21:18:06 2006 Subject: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` References: <5.2.1.1.2.20030515185638.025b1ce0@imap.ecs.soton.ac.uk> Message-ID: <029101c31b0f$ee06fa80$8b030180@elliottturbo.com> Thanks! It was DejaVu all over again, as I made a similar mistake in my first MS install, long ago. *blush* ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, May 15, 2003 1:59 PM Subject: Re: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` > At 17:47 15/05/2003, you wrote: > The path to the MailScanner "incoming" directory must be the *real* path, > not a path including links. Otherwise it cannot parse the McAfee output as > it doesn't know what directories to strip off the front of the report. > > It's in the comments in the MailScanner.conf file: > > # Note for McAfee users: do not use any symlinks with McAfee at all. It is > # very strange but may not detect all viruses when > # started from a symlink or scanning a directory path > # including symlinks. > > That should be "/usr/local/MailScanner/var-4.15-13/incoming". > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From Phil.Leonard at DSIONLINE.COM Thu May 15 19:32:33 2003 From: Phil.Leonard at DSIONLINE.COM (Leonard, Phil) Date: Thu Jan 12 21:18:06 2006 Subject: AVG AV Message-ID: Oops that's http://www.grisoft.com (without the /html on the end). Sorry. -----Original Message----- From: Leonard, Phil Sent: Thursday, May 15, 2003 1:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: AVG AV What about AVG AntiVirus http://www.grisoft.com/html ? Any chance of it being included at some time? I've been using it at the desktop level and it seems to work very well. Philip From Phil.Leonard at DSIONLINE.COM Thu May 15 19:35:08 2003 From: Phil.Leonard at DSIONLINE.COM (Leonard, Phil) Date: Thu Jan 12 21:18:06 2006 Subject: AVG AV Message-ID: Never mind. They don't appear to have a linux/unix version. -----Original Message----- From: Leonard, Phil Sent: Thursday, May 15, 2003 1:33 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: AVG AV Oops that's http://www.grisoft.com (without the /html on the end). Sorry. -----Original Message----- From: Leonard, Phil Sent: Thursday, May 15, 2003 1:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: AVG AV What about AVG AntiVirus http://www.grisoft.com/html ? Any chance of it being included at some time? I've been using it at the desktop level and it seems to work very well. Philip From brent at WHITE-DEV.QUATRO.COM Thu May 15 19:37:16 2003 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:18:06 2006 Subject: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` In-Reply-To: <5.2.1.1.2.20030515185638.025b1ce0@imap.ecs.soton.ac.uk> Message-ID: <200305151839.h4FIdvD04285@white-dev.quatro.com> Is there a similar option to remove the trailing folder from a f-prot report? "Report: /var/spool/MailScanner/incoming/16812/./h4FI3NQ17326/FOLLOWUP.pif Infection: W32/Fizzer.A" Only the portion after the dot is shown in sophos reports. Also I had brought up in the past the ability to set blacklisted items to the highscore value so that they would be treated like highscore spam, any chance of that option in the next stable release? Brent >file NOT a virus. >May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: McAfee found 1 >infections >May 15 12:07:05 mail MailScanner[27539]: Virus Scanning: Found 1 viruses >May 15 12:07:05 mail MailScanner[27539]: Uninfected: Delivered 1 messages > >And the "Uninfected" message is forwarded on to the recipient with the bad >attachment intact and >mail headers proclaiming that it was not infected! > >The path to the MailScanner "incoming" directory must be the *real* path, >not a path including links. Otherwise it cannot parse the McAfee output as >it doesn't know what directories to strip off the front of the report. > >It's in the comments in the MailScanner.conf file: > ># Note for McAfee users: do not use any symlinks with McAfee at all. It is ># very strange but may not detect all viruses when ># started from a symlink or scanning a directory >path ># including symlinks. From dbird at SGHMS.AC.UK Thu May 15 19:39:24 2003 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:18:06 2006 Subject: AVG AV References: Message-ID: <3EC3DEDC.6030704@sghms.ac.uk> Leonard, Phil wrote: >What about AVG AntiVirus http://www.grisoft.com/html ? Any chance of it being included at some time? I've been using it at the desktop level and it seems to work very well. > >Philip > > looks like they don't do a version for ANY flavor of Unix, so I very much doubt it.... :-) > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Mailscanner thanks transtec Computers for their support. From jase at SENSIS.COM Thu May 15 19:42:49 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin 2.54 released Message-ID: > > > On my stateful firewall, I have allowed udp out to port 6277. > > That works for me too. > > In case anyones interested you may also need to open tcp 2703 > and tcp 7 > for razor, as well as udp 24441 for pyzor. Fwiw, I only opened tcp 2703 for Razor2 and it is working. And I agree with udp 24441 for pyzor. Jason From mailscanner at ecs.soton.ac.uk Thu May 15 19:46:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` In-Reply-To: <200305151839.h4FIdvD04285@white-dev.quatro.com> References: <5.2.1.1.2.20030515185638.025b1ce0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030515194556.0258fa80@imap.ecs.soton.ac.uk> At 19:37 15/05/2003, you wrote: >Is there a similar option to remove the trailing folder from a f-prot >report? >"Report: /var/spool/MailScanner/incoming/16812/./h4FI3NQ17326/FOLLOWUP.pif >Infection: W32/Fizzer.A" > > >Only the portion after the dot is shown in sophos reports. See this option: # Hide the directory path from all virus scanner reports sent to users. # The extra directory paths give away information about your setup, and # tend to just confuse users. # This can also be the filename of a ruleset. Hide Incoming Work Dir = yes >Also I had brought up in the past the ability to set blacklisted items to >the highscore value so that they would be treated like highscore spam, any >chance of that option in the next stable release? If some other people want it too.... -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 19:41:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:06 2006 Subject: spam score for each test in header In-Reply-To: <1814346692.1053008382@Callisto> References: <5.2.0.9.2.20030515171631.02e49ff8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030515171631.02e49ff8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030515194031.02745620@imap.ecs.soton.ac.uk> 3 patches attached. At 19:19 15/05/2003, you wrote: >That looks great! :) > >Would it be possible for you to post a patch that implements just the >following? We aren't ready to upgrade to the latest version of MS until >we can fully test it (using Sophos SAVI, etc). But the change below >would easily be testable and implementable in the short run :-) > >Scott > >--On Thursday, May 15, 2003 5:18 PM +0100 Julian Field > wrote: > >>Very good idea. No sooner said than done :-) >> >>X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, >> DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT >>1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, >> ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) >> >>Does that look okay to you? >>I would like to keep the original sort order (alphabetical) to make the >>code simpler. >> >>I'll release something later this evening if you like. It will make it to >>the stable release at the start of June. >> >>At 15:54 15/05/2003, you wrote: >>>Actually, I have been thinking the same thing. Users would like to >>>know *which* rule added the most to the total score, or if there were >>>rules that subtracted off some point, it would be nice to know which >>>ones did that and by how much... Obviously, I have access to the rule >>>files and can look them up, but most cannot. >>> >>>If we had an option to turn on the score values in the header, it >>>would be quite useful! >>> >>>Scott >>> >>>--On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf >>> wrote: >>> >>>>I don't know whether this has been discussed before, but I am wondering >>>>how difficult would that be to put the score of each spam test in the >>>>X-MailScanner-Information header? >>>> >>>>e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; >>>>SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 >>>> >>>>Every now and then we have users who are suprised that a specific >>>>message has not been picked up as spam and we need to explain to them. >>>>Other less frequent situations are when we try to determine why a >>>>message is a false positive. We need to manually dig out the scores for >>>>each test and then see what would need changing. >>>> >>>>This is a feature I have seen with some commercial products, and it >>>>seems to be popular. >>>> >>>> >>>> >>>>Sylvain >>>> >>>>=========================================================== >>>>Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 >>>>Information Management Services Unit - Medical Sciences Division >>>>Oxford University | email : >>>>sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | >>>>fax : +44 (0) 1865 221322 Oxford OX3 9DU England >>>>=========================================================== >>> >>> >>> >>>-- >>>+-----------------------------------------------------------------------+ >>> Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ >>> UNIX Systems Engineer mailto:adkinss@ohio.edu >>> ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >>>+-----------------------------------------------------------------------+ >>> PGP Public Key available at >>>http://www.cns.ohiou.edu/~sadkins/pgp/ >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > > > >-- >+-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >+-----------------------------------------------------------------------+ > PGP Public Key available at > http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: SA.pm.patch Type: application/octet-stream Size: 1293 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/8b33aa3f/SA.pm.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: ConfigDefs.pl.patch Type: application/octet-stream Size: 643 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/8b33aa3f/ConfigDefs.pl.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.conf.patch Type: application/octet-stream Size: 580 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/8b33aa3f/MailScanner.conf.obj -------------- next part -------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From brent at WHITE-DEV.QUATRO.COM Thu May 15 19:52:29 2003 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:18:06 2006 Subject: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` In-Reply-To: <5.2.1.1.2.20030515194556.0258fa80@imap.ecs.soton.ac.uk> Message-ID: <200305151855.h4FItAD04808@white-dev.quatro.com> "#Hide the directory path from all virus scanner reports sent to users. Hide Incoming Work Dir = yes" I have that set, it doesn't remove it in the administrative email like when from sophos instead of f-prot. B -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 15, 2003 2:47 PM To: MAILSCANNER@JISCMAIL.AC.UK At 19:37 15/05/2003, you wrote: >Is there a similar option to remove the trailing folder from a f-prot >report? >"Report: /var/spool/MailScanner/incoming/16812/./h4FI3NQ17326/FOLLOWUP.pif >Infection: W32/Fizzer.A" > > >Only the portion after the dot is shown in sophos reports. See this option: # Hide the directory path from all virus scanner reports sent to users. # The extra directory paths give away information about your setup, and # tend to just confuse users. # This can also be the filename of a ruleset. Hide Incoming Work Dir = yes >Also I had brought up in the past the ability to set blacklisted items to >the highscore value so that they would be treated like highscore spam, any >chance of that option in the next stable release? If some other people want it too.... -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Thu May 15 19:51:52 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:06 2006 Subject: Message Batches In-Reply-To: <5.2.1.1.2.20030515184503.0256c5f8@imap.ecs.soton.ac.uk> Message-ID: Hi! > At the moment, any child takes as many messages as it can up to the limits > set in the batch size parameters. > Counting the total number of messages that *can* be scanned is actually > quite an expensive operation. At the moment it only has to be done once as > messages are date-sorted then put in the batch. The file-locking operation > only has to be done once. On a busy system this is something you definately wont do ... Bye, Raymond From kevins at BMRB.CO.UK Thu May 15 19:55:00 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:06 2006 Subject: spamassassin 2.54 released In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175409@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175409@pascal.priv.bmrb.co.uk> Message-ID: <1053024900.15125.12.camel@bach.kevinspicer.co.uk> > Fwiw, I only opened tcp 2703 for Razor2 and it is working. It will work with only 2703 but will probably work faster with 7 open too. >From Razor's FAQ... "Outgoing TCP port 2703 (Razor2) and 7 (Echo). Razor2 uses TCP pings to discover what servers are closest to it." BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From jase at SENSIS.COM Thu May 15 20:06:35 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:07 2006 Subject: Message Batches Message-ID: > At 17:35 15/05/2003, you wrote: > >It got me thinking - would it not be more efficient for each > child to work > >to the batch size using the following: total messages in > queue/max number > >of children = batch size per child - which would clear the queue more > >efficiently??? > > At the moment, any child takes as many messages as it can up > to the limits > set in the batch size parameters. > Counting the total number of messages that *can* be scanned > is actually > quite an expensive operation. At the moment it only has to be > done once as > messages are date-sorted then put in the batch. The > file-locking operation > only has to be done once. > > Changing to the method you suggest could only be done by > adding them all to > the batch and then by removing all the excess ones you don't > want. Which > means you need to remember what order they were added. > Possible, but messy. (I don't know if this can be done but ...) what about some sort of communication with each of the mailscanner processes to see how many messasges they are currently processing? Or a global variable that keeps track of the current number of messages being processed for all sub processes? Then the routine would be something like: Sort all of the messages (queue files) Get the number of messages the other processes are working on Available msgs = all msgs - msgs being processed Now you can do some algorithm on the number of available messages. Just a thought, and maybe it's not possible. Jason From jase at SENSIS.COM Thu May 15 20:08:48 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:07 2006 Subject: spamassassin 2.54 released Message-ID: > > > Fwiw, I only opened tcp 2703 for Razor2 and it is working. > > It will work with only 2703 but will probably work faster with 7 open > too. > > From Razor's FAQ... > "Outgoing TCP port 2703 (Razor2) and 7 (Echo). Razor2 uses > TCP pings to > discover what servers are closest to it." I've been sniffing for port 7 for over 10 minutes (and I've had lots of mail come though during this time), but I have not seen any traffic. I don't know - maybe the faq is outdated, or I have something set up wrong. Jason From smhickel at CHARTERMI.NET Thu May 15 20:13:02 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:07 2006 Subject: AVG AV In-Reply-To: Message-ID: I use AVG in XP. Do they have a linux version? Steve On Thu, 15 May 2003, Leonard, Phil wrote: > Oops that's http://www.grisoft.com (without the /html on the end). Sorry. > > -----Original Message----- > From: Leonard, Phil > Sent: Thursday, May 15, 2003 1:30 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AVG AV > > > What about AVG AntiVirus http://www.grisoft.com/html ? Any chance of it being included at some time? I've been using it at the desktop level and it seems to work very well. > > Philip > From raymond at PROLOCATION.NET Thu May 15 20:13:27 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:07 2006 Subject: Message Batches In-Reply-To: Message-ID: Hi! > Sort all of the messages (queue files) > Get the number of messages the other processes are working on > Available msgs = all msgs - msgs being processed > > Now you can do some algorithm on the number of available messages. > Just a thought, and maybe it's not possible. There is not much to win there. On busy systems you only loose a lot of valuable time doing this. Bye, Raymond. From jaearick at COLBY.EDU Thu May 15 20:25:01 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:07 2006 Subject: ports for razor et. al In-Reply-To: References: Message-ID: Gang, I run ipfilter (http://coombs.anu.edu.au/~avalon/ip-filter.html) on my Sun box, as well as MailScanner, SA 2.54, Razor2. My ipfilter ruleset is "default block everything" with "pass" in/out rules for what I need. For razor, I added two rules: pass out quick on hme0 proto tcp from [my IP] to any port = 7 keep state pass out quick on hme0 proto tcp from [my IP] to any port = 2703 keep state Something, but not much, happens on port 7. Since reloading my ipfilter rules yesterday morning, "ipfstat -oh" says that exactly 10 packets have gone out port 7. So razor probably pings its servers every so often. --- Jeff Earickson On Thu, 15 May 2003, Desai, Jason wrote: > Date: Thu, 15 May 2003 15:08:48 -0400 > From: "Desai, Jason" > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spamassassin 2.54 released > > > > > > Fwiw, I only opened tcp 2703 for Razor2 and it is working. > > > > It will work with only 2703 but will probably work faster with 7 open > > too. > > > > From Razor's FAQ... > > "Outgoing TCP port 2703 (Razor2) and 7 (Echo). Razor2 uses > > TCP pings to > > discover what servers are closest to it." > > I've been sniffing for port 7 for over 10 minutes (and I've had lots of mail > come though during this time), but I have not seen any traffic. I don't > know - maybe the faq is outdated, or I have something set up wrong. > > Jason > From kevins at BMRB.CO.UK Thu May 15 20:25:47 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:07 2006 Subject: spamassassin 2.54 released In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175410@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175410@pascal.priv.bmrb.co.uk> Message-ID: <1053026747.15125.21.camel@bach.kevinspicer.co.uk> > I've been sniffing for port 7 for over 10 minutes (and I've had lots of mail > come though during this time), but I have not seen any traffic. You may need to do quite a bit more sniffing as it (by default) only refreshes the lists every 2 days! You can see when it last refreshed by examining the datestamp on /root/.razor/servers.nomination.lst (that file lists servers in preference order, fastest first) - note this path assumes MailScanner runs as root. To be honest I doubt it makes much real difference except perhaps on the busiest servers. While poking about in that directory I noticed that the razor logfile was 70M and so took the trouble to set debuglevel = 1 in razor-agents.conf BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From sanjay.patel at REXWIRE.COM Thu May 15 20:29:02 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <5.2.1.1.2.20030515194031.02745620@imap.ecs.soton.ac.uk> Message-ID: <007101c31b18$3de9e690$6f01a8c0@Laptop1> How do we apply this patch? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 15, 2003 2:41 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: spam score for each test in header 3 patches attached. At 19:19 15/05/2003, you wrote: >That looks great! :) > >Would it be possible for you to post a patch that implements just the >following? We aren't ready to upgrade to the latest version of MS until >we can fully test it (using Sophos SAVI, etc). But the change below >would easily be testable and implementable in the short run :-) > >Scott > >--On Thursday, May 15, 2003 5:18 PM +0100 Julian Field > wrote: > >>Very good idea. No sooner said than done :-) >> >>X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, >> DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT >>1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, >> ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) >> >>Does that look okay to you? >>I would like to keep the original sort order (alphabetical) to make the >>code simpler. >> >>I'll release something later this evening if you like. It will make it to >>the stable release at the start of June. >> >>At 15:54 15/05/2003, you wrote: >>>Actually, I have been thinking the same thing. Users would like to >>>know *which* rule added the most to the total score, or if there were >>>rules that subtracted off some point, it would be nice to know which >>>ones did that and by how much... Obviously, I have access to the rule >>>files and can look them up, but most cannot. >>> >>>If we had an option to turn on the score values in the header, it >>>would be quite useful! >>> >>>Scott >>> >>>--On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf >>> wrote: >>> >>>>I don't know whether this has been discussed before, but I am wondering >>>>how difficult would that be to put the score of each spam test in the >>>>X-MailScanner-Information header? >>>> >>>>e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; >>>>SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 >>>> >>>>Every now and then we have users who are suprised that a specific >>>>message has not been picked up as spam and we need to explain to them. >>>>Other less frequent situations are when we try to determine why a >>>>message is a false positive. We need to manually dig out the scores for >>>>each test and then see what would need changing. >>>> >>>>This is a feature I have seen with some commercial products, and it >>>>seems to be popular. >>>> >>>> >>>> >>>>Sylvain >>>> >>>>=========================================================== >>>>Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 >>>>Information Management Services Unit - Medical Sciences Division >>>>Oxford University | email : >>>>sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | >>>>fax : +44 (0) 1865 221322 Oxford OX3 9DU England >>>>=========================================================== >>> >>> >>> >>>-- >>>+-----------------------------------------------------------------------+ >>> Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ >>> UNIX Systems Engineer mailto:adkinss@ohio.edu >>> ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >>>+-----------------------------------------------------------------------+ >>> PGP Public Key available at >>>http://www.cns.ohiou.edu/~sadkins/pgp/ >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > > > >-- >+-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >+-----------------------------------------------------------------------+ > PGP Public Key available at > http://www.cns.ohiou.edu/~sadkins/pgp/ From kevins at BMRB.CO.UK Thu May 15 20:30:44 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:07 2006 Subject: spamassassin 2.54 released In-Reply-To: <1053026747.15125.21.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175410@pascal.priv.bmrb.co.uk> <1053026747.15125.21.camel@bach.kevinspicer.co.uk> Message-ID: <1053027045.15123.26.camel@bach.kevinspicer.co.uk> > You may need to do quite a bit more sniffing as it (by default) only > refreshes the lists every 2 days! You can see when it last refreshed by > examining the datestamp on /root/.razor/servers.nomination.lst (that > file lists servers in preference order, fastest first) Allow me to correct myself slightly, the above mentioned file and interval relates to servers for submission of spam notifications servers.catalogue.lst lists the servers used for checking. Both are refreshed at the maximum interval of two days >- note this path > assumes MailScanner runs as root. To be honest I doubt it makes much > real difference except perhaps on the busiest servers. > > > While poking about in that directory I noticed that the razor logfile > was 70M and so took the trouble to set debuglevel = 1 in > razor-agents.conf > > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From forrie at FORRIE.COM Thu May 15 20:32:11 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:07 2006 Subject: Spammers circumvent MS In-Reply-To: <5.2.1.1.2.20030510102253.026a6e38@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030509192124.01d1cbc0@192.168.1.1> Message-ID: <5.2.1.1.2.20030515153114.01fe2fd8@192.168.1.1> How do you deal with or handle roaming users with this ruleset. That, as I recall, was where I got stuck. We use DRAC here to "authorize" remote relaying; so one presumes that the user needs to authenticate first with IMAP or POP to get into that database. Then the rules would need to consult that also. At 10:33 AM 5/10/2003 +0100, you wrote: >At 00:22 10/05/2003, you wrote: >>You don't want a company-wide address to be accessible from the >>"outside". I never did resolve this in Sendmail, but it might be >>interesting to revisit this one. > >This can be done very easily in sendmail, if you are trying to protect >company-wide mailing lists. You have to accept valid users in your company >of course, as otherwise you would never accept any mail at all. > >We have a large bunch of email addresses which, for the sake of this >example, all end in "-foo".or "-foo-0" or "-foo-1" etc up to "-foo-9". The >"-foo-digit" ones are sublists that are used to construct each "-foo" list, >purely because the lists are larger than the maximum record size allowed in >aliases tables. > >In my sendmail.mc there is this: > >KIsEcsList2 regex -a@MATCH ^.*-foo(-[0-9])?$ > >LOCAL_RULESETS > >SLocal_check_rcpt >R$* $: $>3 $1 Focus on host >R$* $: $>"QualifyDomain" $1 Make fully-qualified >R$* <@ $* $m. > $* $1 <@ *LOCAL* > Is recipient an ECS address? >R$* <@ *LOCAL* > $* $: $(IsEcsList2 $1 $) <@ *LOCAL* > $2 ECS list? >R@MATCH <@ *LOCAL* > $* $#error $@ 5.1.2 $: Please contact ECS Help Desk > ># If address is unqualified, add *LOCAL* as the destination hostname. >SQualifyDomain >R$* < @ $* > $* $@ $1 < @ $2 > $3 Already fully qualified >R$+ $@ $1 < @ *LOCAL* > Add local qualification > >Repeat the lines containing "IsEcsList2" as many times as are necessary for >the number of regular expressions you need to create to match all your >company-wide mailing lists. We intentionally made them all end in "-foo" so >that this could be done more easily. > >Okay, so maybe this isn't "very easy" like I said at the top, but it sure >works. No-one outside can spam our internal lists. Anyone on the inside >doing it gets dropped from a great height. > >>At 04:35 PM 5/9/2003 -0600, you wrote: >>>I have brought this up before, with no resolution. Now spammers seem to be >>>catching on. >>>They are sending spam with multiple users from my domain in the To and CC >>>fields of the envelope. >>>The more local addresses they stuff in, the higher the chance they will hit >>>one that is whitelisted and then the whole email is whitelisted. >>>I know people have told me that because there is only one physical email for >>>many recipients that we can't block for some users and not others on the >>>same email. >>>My question is what can we do? I have emails with a score over 10 SA points >>>to be deleted. Is there a way to delete emails with a set score even if >>>that email hits a whitelisted address? >>>Any suggestions would be great. >>> >>>Thanks >>>Derrick Georgiades > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support From forrie at FORRIE.COM Thu May 15 20:34:22 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:07 2006 Subject: Spammers circumvent MS In-Reply-To: <004001c317ba$841c02d0$10c75a42@x27> References: <5.2.1.1.2.20030510122427.024159d8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030515153313.01fe8560@192.168.1.1> Doesn't SpamAssassin (Bayes) create a DB Hash of tokenized results (spam and not spam). I suppose if you could find a way to perform matches against that - well, you'd probably re-invent the wheel. Take a look at www.sendmail.org, who released some new anti-spam rulesets that might help - I've not installed them yet, but they do work with SpamAssassin, et al. Forrest At 07:39 AM 5/11/2003 -0500, you wrote: >Julian, > >When I said in e-mails, I mean in the body of the e-mail, kind of like how >SpamAssassin works, but think a dynamic rule set that >could be pulled from a server/etc, kind of like antivirus signatures. > >Regards, > >Donovan Huff >Owner/Operator >HUFF DATA SYSTEMS >donovan@huffdatasystems.com >http://www.huffdatasystems.com/ >(361) 781-0631 > >------------------------------------------------------ >Web Hosting Starting at $5.00/mo >http://www.huffdatasystems.com/ >------------------------------------------------------ >Internet Access Just About Anywhere >http://UnlimitedCheapInternet.com/ >------------------------------------------------------ > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Saturday, May 10, 2003 6:25 AM >Subject: Re: Spammers circumvent MS > > > > At 11:16 10/05/2003, you wrote: > > >If I was an intelligent SPAMMER *laugh*, I could just run the SPAM I > > >intended to send out thru MailScanner w/ SA and make sure that > > >it scored low enough to get thru and if it didn't, then modify it till it > > >did. This is likely why a lot of the SPAM recently seems > > >to be going more towards the plain text side with a simple web link. That > > >makes me think, maybe there needs to be a new BL that has > > >domains/IPs/IP ranges/URLs in it and matches them if in e-mails, I'm not > > >aware of anything that does this now. > > > > This is what people like Spamhaus try to do. They target known spammers > > rather than open relays. > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support From forrie at FORRIE.COM Thu May 15 20:35:25 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:07 2006 Subject: saving spam for Bayes repopulation In-Reply-To: <5.2.1.1.2.20030511185320.02899ea0@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20030511133851.02ce9008@192.168.1.112> Message-ID: <5.2.1.1.2.20030515153439.02012a58@192.168.1.1> Oh! And I couldn't figure out why you were doing that... so I have the script remove them :-( Good point. I suppose, with the influx of the messages, one could just do a newsyslog to rotate and compress them. >Yes. That's why they are saved in the cumulative file. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 20:34:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: Message Batches In-Reply-To: Message-ID: <5.2.1.1.2.20030515203333.02743170@imap.ecs.soton.ac.uk> At 20:06 15/05/2003, you wrote: > > At 17:35 15/05/2003, you wrote: > > >It got me thinking - would it not be more efficient for each > > child to work > > >to the batch size using the following: total messages in > > queue/max number > > >of children = batch size per child - which would clear the queue more > > >efficiently??? > > > > At the moment, any child takes as many messages as it can up > > to the limits > > set in the batch size parameters. > > Counting the total number of messages that *can* be scanned > > is actually > > quite an expensive operation. At the moment it only has to be > > done once as > > messages are date-sorted then put in the batch. The > > file-locking operation > > only has to be done once. > > > > Changing to the method you suggest could only be done by > > adding them all to > > the batch and then by removing all the excess ones you don't > > want. Which > > means you need to remember what order they were added. > > Possible, but messy. > >(I don't know if this can be done but ...) what about some sort of >communication with each of the mailscanner processes to see how many >messasges they are currently processing? Or a global variable that keeps >track of the current number of messages being processed for all sub >processes? Then the routine would be something like: > >Sort all of the messages (queue files) >Get the number of messages the other processes are working on >Available msgs = all msgs - msgs being processed > >Now you can do some algorithm on the number of available messages. > >Just a thought, and maybe it's not possible. Involves lots of IPC which I'm not keen on for reliability reasons. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu May 15 20:37:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <007101c31b18$3de9e690$6f01a8c0@Laptop1> References: <5.2.1.1.2.20030515194031.02745620@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030515203611.02755998@imap.ecs.soton.ac.uk> With the "patch" command :-) cd /usr/lib/MailScanner/MailScanner patch < ConfigDefs.pl.patch patch < SA.pm.patch and similar for MailScanner.conf. At 20:29 15/05/2003, you wrote: >How do we apply this patch? > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Thursday, May 15, 2003 2:41 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: spam score for each test in header > > >3 patches attached. > >At 19:19 15/05/2003, you wrote: > >That looks great! :) > > > >Would it be possible for you to post a patch that implements just the > >following? We aren't ready to upgrade to the latest version of MS until > >we can fully test it (using Sophos SAVI, etc). But the change below > >would easily be testable and implementable in the short run :-) > > > >Scott > > > >--On Thursday, May 15, 2003 5:18 PM +0100 Julian Field > > wrote: > > > >>Very good idea. No sooner said than done :-) > >> > >>X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, > >> DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT > >>1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, > >> ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) > >> > >>Does that look okay to you? > >>I would like to keep the original sort order (alphabetical) to make the > >>code simpler. > >> > >>I'll release something later this evening if you like. It will make it to > >>the stable release at the start of June. > >> > >>At 15:54 15/05/2003, you wrote: > >>>Actually, I have been thinking the same thing. Users would like to > >>>know *which* rule added the most to the total score, or if there were > >>>rules that subtracted off some point, it would be nice to know which > >>>ones did that and by how much... Obviously, I have access to the rule > >>>files and can look them up, but most cannot. > >>> > >>>If we had an option to turn on the score values in the header, it > >>>would be quite useful! > >>> > >>>Scott > >>> > >>>--On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf > >>> wrote: > >>> > >>>>I don't know whether this has been discussed before, but I am wondering > >>>>how difficult would that be to put the score of each spam test in the > >>>>X-MailScanner-Information header? > >>>> > >>>>e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; > >>>>SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 > >>>> > >>>>Every now and then we have users who are suprised that a specific > >>>>message has not been picked up as spam and we need to explain to them. > >>>>Other less frequent situations are when we try to determine why a > >>>>message is a false positive. We need to manually dig out the scores for > >>>>each test and then see what would need changing. > >>>> > >>>>This is a feature I have seen with some commercial products, and it > >>>>seems to be popular. > >>>> > >>>> > >>>> > >>>>Sylvain > >>>> > >>>>=========================================================== > >>>>Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 > >>>>Information Management Services Unit - Medical Sciences Division > >>>>Oxford University | email : > >>>>sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | > >>>>fax : +44 (0) 1865 221322 Oxford OX3 9DU England > >>>>=========================================================== > >>> > >>> > >>> > >>>-- > >>>+-----------------------------------------------------------------------+ > >>> Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > >>> UNIX Systems Engineer mailto:adkinss@ohio.edu > >>> ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 > >>>+-----------------------------------------------------------------------+ > >>> PGP Public Key available at > >>>http://www.cns.ohiou.edu/~sadkins/pgp/ > >> > >>-- > >>Julian Field > >>www.MailScanner.info > >>MailScanner thanks transtec Computers for their support > > > > > > > >-- > >+-----------------------------------------------------------------------+ > > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > > UNIX Systems Engineer mailto:adkinss@ohio.edu > > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 > >+-----------------------------------------------------------------------+ > > PGP Public Key available at > > http://www.cns.ohiou.edu/~sadkins/pgp/ -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Phil.Leonard at DSIONLINE.COM Thu May 15 20:45:57 2003 From: Phil.Leonard at DSIONLINE.COM (Leonard, Phil) Date: Thu Jan 12 21:18:07 2006 Subject: AVG AV Message-ID: No. I failed to check for that before asking. Sorry. Philip -----Original Message----- From: Steve Hickel [mailto:smhickel@CHARTERMI.NET] Sent: Thursday, May 15, 2003 2:13 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: AVG AV I use AVG in XP. Do they have a linux version? Steve On Thu, 15 May 2003, Leonard, Phil wrote: > Oops that's http://www.grisoft.com (without the /html on the end). Sorry. > > -----Original Message----- > From: Leonard, Phil > Sent: Thursday, May 15, 2003 1:30 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AVG AV > > > What about AVG AntiVirus http://www.grisoft.com/html ? Any chance of it being included at some time? I've been using it at the desktop level and it seems to work very well. > > Philip > From kevins at BMRB.CO.UK Thu May 15 20:47:08 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:07 2006 Subject: Spammers circumvent MS In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175418@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175418@pascal.priv.bmrb.co.uk> Message-ID: <1053028028.15125.32.camel@bach.kevinspicer.co.uk> >Doesn't SpamAssassin (Bayes) create a DB Hash of tokenized results >(spam and not spam). I suppose if you could find a way to perform > matches against that - well, you'd probably re-invent the wheel. Yes it does, but it only auto-learns very high and very low scoring mails. Odds are that the mails your users would want to train it with would be more moderate scores, as most false positives/ negatives tend to be borderline scores. Therefore this wouldn't work unless you changed the thresholds to tokenise everything, which would probably not be a good idea (mis-learning borderline cases, server load, database size etc). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From jase at SENSIS.COM Thu May 15 21:27:59 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:07 2006 Subject: spamassassin 2.54 released Message-ID: > > You may need to do quite a bit more sniffing as it (by default) only > > refreshes the lists every 2 days! You can see when it last > refreshed by > > examining the datestamp on > /root/.razor/servers.nomination.lst (that > > file lists servers in preference order, fastest first) > > Allow me to correct myself slightly, the above mentioned file and > interval relates to servers for submission of spam notifications > servers.catalogue.lst lists the servers used for checking. Both are > refreshed at the maximum interval of two days My apologies. I was wrong. I do in fact have tcp port 7 open for my mailscanner server. (I missed it because I used "echo" in the firewall script as the service name instead of the number 7.) I'm still sniffing, but I haven't seen anything yet. The age of my servers.nomination.lst file is over 24 hours old, so I assume I would see something in the next 24 hours. Thanks for setting me straight. Jason From zabriskw at ITECH.NET Thu May 15 21:37:56 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process Message-ID: <000f01c31b21$de01b370$0c02a8c0@itech.dom> This is probably a very simple answer and I apologize in advance. I have been running MailScanner for about 6 months and we are VERY happy with it. However, we would like to add SpamAssassin into the mix for a very complete solution. I am currently setting it up on a test box, and am having a problem. When I look at the mail.log it is telling me that: May 15 16:00:50 ceres MailScanner[979]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 I read some articles and previous posts and Julian as well as others have recommended to set the SA timeout to 40, which I did and the problem still exists. In the MailScanner.conf file, I do have specified to use SpamAssasin. I noticed however that nowhere in any of the docs I have read does it say run spamassassin. It is implied that SA does not have to be running. Should I have spamd, spamc, or spamassassin running as a process or does MailScanner take care of that all behind the scenes? Any help would GREATLY be appreciated. Thanks! Kris Zabriskie Network Admin / Consultant I-Tech Inc. zabriskw@itech.net 717-657-3035 From raymond at PROLOCATION.NET Thu May 15 21:40:17 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process In-Reply-To: <000f01c31b21$de01b370$0c02a8c0@itech.dom> Message-ID: Hi! > SpamAssasin. I noticed however that nowhere in any of the docs I have read > does it say run spamassassin. It is implied that SA does not have to be > running. Should I have spamd, spamc, or spamassassin running as a process > or does MailScanner take care of that all behind the scenes? Any help would > GREATLY be appreciated. Thanks! No, not needed. Have a look in your config, enable the spam loggin and see if you get anyh hits in the logs... Bye, Raymond. From zabriskw at ITECH.NET Thu May 15 21:41:04 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process References: Message-ID: <001601c31b22$4e198840$0c02a8c0@itech.dom> I tossed SA into debug mode, and in the header it simples says that SpamAssasin timed out. ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Thursday, May 15, 2003 4:40 PM Subject: Re: SpamAssassin Process > Hi! > > > SpamAssasin. I noticed however that nowhere in any of the docs I have read > > does it say run spamassassin. It is implied that SA does not have to be > > running. Should I have spamd, spamc, or spamassassin running as a process > > or does MailScanner take care of that all behind the scenes? Any help would > > GREATLY be appreciated. Thanks! > > No, not needed. Have a look in your config, enable the spam loggin and see > if you get anyh hits in the logs... > > Bye, > Raymond. > From raymond at PROLOCATION.NET Thu May 15 21:45:00 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process In-Reply-To: <001601c31b22$4e198840$0c02a8c0@itech.dom> Message-ID: Hi! > I tossed SA into debug mode, and in the header it simples says that > SpamAssasin timed out. If you raise the limit to 40 it still times out ? bye, Raymond. From zabriskw at ITECH.NET Thu May 15 21:46:38 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process References: Message-ID: <002101c31b23$14ecbb90$0c02a8c0@itech.dom> When I look at the header this is what it says: X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-MailScanner: Found to be clean, Found to be clean X-MailScanner-Information: Please contact the ISP for more information X-MailScanner-SpamCheck: not spam, SpamAssassin (timed out) X-UIDL: *X<"!]Y$"!>Fk!!D=[!! Some more information that might be helpful also, I am running SA 2.53 (not 2.54) and the newest version of MailScanner. ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Thursday, May 15, 2003 4:40 PM Subject: Re: SpamAssassin Process > Hi! > > > SpamAssasin. I noticed however that nowhere in any of the docs I have read > > does it say run spamassassin. It is implied that SA does not have to be > > running. Should I have spamd, spamc, or spamassassin running as a process > > or does MailScanner take care of that all behind the scenes? Any help would > > GREATLY be appreciated. Thanks! > > No, not needed. Have a look in your config, enable the spam loggin and see > if you get anyh hits in the logs... > > Bye, > Raymond. > From zabriskw at ITECH.NET Thu May 15 21:46:57 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process References: Message-ID: <002801c31b23$20f9c130$0c02a8c0@itech.dom> 40 was the default. Still times out. ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Thursday, May 15, 2003 4:45 PM Subject: Re: SpamAssassin Process > Hi! > > > I tossed SA into debug mode, and in the header it simples says that > > SpamAssasin timed out. > > If you raise the limit to 40 it still times out ? > > bye, > Raymond. > From forrie at FORRIE.COM Thu May 15 21:48:46 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process In-Reply-To: <000f01c31b21$de01b370$0c02a8c0@itech.dom> Message-ID: <5.2.1.1.2.20030515164753.02048c88@192.168.1.1> I've also seen the spurious timeouts with SpamAssassin - and my system has a very low load overall. I never did figure it out, but it is (fortunately) not very frequent. Might this be connected to SA trying to do it's razor and other lookups? Forrest From dwinkler at ALGORITHMICS.COM Thu May 15 21:49:56 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6F7D@tormail1.algorithmics.com> Try running SpamAssassin from the command line... spamassassin -t -D < testmail You'll need an email message including headers in the file testmail. You may need to do some searching to find the spamassassin binary, mine was in /usr/perl5/bin or something like that. Helped me find out what was wrong with DCC today. -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Thursday, May 15, 2003 4:47 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: SpamAssassin Process When I look at the header this is what it says: X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-MailScanner: Found to be clean, Found to be clean X-MailScanner-Information: Please contact the ISP for more information X-MailScanner-SpamCheck: not spam, SpamAssassin (timed out) X-UIDL: *X<"!]Y$"!>Fk!!D=[!! Some more information that might be helpful also, I am running SA 2.53 (not 2.54) and the newest version of MailScanner. ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Thursday, May 15, 2003 4:40 PM Subject: Re: SpamAssassin Process > Hi! > > > SpamAssasin. I noticed however that nowhere in any of the docs I have read > > does it say run spamassassin. It is implied that SA does not have to be > > running. Should I have spamd, spamc, or spamassassin running as a process > > or does MailScanner take care of that all behind the scenes? Any help would > > GREATLY be appreciated. Thanks! > > No, not needed. Have a look in your config, enable the spam loggin and see > if you get anyh hits in the logs... > > Bye, > Raymond. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030515/ab6272fc/attachment.html From jase at SENSIS.COM Thu May 15 21:55:48 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process Message-ID: My old system used to time out with SpamAssassin a lot when I used the bayes filters. You can try disabling them by setting use_bayes 0 in your spam.assassin.prefs.conf file. What type of system are you running MailScanner on? Is it very loaded? Jason > -----Original Message----- > From: Forrest Aldrich [mailto:forrie@FORRIE.COM] > Sent: Thursday, May 15, 2003 4:49 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] SpamAssassin Process > > > I've also seen the spurious timeouts with SpamAssassin - and > my system has > a very low load overall. I never did figure it out, but it is > (fortunately) not very frequent. > > Might this be connected to SA trying to do it's razor and > other lookups? > > > > Forrest > From zabriskw at ITECH.NET Thu May 15 22:02:43 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process References: Message-ID: <000701c31b25$5449d2d0$0c02a8c0@itech.dom> Jason, I will give that a shot, that was not set up. It is a test box so it isn't the best machine to run it on. It is currently running on a Alpha Station 200 4/66 with probably 128 Megs of RAM. He is running apache and mysql (but probably serving up a page once every hour). It is working now, the timeouts have stopped. I just gotta tweak the config for SA. Spam messages are coming back with a rating of 2.2. ----- Original Message ----- From: "Desai, Jason" To: Sent: Thursday, May 15, 2003 4:55 PM Subject: Re: SpamAssassin Process > My old system used to time out with SpamAssassin a lot when I used the bayes > filters. You can try disabling them by setting > > use_bayes 0 > > in your spam.assassin.prefs.conf file. What type of system are you running > MailScanner on? Is it very loaded? > > Jason > > > -----Original Message----- > > From: Forrest Aldrich [mailto:forrie@FORRIE.COM] > > Sent: Thursday, May 15, 2003 4:49 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] SpamAssassin Process > > > > > > I've also seen the spurious timeouts with SpamAssassin - and > > my system has > > a very low load overall. I never did figure it out, but it is > > (fortunately) not very frequent. > > > > Might this be connected to SA trying to do it's razor and > > other lookups? > > > > > > > > Forrest > > > From rich at MAIL.WVNET.EDU Thu May 15 22:20:11 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:07 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> Message-ID: <1053033611.3111.11.camel@rich.wvn.wvnet.edu> On Thu, 2003-05-15 at 06:41, Julian Field wrote: > Okay, I admit I was waiting for someone to say that ;-) > You are quite right, you can't have rulesets that point to rulesets. > > The per-domain and per-user (and per-IP) black/whitelist support is done > via Custom Functions in CustomConfig.pm. Take a look in there and you'll > find everything you need to get this going. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support Ok, I've been looking at the CustomConfig.pm comments and code and it looks pretty straight forward to setup. I'm not much of a Perl programmer though so I couldn't tell from the code if the black/whitelist support handles wildcard entries. For examble, is an entry of *.xyz.com allowed? What about IP prefixes such as 10.10.3. ? Thanks. -- Richard Lynch From mailscanner at ecs.soton.ac.uk Thu May 15 22:23:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process In-Reply-To: <000701c31b25$5449d2d0$0c02a8c0@itech.dom> References: Message-ID: <5.2.1.1.2.20030515222057.024c2d38@imap.ecs.soton.ac.uk> Some of the RBLs (particularly osirusoft.com) have been very dodgy today. I've been getting timeouts at least 50% of the time. Try setting skip_rbl_checks 1 in spam.assassin.prefs.conf (in the MailScanner/etc directory). I hope the RBLs will be behaving better tomorrow. MailScanner doesn't need anything in SpamAssassin to be "started", nor does it use any external program such as the "spamassassin" script. It interfaces directly with SpamAssassin's Perl API for speed. At 22:02 15/05/2003, you wrote: >Jason, >I will give that a shot, that was not set up. It is a test box so it isn't >the best machine to run it on. It is currently running on a Alpha Station >200 4/66 with probably 128 Megs of RAM. He is running apache and mysql (but >probably serving up a page once every hour). It is working now, the >timeouts have stopped. I just gotta tweak the config for SA. Spam messages >are coming back with a rating of 2.2. > > >----- Original Message ----- >From: "Desai, Jason" >To: >Sent: Thursday, May 15, 2003 4:55 PM >Subject: Re: SpamAssassin Process > > > > My old system used to time out with SpamAssassin a lot when I used the >bayes > > filters. You can try disabling them by setting > > > > use_bayes 0 > > > > in your spam.assassin.prefs.conf file. What type of system are you >running > > MailScanner on? Is it very loaded? > > > > Jason > > > > > -----Original Message----- > > > From: Forrest Aldrich [mailto:forrie@FORRIE.COM] > > > Sent: Thursday, May 15, 2003 4:49 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: [MAILSCANNER] SpamAssassin Process > > > > > > > > > I've also seen the spurious timeouts with SpamAssassin - and > > > my system has > > > a very low load overall. I never did figure it out, but it is > > > (fortunately) not very frequent. > > > > > > Might this be connected to SA trying to do it's razor and > > > other lookups? > > > > > > > > > > > > Forrest > > > > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From zabriskw at ITECH.NET Thu May 15 22:27:38 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process References: <5.2.1.1.2.20030515222057.024c2d38@imap.ecs.soton.ac.uk> Message-ID: <001001c31b28$cf660f80$0c02a8c0@itech.dom> Julian, That change has already been made. I have been having trouble with Infinite-Monkeys today, oh well. It seems like everything is working for the time being. Thanks everyone for your help, I do appreciate it! ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, May 15, 2003 5:23 PM Subject: Re: SpamAssassin Process > Some of the RBLs (particularly osirusoft.com) have been very dodgy today. > I've been getting timeouts at least 50% of the time. > > Try setting > skip_rbl_checks 1 > in spam.assassin.prefs.conf (in the MailScanner/etc directory). > > I hope the RBLs will be behaving better tomorrow. > > MailScanner doesn't need anything in SpamAssassin to be "started", nor does > it use any external program such as the "spamassassin" script. It > interfaces directly with SpamAssassin's Perl API for speed. > > At 22:02 15/05/2003, you wrote: > >Jason, > >I will give that a shot, that was not set up. It is a test box so it isn't > >the best machine to run it on. It is currently running on a Alpha Station > >200 4/66 with probably 128 Megs of RAM. He is running apache and mysql (but > >probably serving up a page once every hour). It is working now, the > >timeouts have stopped. I just gotta tweak the config for SA. Spam messages > >are coming back with a rating of 2.2. > > > > > >----- Original Message ----- > >From: "Desai, Jason" > >To: > >Sent: Thursday, May 15, 2003 4:55 PM > >Subject: Re: SpamAssassin Process > > > > > > > My old system used to time out with SpamAssassin a lot when I used the > >bayes > > > filters. You can try disabling them by setting > > > > > > use_bayes 0 > > > > > > in your spam.assassin.prefs.conf file. What type of system are you > >running > > > MailScanner on? Is it very loaded? > > > > > > Jason > > > > > > > -----Original Message----- > > > > From: Forrest Aldrich [mailto:forrie@FORRIE.COM] > > > > Sent: Thursday, May 15, 2003 4:49 PM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Re: [MAILSCANNER] SpamAssassin Process > > > > > > > > > > > > I've also seen the spurious timeouts with SpamAssassin - and > > > > my system has > > > > a very low load overall. I never did figure it out, but it is > > > > (fortunately) not very frequent. > > > > > > > > Might this be connected to SA trying to do it's razor and > > > > other lookups? > > > > > > > > > > > > > > > > Forrest > > > > > > > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From mailscanner at ecs.soton.ac.uk Thu May 15 22:31:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <1053033611.3111.11.camel@rich.wvn.wvnet.edu> References: <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030515222652.03e08008@imap.ecs.soton.ac.uk> At 22:20 15/05/2003, you wrote: >On Thu, 2003-05-15 at 06:41, Julian Field wrote: > > Okay, I admit I was waiting for someone to say that ;-) > > You are quite right, you can't have rulesets that point to rulesets. > > > > The per-domain and per-user (and per-IP) black/whitelist support is done > > via Custom Functions in CustomConfig.pm. Take a look in there and you'll > > find everything you need to get this going. > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > >Ok, I've been looking at the CustomConfig.pm comments and code and it >looks pretty straight forward to setup. I'm not much of a Perl >programmer though so I couldn't tell from the code if the >black/whitelist support handles wildcard entries. For examble, is an >entry of *.xyz.com allowed? What about IP prefixes such as 10.10.3. ? No, it doesn't. It just does simple lookups for speed. This is the matching code: it shows that just the "From" address (envelope sender), the domain of that address and the exact IP address are tested. You can specify a whitelist/blacklist for an individual email address or an individual domain. I might expand this later to allow IP prefixes and possibly domain suffixes, but I have no immediate plans for this. Feel free to add to the code yourselves! return 1 if $BlackWhite->{$to}{$from}; return 1 if $BlackWhite->{$to}{$fromdomain}; return 1 if $BlackWhite->{$to}{$ip}; return 1 if $BlackWhite->{$todomain}{$from}; return 1 if $BlackWhite->{$todomain}{$fromdomain}; return 1 if $BlackWhite->{$todomain}{$ip}; -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From forrie at FORRIE.COM Thu May 15 22:42:18 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:07 2006 Subject: SpamAssassin Process In-Reply-To: Message-ID: <5.2.1.1.2.20030515174108.02069958@192.168.1.1> My system is very low overhead with SMTP traffic. So I presume that one of Spam Assassin's ancilliary processes is to blame. I already have: skip_rbl_checks 1 set in my spam.assassin.prefs.conf file. Forrest At 04:55 PM 5/15/2003 -0400, you wrote: >My old system used to time out with SpamAssassin a lot when I used the bayes >filters. You can try disabling them by setting > >use_bayes 0 > >in your spam.assassin.prefs.conf file. What type of system are you running >MailScanner on? Is it very loaded? > >Jason > > > -----Original Message----- > > From: Forrest Aldrich [mailto:forrie@FORRIE.COM] > > Sent: Thursday, May 15, 2003 4:49 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] SpamAssassin Process > > > > > > I've also seen the spurious timeouts with SpamAssassin - and > > my system has > > a very low load overall. I never did figure it out, but it is > > (fortunately) not very frequent. > > > > Might this be connected to SA trying to do it's razor and > > other lookups? > > > > > > > > Forrest > > From bradley at BRADPATTERSON.COM Thu May 15 23:23:24 2003 From: bradley at BRADPATTERSON.COM (Brad Patterson) Date: Thu Jan 12 21:18:07 2006 Subject: Lost text and attachments (Eudora+Cyrus issue) Message-ID: I have a customer at Cisco who is sending attachments to several of our users. I can see from the headers that the sender uses Eudora version 4.3.2 for Windows and that he is sending through a Mirapoint mail server (IMAP). The message he is sending is HTML with two attachments, one is a log file and the other is a zip file. Total size of the message is approx. 200 KB. In my syslog, I see the message arrive, size is 205388 and MailScanner grabs the message for spam and virus checks, then passes the message on to our Notes server. No spam or virus are detected, but the email is empty (no text or attachments) beyond the headers and the following message is logged: May 15 16:03:58 smtp4.xxx.com MailScanner[16114]: Content Checks: Fixed awkward MIME boundary for Cyrus IMAP server in h4FL3qKr017067 Looking back through my old list messages, I see that somebody asked a similar question about Eudora+Cyrus MIME issues. After poking around the configuration and doing some research, I'm not sure how/where to resolve this issue. It looks like MailScanner gets to the point where the Cyrus message is logged, then stops processing and only sends the message headers. None of the X-MailScanner headers appear in the message. At the moment, I don't know the confidentiality status of the attachments in question, so I can't include them for analysis. They are plain text log files. MailScanner 4.20-3 Perl 5.8.0 ClamAV (snapshot 20030317) Solaris 9 All of the perl modules are the versions listed on the mailscanner.info web site. My questions: Has anyone else seen this type of behavior (empty message)? Any ideas of how to resolve it? Any additional information I should post? -- Brad Patterson P.S. - I know it's usually bad form to include an entirely different message, but I thought it might jog somebody's memory. On 1/10/03 16:14, "Julian Field" wrote: > This is a result of a check used to defend against a bug in the Cyrus IMAP > server which is exercised by some versions of Eudora. You have a > multipart/mixed with a multipart/alternative inside it, where the "mised" > MIME boundary is a substring of the "alternative" MIME boundary. > > So when MailScanner finds this situation, it changes the inner MIME > boundary to be the string you saw. However, I did test this and it worked > just fine when I tested it... > Are you using the latest MIME tools and so on? > > It will only happen to messages created with Eudora which contain "styled" > text (i.e. HTML) as well as plain text, and an attachment. > Is anyone else seeing this problem? > Or could it be a majordomo problem? The fact that it doesn't occur in > messages sent to individual users shows it must be at least mostly correct. > > Can you send me (zipped up) the complete message sent to individual users, > and the message sent out by majordomo, so I can compare them please? > > At 21:52 10/01/2003, you wrote: >> Hello, >> >> We are running version 4.11-1 of mailscanner on HP-UX 11.0 with sendmail >> 8.12.7, Qpopper and majordomo as our mailing list manager. When a Word file >> was sent as an attachemnt to a majordomo list it resulted in the following >> error: _MailScanner_found_Cyrus_boundary_substring_problem__ >> and the attachment was included in the message. When the same attachment is >> sent to individual users it is deliverd normally. >> The sender uses Eudora on Windows 2000. >> >> Does anyone know what the problem might be? >> >>> --=====================_366438080==_.ALT-- >>> >> --__MailScanner_found_Cyrus_boundary_substring_problem__ >> Content-Type: application/msword; name="serials survey 1-03.doc"; >> x-mac-type="42494E41"; x-mac-creator="4D535744" >> Content-Transfer-Encoding: base64>Content-Disposition: attachment; >> filename="serials survey 1-03.doc" >> 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB >> AAAAQwAAAAAAAAAAEAAARQAAAAEAAAD+////AAAAAEIAAAD///////////// >> >> etc. >> >> Thanks >> Johannes Johannsson From hden at KCBBS.GEN.NZ Fri May 16 00:13:14 2003 From: hden at KCBBS.GEN.NZ (Hendrik den Hartog) Date: Thu Jan 12 21:18:07 2006 Subject: Installing RAZOR In-Reply-To: References: Message-ID: <20030515231314.GA27397@mew.kcbbs.gen.nz> Hello If you install RAZOR for use with spamassassin, do you need to do the 'complete' installation process as described? I.E. do you need to run razor-clients, razor-admin and register the reporters? (reason I ask is I thought (?) I read in a previous posting regarding installing razor that you only need to install the perl modules? not being an expert, can't work it out for myself) Cheers! Hendrik From gerry at DORFAM.CA Fri May 16 00:30:12 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:07 2006 Subject: Installing RAZOR In-Reply-To: <20030515231314.GA27397@mew.kcbbs.gen.nz> Message-ID: On Fri, 16 May 2003, Hendrik den Hartog wrote: > Hello > > If you install RAZOR for use with spamassassin, do you need to > do the 'complete' installation process as described? > I.E. do you need to run razor-clients, razor-admin and register > the reporters? > > (reason I ask is I thought (?) I read in a previous posting > regarding installing razor that you only need to install the perl > modules? not being an expert, can't work it out for myself) > > Cheers! > Hendrik I believe you should run razor-clients to ensure the proper simlinks are inplace. The others are needed only if you intend to update the razor database with spam. razor doesn't want just anyone tossing sites like redhat.com or microsoft.com into their database and messing everything up. They try and keep their database valid. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Fri May 16 00:47:36 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <5.2.1.1.2.20030515194031.02745620@imap.ecs.soton.ac.uk> Message-ID: On Thu, 15 May 2003, Julian Field wrote: > 3 patches attached. > > At 19:19 15/05/2003, you wrote: > >That looks great! :) > > > >Would it be possible for you to post a patch that implements just the > >following? We aren't ready to upgrade to the latest version of MS until > >we can fully test it (using Sophos SAVI, etc). But the change below > >would easily be testable and implementable in the short run :-) > > > >Scott > > > >--On Thursday, May 15, 2003 5:18 PM +0100 Julian Field > > wrote: > > > >>Very good idea. No sooner said than done :-) > >> > >>X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, > >> DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT > >>1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, > >> ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) > >> > >>Does that look okay to you? > >>I would like to keep the original sort order (alphabetical) to make the > >>code simpler. I just tried out the new spam score display and it works great! I had no idea that Bayes was adding so much to the total score. Thanks again Julian! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From smhickel at CHARTERMI.NET Fri May 16 01:58:39 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:07 2006 Subject: Queston... WAS Re: razor2 working? In-Reply-To: <5.2.0.9.2.20030514170632.034cd810@imap.ecs.soton.ac.uk> Message-ID: Everytime I try to install Razor 2 this is what I get. I am doing this from the "OTHER" category in the Perl icon screen in webmin: Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Installing /usr/man/man1/razor-revoke.1 Installing /usr/man/man1/razor-admin.1 Installing /usr/man/man1/razor-report.1 Installing /usr/man/man1/razor-check.1 Installing /usr/man/man3/Razor2::Preproc::deHTMLxs.3pm Installing /usr/man/man3/Razor2::Syslog.3pm Installing /usr/man/man3/Razor2::Errorhandler.3pm Writing /usr/lib/perl5/site_perl/5.6.1/i386-linux/auto/razor-agents/.packlist /usr/bin/perl -we 'exit unless -f $ARGV[0];' -e 'print "WARNING: I have found an old package in\n";' -e 'print "\t$ARGV[0].\n";' -e 'print "Please make sure the two installations are not conflicting\n ";' \ /usr/lib/perl5/5.6.1/i386-linux/auto/razor-agents echo Appending installation info to /usr/lib/perl5/site_perl/5.6.1/i386-linux/perllocal.pod Appending installation info to /usr/lib/perl5/site_perl/5.6.1/i386-linux/perllocal.pod /usr/bin/perl "-MExtUtils::Command" -e mkpath /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/bin/perl -e '$\="\n\n";' -e 'print "=head2 ", scalar(localtime), ": C<", shift, ">", " L<", $ar g=shift, "|", $arg, ">";' -e 'print "=over 4";' -e 'while (defined($key = shift) and defined($val = shift)){print "=item *";print "C<$key: $val>";}' -e 'print "=back";' \ "Module" "razor-agents" \ "installed into" "/usr/lib/perl5/site_perl/5.6.1" \ LINKTYPE "dynamic" \ VERSION "2.22" \ EXE_FILES "bin/razor-client" \ >> /usr/lib/perl5/site_perl/5.6.1/i386-linux/perllocal.pod blib/script/razor-client Digest::SHA1 object version 2.01 does not match bootstrap parameter 2.02 at /usr/lib/perl5/5.6.1/i38 6-linux/DynaLoader.pm line 225. Compilation failed in require at lib/Razor2/String.pm line 4. BEGIN failed--compilation aborted at lib/Razor2/String.pm line 4. Compilation failed in require at (eval 7) line 3. ...propagated at /usr/lib/perl5/5.6.1/base.pm line 62. BEGIN failed--compilation aborted at lib/Razor2/Client/Core.pm line 21. Compilation failed in require at (eval 1) line 3. ...propagated at /usr/lib/perl5/5.6.1/base.pm line 62. BEGIN failed--compilation aborted at lib/Razor2/Client/Agent.pm line 18. Compilation failed in require at blib/script/razor-client line 21. BEGIN failed--compilation aborted at blib/script/razor-client line 21. make: *** [install_razor_agents] Error 2 Installation of razor::agents failed. Check the output above and try installing manually. Thanks, Steve From andrewh at CQG.COM Fri May 16 02:07:51 2003 From: andrewh at CQG.COM (Andrew M. Hoying) Date: Thu Jan 12 21:18:07 2006 Subject: Moving bodies of spam messages to an attachment Message-ID: <8A6DFB0865502242A29E25BDAEFBB945533812@d2sexchtest.cqg.com> Is there any way to configure MailScanner 4.20 with SpamAssassin 2.54 to move the bodies of spam messages to an attachment and put the report in the main message body as spamc/spamd and spamassassin do by default? Thanks, Andrew Hoying From gerry at DORFAM.CA Fri May 16 02:39:22 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:07 2006 Subject: Queston... WAS Re: razor2 working? In-Reply-To: Message-ID: On Thu, 15 May 2003, Steve Hickel wrote: > Everytime I try to install Razor 2 this is what I get. I am doing this > from the "OTHER" category in the Perl icon screen in webmin: > snip .... > snip > > Installation of razor::agents failed. Check the output above and try > installing manually. > > > Thanks, > > Steve It seems to me that there are two tarballs for razor on their website. One is razor-agent-sdk and the other is razor-agent. You have to install the sdk one first or you have to install the various perl modules needed for razor-agent manually. Did you do this? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mark at TIPPINGMAR.COM Fri May 16 02:28:48 2003 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:18:07 2006 Subject: OT: help with SA scores In-Reply-To: <1053006488.14290.237.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: From the man page for Mail::SpamAssassin::Conf If only one valid score is listed, then that score is always used for a test. If four valid scores are listed, then the score that is used depends on how SpamAssassin is being used. The first score is used when both Bayes and network tests are disabled. The second score is used when Bayes is disabled, but network tests are enabled. The third score is used when Bayes is enabled and network tests are disabled. The fourth score is used when Bayes is enabled and net- work tests are enabled. Mark Nienberg On Thursday, May 15, 2003, at 06:48 AM, Denis Beauchemin wrote: > Hello, > > Could someone shed some light on the 4 numbers in SA score file: > /usr/share/spamassassin/50_scores.cf:score FORGED_MUA_OIMO 4.295 2.799 > 4.295 2.796 > > Some users are getting their Outlook calendar emails flagged as SPAM > and > I believe the FORGED_MUA_OIMO is the culprit. > > Before I lower the score of this parameter I would like to understand > why there are 4 different scores for it. > > Should I lower this parameter or whitelist my entire domain (it was not > necessary until now)? > > Thanks again! > -- > Denis Beauchemin, analyste > Universit? de Sherbrooke, S.T.I. > T: 819.821.8000x2252 F: 819.821.8045 From robbyv at DISASTER.COM Fri May 16 06:31:06 2003 From: robbyv at DISASTER.COM (Rob V) Date: Thu Jan 12 21:18:07 2006 Subject: Bayes setup Message-ID: good point From mailscanner at ecs.soton.ac.uk Fri May 16 06:38:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: Moving bodies of spam messages to an attachment In-Reply-To: <8A6DFB0865502242A29E25BDAEFBB945533812@d2sexchtest.cqg.com > Message-ID: <5.2.1.1.2.20030516063811.02321140@imap.ecs.soton.ac.uk> At 02:07 16/05/2003, you wrote: >Is there any way to configure MailScanner 4.20 with SpamAssassin 2.54 to >move the bodies of spam messages to an attachment and put the report in >the main message body as spamc/spamd and spamassassin do by default? No, not at the moment. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 16 06:35:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: Lost text and attachments (Eudora+Cyrus issue) In-Reply-To: Message-ID: <5.2.1.1.2.20030516063427.0232d9a8@imap.ecs.soton.ac.uk> Around line 533 of /usr/lib/MailScanner/MailScanner/SweepContent.pm, you will find this line: FixSubstringBoundaries($message, $id); Try commenting this out and re-run MailScanner. If the original Cyrus/Eudora problem has been fixed for a long time, then I will just get rid of this code altogether. At 23:23 15/05/2003, you wrote: >I have a customer at Cisco who is sending attachments to several of our >users. I can see from >the headers that the sender uses Eudora version 4.3.2 for Windows and that >he is sending >through a Mirapoint mail server (IMAP). The message he is sending is HTML >with two >attachments, one is a log file and the other is a zip file. Total size of >the message is approx. >200 KB. > >In my syslog, I see the message arrive, size is 205388 and MailScanner >grabs the message for >spam and virus checks, then passes the message on to our Notes server. No >spam or virus >are detected, but the email is empty (no text or attachments) beyond the >headers and the >following message is logged: > >May 15 16:03:58 smtp4.xxx.com MailScanner[16114]: Content Checks: Fixed >awkward MIME >boundary for Cyrus IMAP server in h4FL3qKr017067 > >Looking back through my old list messages, I see that somebody asked a >similar question >about Eudora+Cyrus MIME issues. After poking around the configuration and >doing some >research, I'm not sure how/where to resolve this issue. > >It looks like MailScanner gets to the point where the Cyrus message is >logged, then stops >processing and only sends the message headers. None of the X-MailScanner >headers appear >in the message. > >At the moment, I don't know the confidentiality status of the attachments >in question, so I >can't include them for analysis. They are plain text log files. > >MailScanner 4.20-3 >Perl 5.8.0 >ClamAV (snapshot 20030317) >Solaris 9 >All of the perl modules are the versions listed on the mailscanner.info >web site. > > >My questions: >Has anyone else seen this type of behavior (empty message)? >Any ideas of how to resolve it? >Any additional information I should post? > >-- >Brad Patterson > >P.S. - I know it's usually bad form to include an entirely different >message, but I thought it >might jog somebody's memory. > > >On 1/10/03 16:14, "Julian Field" wrote: > > > This is a result of a check used to defend against a bug in the Cyrus IMAP > > server which is exercised by some versions of Eudora. You have a > > multipart/mixed with a multipart/alternative inside it, where the "mised" > > MIME boundary is a substring of the "alternative" MIME boundary. > > > > So when MailScanner finds this situation, it changes the inner MIME > > boundary to be the string you saw. However, I did test this and it worked > > just fine when I tested it... > > Are you using the latest MIME tools and so on? > > > > It will only happen to messages created with Eudora which contain "styled" > > text (i.e. HTML) as well as plain text, and an attachment. > > Is anyone else seeing this problem? > > Or could it be a majordomo problem? The fact that it doesn't occur in > > messages sent to individual users shows it must be at least mostly correct. > > > > Can you send me (zipped up) the complete message sent to individual users, > > and the message sent out by majordomo, so I can compare them please? > > > > At 21:52 10/01/2003, you wrote: > >> Hello, > >> > >> We are running version 4.11-1 of mailscanner on HP-UX 11.0 with sendmail > >> 8.12.7, Qpopper and majordomo as our mailing list manager. When a > Word file > >> was sent as an attachemnt to a majordomo list it resulted in the following > >> error: _MailScanner_found_Cyrus_boundary_substring_problem__ > >> and the attachment was included in the message. When the same > attachment is > >> sent to individual users it is deliverd normally. > >> The sender uses Eudora on Windows 2000. > >> > >> Does anyone know what the problem might be? > >> > >>> --=====================_366438080==_.ALT-- > >>> > >> --__MailScanner_found_Cyrus_boundary_substring_problem__ > >> Content-Type: application/msword; name="serials survey 1-03.doc"; > >> x-mac-type="42494E41"; x-mac-creator="4D535744" > >> Content-Transfer-Encoding: base64>Content-Disposition: attachment; > >> filename="serials survey 1-03.doc" > >> 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB > >> AAAAQwAAAAAAAAAAEAAARQAAAAEAAAD+////AAAAAEIAAAD///////////// > >> > >> etc. > >> > >> Thanks > >> Johannes Johannsson -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From smhickel at CHARTERMI.NET Fri May 16 07:44:55 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:07 2006 Subject: Queston... WAS Re: razor2 working? In-Reply-To: Message-ID: Yes, I got similar error messages from the sdk, did them individually from CPAN and retried the sdk and it worked as a whole from the razor website then I tried and tried the razor agent and got those wierd errors. Steve On Thu, 15 May 2003, Gerry Doris wrote: > On Thu, 15 May 2003, Steve Hickel wrote: > > > Everytime I try to install Razor 2 this is what I get. I am doing this > > from the "OTHER" category in the Perl icon screen in webmin: > > snip > .... > > snip > > > > Installation of razor::agents failed. Check the output above and try > > installing manually. > > > > > > Thanks, > > > > Steve > > It seems to me that there are two tarballs for razor on their website. > One is razor-agent-sdk and the other is razor-agent. You have to install > the sdk one first or you have to install the various perl modules needed > for razor-agent manually. Did you do this? > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > From sylvain.phaneuf at IMSU.OXFORD.AC.UK Fri May 16 10:19:40 2003 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header Message-ID: Brilliant !!! Thanks Julian. I am 100% happy with your solution. But if I may push my luck... How difficult would it be to transfer this header line into an attachment to the message named something like "spam_score_details.txt", and get the list of test & scores in a neat format with carriage returns after each score, and an explanation at the top for the user saying something like "Your MailScanner system has performed the following tests to determine if it was spam. Please see yout local IT officer for more details". Or leave us to create that piece of text so that we can add our contact details, etc.? Just trying to make sure you don't get bored when your colleague is on leave next week... Thanks again. Sylvain =========================================================== Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== >>> mailscanner@ECS.SOTON.AC.UK 15/05/2003 19:41:15 >>> 3 patches attached. At 19:19 15/05/2003, you wrote: >That looks great! :) > >Would it be possible for you to post a patch that implements just the >following? We aren't ready to upgrade to the latest version of MS until >we can fully test it (using Sophos SAVI, etc). But the change below >would easily be testable and implementable in the short run :-) > >Scott > >--On Thursday, May 15, 2003 5:18 PM +0100 Julian Field > wrote: > >>Very good idea. No sooner said than done :-) >> >>X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, >> DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT >>1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, >> ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) >> >>Does that look okay to you? >>I would like to keep the original sort order (alphabetical) to make the >>code simpler. >> >>I'll release something later this evening if you like. It will make it to >>the stable release at the start of June. >> >>At 15:54 15/05/2003, you wrote: >>>Actually, I have been thinking the same thing. Users would like to >>>know *which* rule added the most to the total score, or if there were >>>rules that subtracted off some point, it would be nice to know which >>>ones did that and by how much... Obviously, I have access to the rule >>>files and can look them up, but most cannot. >>> >>>If we had an option to turn on the score values in the header, it >>>would be quite useful! >>> >>>Scott >>> >>>--On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf >>> wrote: >>> >>>>I don't know whether this has been discussed before, but I am wondering >>>>how difficult would that be to put the score of each spam test in the >>>>X-MailScanner-Information header? >>>> >>>>e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; >>>>SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 >>>> >>>>Every now and then we have users who are suprised that a specific >>>>message has not been picked up as spam and we need to explain to them. >>>>Other less frequent situations are when we try to determine why a >>>>message is a false positive. We need to manually dig out the scores for >>>>each test and then see what would need changing. >>>> >>>>This is a feature I have seen with some commercial products, and it >>>>seems to be popular. >>>> >>>> >>>> >>>>Sylvain >>>> >>>>=========================================================== >>>>Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 >>>>Information Management Services Unit - Medical Sciences Division >>>>Oxford University | email : >>>>sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | >>>>fax : +44 (0) 1865 221322 Oxford OX3 9DU England >>>>=========================================================== >>> >>> >>> >>>-- >>>+-----------------------------------------------------------------------+ >>> Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ >>> UNIX Systems Engineer mailto:adkinss@ohio.edu >>> ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >>>+-----------------------------------------------------------------------+ >>> PGP Public Key available at >>>http://www.cns.ohiou.edu/~sadkins/pgp/ >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > > > >-- >+-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >+-----------------------------------------------------------------------+ > PGP Public Key available at > http://www.cns.ohiou.edu/~sadkins/pgp/ From P.G.M.Peters at civ.utwente.nl Fri May 16 11:07:15 2003 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:18:07 2006 Subject: spamassassin 2.54 released In-Reply-To: References: Message-ID: On Thu, 15 May 2003 10:13:58 -0700, you wrote: >The DCC website says: > >By default, DCC clients send to UDP port 6277 from an anonymous port. >Thus, it is sufficient to open a firewall for clients to outgoing UDP >packets to port 6277 and incoming packets from port 6277. The server >goes to some lengths to try to respond from the same IP address at which >it received a client's request. > >Could someone dicpher that for me. The 6277 incoming isn't initatiated >by an outside source right? On a stateful firewall I only need to allow >6277 out correct. No. (Most) statefull firewall don't keep UDP states because UDP is not a connection oriented protocol and thus doesn't have any state. Statefull firewalls build their state table based on SYN-packets and those are not present in UDP. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From mailscanner at BARENDSE.TO Fri May 16 11:06:32 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: Message-ID: Isn't that annoying? You would have to open an attachment each time you want to see the scores. Especially the less experienced users will start complaining about these 'weird' attachments. On Fri, 16 May 2003, Sylvain Phaneuf wrote: > Brilliant !!! Thanks Julian. > > I am 100% happy with your solution. But if I may push my luck... How difficult would it be to transfer this header line into an attachment to the message named something like "spam_score_details.txt", and get the list of test & scores in a neat format with carriage returns after each score, and an explanation at the top for the user saying something like "Your MailScanner system has performed the following tests to determine if it was spam. Please see yout local IT officer for more details". Or leave us to create that piece of text so that we can add our contact details, etc.? > > Just trying to make sure you don't get bored when your colleague is on leave next week... > > Thanks again. > > Sylvain > > > =========================================================== > Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 > Information Management Services Unit - Medical Sciences Division > Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk > Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 > Oxford OX3 9DU England > =========================================================== > > >>> mailscanner@ECS.SOTON.AC.UK 15/05/2003 19:41:15 >>> > 3 patches attached. > > At 19:19 15/05/2003, you wrote: > >That looks great! :) > > > >Would it be possible for you to post a patch that implements just the > >following? We aren't ready to upgrade to the latest version of MS until > >we can fully test it (using Sophos SAVI, etc). But the change below > >would easily be testable and implementable in the short run :-) > > > >Scott > > > >--On Thursday, May 15, 2003 5:18 PM +0100 Julian Field > > wrote: > > > >>Very good idea. No sooner said than done :-) > >> > >>X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.8, required 5, > >> DATE_IN_PAST_12_24 0.21, DRASTIC_REDUCED 1.54, HOME_EMPLOYMENT > >>1.50, INVALID_DATE 0.57, INVALID_MSGID 0.38, NO_REAL_NAME 0.73, > >> ONCE_IN_LIFETIME 0.74, REMOVE_SUBJ 0.81, UNDISC_RECIPS 1.44) > >> > >>Does that look okay to you? > >>I would like to keep the original sort order (alphabetical) to make the > >>code simpler. > >> > >>I'll release something later this evening if you like. It will make it to > >>the stable release at the start of June. > >> > >>At 15:54 15/05/2003, you wrote: > >>>Actually, I have been thinking the same thing. Users would like to > >>>know *which* rule added the most to the total score, or if there were > >>>rules that subtracted off some point, it would be nice to know which > >>>ones did that and by how much... Obviously, I have access to the rule > >>>files and can look them up, but most cannot. > >>> > >>>If we had an option to turn on the score values in the header, it > >>>would be quite useful! > >>> > >>>Scott > >>> > >>>--On Thursday, May 15, 2003 3:07 PM +0100 Sylvain Phaneuf > >>> wrote: > >>> > >>>>I don't know whether this has been discussed before, but I am wondering > >>>>how difficult would that be to put the score of each spam test in the > >>>>X-MailScanner-Information header? > >>>> > >>>>e.g. MIME_HTML_ONLY 0.1 ; IN_REP_TO -3.3 ; DATE_INFUTURE_12_24 2.37 ; > >>>>SPACES_IN_SUBJECT 2.42 ; MS_EXCHANGE -5.80 > >>>> > >>>>Every now and then we have users who are suprised that a specific > >>>>message has not been picked up as spam and we need to explain to them. > >>>>Other less frequent situations are when we try to determine why a > >>>>message is a false positive. We need to manually dig out the scores for > >>>>each test and then see what would need changing. > >>>> > >>>>This is a feature I have seen with some commercial products, and it > >>>>seems to be popular. > >>>> > >>>> > >>>> > >>>>Sylvain > >>>> > >>>>=========================================================== > >>>>Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 > >>>>Information Management Services Unit - Medical Sciences Division > >>>>Oxford University | email : > >>>>sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | > >>>>fax : +44 (0) 1865 221322 Oxford OX3 9DU England > >>>>=========================================================== > >>> > >>> > >>> > >>>-- > >>>+-----------------------------------------------------------------------+ > >>> Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > >>> UNIX Systems Engineer mailto:adkinss@ohio.edu > >>> ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 > >>>+-----------------------------------------------------------------------+ > >>> PGP Public Key available at > >>>http://www.cns.ohiou.edu/~sadkins/pgp/ > >> > >>-- > >>Julian Field > >>www.MailScanner.info > >>MailScanner thanks transtec Computers for their support > > > > > > > >-- > >+-----------------------------------------------------------------------+ > > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > > UNIX Systems Engineer mailto:adkinss@ohio.edu > > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 > >+-----------------------------------------------------------------------+ > > PGP Public Key available at > > http://www.cns.ohiou.edu/~sadkins/pgp/ > From Kevin.Spicer at BMRB.CO.UK Fri May 16 11:14:36 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:07 2006 Subject: spamassassin 2.54 released Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD89@pascal.priv.bmrb.co.uk> > No. (Most) statefull firewall don't keep UDP states because > UDP is not a > connection oriented protocol and thus doesn't have any state. > > Statefull firewalls build their state table based on SYN-packets and > those are not present in UDP. > Yes and No. Whilst this is probably true for some firewalls my experience is that both Checkpoint FW-1 and Linux IP tables (set up with shorewall - which rocks btw) manage to cope with replies to UDP packets quite nicely. I assume that the firewall tracks outgoing packets destination IP and port then permits traffic from that location back to the originator for a certain period (but I'm guessing!) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Fri May 16 11:01:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: Message-ID: <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> At 10:19 16/05/2003, you wrote: >Brilliant !!! Thanks Julian. > >I am 100% happy with your solution. But if I may push my luck... How >difficult would it be to transfer this header line into an attachment to >the message named something like "spam_score_details.txt", and get the >list of test & scores in a neat format with carriage returns after each >score, and an explanation at the top for the user saying something like >"Your MailScanner system has performed the following tests to determine if >it was spam. Please see yout local IT officer for more details". Or leave >us to create that piece of text so that we can add our contact details, etc.? Not keen on that. MailScanner doesn't mess with the message more than it has to, and this would create an attachment on every single message. Even if you just do this with spam, you are adding to your spam load problem, not reducing it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sylvain.phaneuf at IMSU.OXFORD.AC.UK Fri May 16 11:45:06 2003 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header Message-ID: You are right. The simpler the better. >>> mailscanner@ECS.SOTON.AC.UK 16/05/2003 11:01:16 >>> At 10:19 16/05/2003, you wrote: >Brilliant !!! Thanks Julian. > >I am 100% happy with your solution. But if I may push my luck... How >difficult would it be to transfer this header line into an attachment to >the message named something like "spam_score_details.txt", and get the >list of test & scores in a neat format with carriage returns after each >score, and an explanation at the top for the user saying something like >"Your MailScanner system has performed the following tests to determine if >it was spam. Please see yout local IT officer for more details". Or leave >us to create that piece of text so that we can add our contact details, etc.? Not keen on that. MailScanner doesn't mess with the message more than it has to, and this would create an attachment on every single message. Even if you just do this with spam, you are adding to your spam load problem, not reducing it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Steve at SWANEY.COM Fri May 16 13:11:20 2003 From: Steve at SWANEY.COM (Stephen Swaney) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> Message-ID: <1053087080.1342.22.camel@speedy> I agree with not messing with the message, but one firm has created a system where when a message is detected as spam, the original spam is encapsulated as a attachment to a message that reads: ----------------------------- Our mailscanner believes that the attachment to this message sent to you by spammer@junkmail.com Subject: Work from Home, Make big Bucks!!! is Unsolicited Commerial Email (Spam). Unless you are sure that this message is incorrectly thoght to be Spam, please delete this message without opening it. Onpening Spam messages might allow the Spammer to verify your email address. If you believe that this message has been uncorrectly marked a spam, please forward this email to whitelist@our-company.com ------------------------------ When this technique is combined with good {Spam?} and {High Spam?} scoring, it might allow the identification of false positives while hiding offensive images and messages. Note that email to whitelist@ourcompany.com is not automatically whitelisted but examined to see if it should be. Thoughts? On Fri, 2003-05-16 at 06:01, Julian Field wrote: > At 10:19 16/05/2003, you wrote: > >Brilliant !!! Thanks Julian. > > > >I am 100% happy with your solution. But if I may push my luck... How > >difficult would it be to transfer this header line into an attachment to > >the message named something like "spam_score_details.txt", and get the > >list of test & scores in a neat format with carriage returns after each > >score, and an explanation at the top for the user saying something like > >"Your MailScanner system has performed the following tests to determine if > >it was spam. Please see yout local IT officer for more details". Or leave > >us to create that piece of text so that we can add our contact details, etc.? > > Not keen on that. MailScanner doesn't mess with the message more than it > has to, and this would create an attachment on every single message. Even > if you just do this with spam, you are adding to your spam load problem, > not reducing it. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Stephen Swaney Linux Systems Solutions, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030516/fa59808d/attachment.html From mailscanner at ecs.soton.ac.uk Fri May 16 13:50:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <1053087080.1342.22.camel@speedy> References: <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> The bit I'm not sure about here is what to do with multipart-alternative messages (where you have HTML and plain-text versions). These already have more than 1 part, so I'm not sure what to put in the "attachment" that contains the original message. If I delete the plain-text version, all the pine/mutt users in the world will hate me. But if I delete the HTML version, all the Outlook users in the world will hate me. Any ideas what the system this firm has created actually does with the message? Do we have the ability to be able to pipe messages through it to find out? Or do you know who created it, as I might be able to extract the answer from their tech support :-) At 13:11 16/05/2003, you wrote: >I agree with not messing with the message, but one firm has created a >system where when a message is detected as spam, the original spam is >encapsulated as a attachment to a message that reads: > >----------------------------- > >Our mailscanner believes that the attachment to this message sent to you by > > spammer@junkmail.com > >Subject: > > Work from Home, Make big Bucks!!! > >is Unsolicited Commerial Email (Spam). Unless you are sure that this >message is incorrectly thoght to be Spam, please delete this message >without opening it. Onpening Spam messages might allow the Spammer to >verify your email address. > >If you believe that this message has been uncorrectly marked a spam, >please forward this email to >whitelist@our-company.com > >------------------------------ > >When this technique is combined with good {Spam?} and {High Spam?} >scoring, it might allow the identification of false positives while hiding >offensive images and messages. > >Note that email to whitelist@ourcompany.com is >not automatically whitelisted but examined to see if it should be. > >Thoughts? > > >On Fri, 2003-05-16 at 06:01, Julian Field wrote: >> >>At 10:19 16/05/2003, you wrote: >> >Brilliant !!! Thanks Julian. >> > >> >I am 100% happy with your solution. But if I may push my luck... How >> >difficult would it be to transfer this header line into an attachment to >> >the message named something like "spam_score_details.txt", and get the >> >list of test & scores in a neat format with carriage returns after each >> >score, and an explanation at the top for the user saying something like >> >"Your MailScanner system has performed the following tests to determine if >> >it was spam. Please see yout local IT officer for more details". Or leave >> >us to create that piece of text so that we can add our contact details, >> etc.? >> >>Not keen on that. MailScanner doesn't mess with the message more than it >>has to, and this would create an attachment on every single message. Even >>if you just do this with spam, you are adding to your spam load problem, >>not reducing it. >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > > > > >-- > >Stephen Swaney <Steve@swaney.com> > >Linux Systems Solutions, Inc. > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030516/4fbb9a4a/attachment.html From Steve at swaney.com Fri May 16 13:57:42 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> Message-ID: <1053089862.1351.25.camel@speedy> I'll find out what thet do and get back to you. On Fri, 2003-05-16 at 08:50, Julian Field wrote: > The bit I'm not sure about here is what to do with > multipart-alternative messages (where you have HTML and plain-text > versions). These already have more than 1 part, so I'm not sure what > to put in the "attachment" that contains the original message. > > If I delete the plain-text version, all the pine/mutt users in the > world will hate me. But if I delete the HTML version, all the Outlook > users in the world will hate me. > > Any ideas what the system this firm has created actually does with the > message? > Do we have the ability to be able to pipe messages through it to find > out? Or do you know who created it, as I might be able to extract the > answer from their tech support :-) > > At 13:11 16/05/2003, you wrote: > > > I agree with not messing with the message, but one firm has created > > a system where when a message is detected as spam, the original spam > > is encapsulated as a attachment to a message that reads: > > > > ----------------------------- > > > > Our mailscanner believes that the attachment to this message sent to > > you by > > > > spammer@junkmail.com > > > > Subject: > > > > Work from Home, Make big Bucks!!! > > > > is Unsolicited Commerial Email (Spam). Unless you are sure that this > > message is incorrectly thoght to be Spam, please delete this message > > without opening it. Onpening Spam messages might allow the Spammer > > to verify your email address. > > > > If you believe that this message has been uncorrectly marked a spam, > > please forward this email to whitelist@our-company.com > > > > ------------------------------ > > > > When this technique is combined with good {Spam?} and {High Spam?} > > scoring, it might allow the identification of false positives while > > hiding offensive images and messages. > > > > Note that email to whitelist@ourcompany.com is not automatically > > whitelisted but examined to see if it should be. > > > > Thoughts? > > > > > > On Fri, 2003-05-16 at 06:01, Julian Field wrote: > > > > > > > > > > > At 10:19 > > > 16/05/2003, you wrote: > > > >Brilliant !!! Thanks Julian. > > > > > > > >I am 100% happy with your solution. But if I may push my > > > luck... How > > > >difficult would it be to transfer this header line into an attachment > > > to > > > >the message named something like "spam_score_details.txt", > > > and get the > > > >list of test & scores in a neat format with carriage returns > > > after each > > > >score, and an explanation at the top for the user saying something > > > like > > > >"Your MailScanner system has performed the following tests to > > > determine if > > > >it was spam. Please see yout local IT officer for more details". > > > Or leave > > > >us to create that piece of text so that we can add our contact > > > details, etc.? > > > > > > Not keen on that. MailScanner doesn't mess with the message more than > > > it > > > has to, and this would create an attachment on every single message. > > > Even > > > if you just do this with spam, you are adding to your spam load > > > problem, > > > not reducing it. > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks > > > transtec Computers for their > > > support > > > > > > > > > > > > -- > > > > Stephen Swaney > > > > > > Linux Systems Solutions, Inc. > > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030516/b6d06117/attachment.html From john at TRADOC.FR Fri May 16 13:57:19 2003 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <1053087080.1342.22.camel@speedy> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> Message-ID: On Fri, 16 May 2003 13:50:04 +0100, Julian Field wrote: > The bit I'm not sure about here is what to do with multipart-alternative > messages (where you have HTML and plain-text versions). These already have > more than 1 part, so I'm not sure what to put in the "attachment" that > contains the original message. > > If I delete the plain-text version, all the pine/mutt users in the world > will hate me. But if I delete the HTML version, all the Outlook users in > the world will hate me. Why delete either part? Couldn't you just put the entire original message, complete with all headers, in a message/rfc822 part. John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ From mailscanner at ecs.soton.ac.uk Fri May 16 14:17:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: References: <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <1053087080.1342.22.camel@speedy> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030516141651.0e2a8428@imap.ecs.soton.ac.uk> At 13:57 16/05/2003, you wrote: >On Fri, 16 May 2003 13:50:04 +0100, Julian Field wrote: > > The bit I'm not sure about here is what to do with multipart-alternative > > messages (where you have HTML and plain-text versions). These already have > > more than 1 part, so I'm not sure what to put in the "attachment" that > > contains the original message. > > > > If I delete the plain-text version, all the pine/mutt users in the world > > will hate me. But if I delete the HTML version, all the Outlook users in > > the world will hate me. > >Why delete either part? Couldn't you just put the entire original >message, complete with all headers, in a message/rfc822 part. Anyone know what mutt pine Eudora Outlook Express Outlook do when given an rfc822 containing lots of parts? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From john at TRADOC.FR Fri May 16 14:30:16 2003 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <5.2.0.9.2.20030516141651.0e2a8428@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <1053087080.1342.22.camel@speedy> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516141651.0e2a8428@imap.ecs.soton.ac.uk> Message-ID: On Fri, 16 May 2003 14:17:29 +0100, Julian Field wrote: > Anyone know what > mutt > pine > Eudora > Outlook Express > Outlook > do when given an rfc822 containing lots of parts? Outlook (2000 or 2002, don't know about earlier versions) do the right thing, i.e. show the rfc822 as an attachment which you can then open exactly as if it were a normal message, regardless of what parts it has. OTOH, Eudora 4.x doesn't understand message/rfc822 at all. No idea about Eudora 5.x nor any of the others you mention. FWIW, Fort? Agent also handles message/rfc822 properly, and indeed its "Forward Verbatim" option generates precisely this structure. John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ From steve.freegard at LBSLTD.CO.UK Fri May 16 14:34:11 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header Message-ID: <67D9E7698329D411936E00508B6590B902793881@neelix.lbsltd.co.uk> This is a really good idea - as long as there is still a way of extracting the original unaltered message for piping through sa-learn for any false positive/negatives. This whould also please the Exchange users that can only get messages out of the Public Folders using IMAP in either HTML or Plain-text but not in the original form when training Bayes from Exchange. Ideally you'd end up with a new message saying that the mail might be spam with a nice explaination to the users and the original message attached (without the {SPAM?} or X-MailScanner-... Headers etc.) which you could run a script over to extract the message/rfc822 attachments into mbox format and run sa-learn on that... Regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services. -----Original Message----- From: John Wilcock [mailto:john@TRADOC.FR] Sent: 16 May 2003 13:57 To: MAILSCANNER@JISCMAIL.AC.UK On Fri, 16 May 2003 13:50:04 +0100, Julian Field wrote: > The bit I'm not sure about here is what to do with multipart-alternative > messages (where you have HTML and plain-text versions). These already have > more than 1 part, so I'm not sure what to put in the "attachment" that > contains the original message. > > If I delete the plain-text version, all the pine/mutt users in the world > will hate me. But if I delete the HTML version, all the Outlook users in > the world will hate me. Why delete either part? Couldn't you just put the entire original message, complete with all headers, in a message/rfc822 part. John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From steve.freegard at LBSLTD.CO.UK Fri May 16 14:38:16 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header Message-ID: <67D9E7698329D411936E00508B6590B902793883@neelix.lbsltd.co.uk> Julian, How about creating a message like this and posting it to the list?? - that way everyone can try their mailers and post reports back to the list. I'd be able to do Pine, Outlook 97/98/2000/2002/2003 Beta, Entourage, Mozilla, Mail.app etc. except that I haven't got a clue how to create a message like this. Regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 16 May 2003 14:17 To: MAILSCANNER@JISCMAIL.AC.UK At 13:57 16/05/2003, you wrote: >On Fri, 16 May 2003 13:50:04 +0100, Julian Field wrote: > > The bit I'm not sure about here is what to do with multipart-alternative > > messages (where you have HTML and plain-text versions). These already have > > more than 1 part, so I'm not sure what to put in the "attachment" that > > contains the original message. > > > > If I delete the plain-text version, all the pine/mutt users in the world > > will hate me. But if I delete the HTML version, all the Outlook users in > > the world will hate me. > >Why delete either part? Couldn't you just put the entire original >message, complete with all headers, in a message/rfc822 part. Anyone know what mutt pine Eudora Outlook Express Outlook do when given an rfc822 containing lots of parts? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From Steve at swaney.com Fri May 16 14:39:58 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: References: <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <1053087080.1342.22.camel@speedy> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516141651.0e2a8428@imap.ecs.soton.ac.uk> Message-ID: <1053092398.1342.29.camel@speedy> The short answer is The firm only uses Outlook. Perhaps encapulation could be an option that could be enabled if all the users had message/rfc822 complaint browsers. Steve Steve Swaney Steve@Swaney.com On Fri, 2003-05-16 at 09:30, John Wilcock wrote: > On Fri, 16 May 2003 14:17:29 +0100, Julian Field wrote: > > Anyone know what > > mutt > > pine > > Eudora > > Outlook Express > > Outlook > > do when given an rfc822 containing lots of parts? > > Outlook (2000 or 2002, don't know about earlier versions) do the right > thing, i.e. show the rfc822 as an attachment which you can then open > exactly as if it were a normal message, regardless of what parts it > has. > > OTOH, Eudora 4.x doesn't understand message/rfc822 at all. > No idea about Eudora 5.x nor any of the others you mention. > > FWIW, Fort? Agent also handles message/rfc822 properly, and indeed its > "Forward Verbatim" option generates precisely this structure. > > > John. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030516/2e6712b4/attachment.html From P.G.M.Peters at civ.utwente.nl Fri May 16 14:55:08 2003 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:18:07 2006 Subject: spam score for each test in header In-Reply-To: <5.2.0.9.2.20030516141651.0e2a8428@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <1053087080.1342.22.camel@speedy> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516141651.0e2a8428@imap.ecs.soton.ac.uk> Message-ID: <8br9cvk46cu49rqo3857trj9r081pkiffn@4ax.com> On Fri, 16 May 2003 14:17:29 +0100, you wrote: >At 13:57 16/05/2003, you wrote: >>On Fri, 16 May 2003 13:50:04 +0100, Julian Field wrote: >> > The bit I'm not sure about here is what to do with multipart-alternative >> > messages (where you have HTML and plain-text versions). These already have >> > more than 1 part, so I'm not sure what to put in the "attachment" that >> > contains the original message. >> > >> > If I delete the plain-text version, all the pine/mutt users in the world >> > will hate me. But if I delete the HTML version, all the Outlook users in >> > the world will hate me. >> >>Why delete either part? Couldn't you just put the entire original >>message, complete with all headers, in a message/rfc822 part. > >Anyone know what > mutt > pine > Eudora > Outlook Express > Outlook >do when given an rfc822 containing lots of parts? I know Agent sometimes sees the rfc-attachment as a seperate message so you end up with two messages. I haven't figured out exacly what the conditions are that does trigger Agent in that way. I have had it last year in some cases. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From timhunt at USERS.SOURCEFORGE.NET Fri May 16 14:57:38 2003 From: timhunt at USERS.SOURCEFORGE.NET (Tim Hunt) Date: Thu Jan 12 21:18:08 2006 Subject: spam score for each test in header In-Reply-To: <1053089862.1351.25.camel@speedy> References: <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <1053089862.1351.25.camel@speedy> Message-ID: <1053093458.32098.4.camel@phobos.internal> I believe the way to do this is to embed the whole message, headers and all, as content-type message/rfc822. The easy way to verify this is to forward an existing email as an attachment in Mozilla, or most other email programs, and then look at the message source. Tim On Fri, 2003-05-16 at 08:57, Stephen Swaney wrote: > I'll find out what thet do and get back to you. > > > On Fri, 2003-05-16 at 08:50, Julian Field wrote: > > > The bit I'm not sure about here is what to do with > > multipart-alternative messages (where you have HTML and plain-text > > versions). These already have more than 1 part, so I'm not sure what > > to put in the "attachment" that contains the original message. > > > > If I delete the plain-text version, all the pine/mutt users in the > > world will hate me. But if I delete the HTML version, all the > > Outlook users in the world will hate me. > > > > Any ideas what the system this firm has created actually does with > > the message? > > Do we have the ability to be able to pipe messages through it to > > find out? Or do you know who created it, as I might be able to > > extract the answer from their tech support :-) > > > > At 13:11 16/05/2003, you wrote: > > > > > I agree with not messing with the message, but one firm has > > > created a system where when a message is detected as spam, the > > > original spam is encapsulated as a attachment to a message that > > > reads: > > > > > > ----------------------------- > > > > > > Our mailscanner believes that the attachment to this message sent > > > to you by > > > > > > spammer@junkmail.com > > > > > > Subject: > > > > > > Work from Home, Make big Bucks!!! > > > > > > is Unsolicited Commerial Email (Spam). Unless you are sure that > > > this message is incorrectly thoght to be Spam, please delete this > > > message without opening it. Onpening Spam messages might allow the > > > Spammer to verify your email address. > > > > > > If you believe that this message has been uncorrectly marked a > > > spam, please forward this email to whitelist@our-company.com > > > > > > ------------------------------ > > > > > > When this technique is combined with good {Spam?} and {High Spam?} > > > scoring, it might allow the identification of false positives > > > while hiding offensive images and messages. > > > > > > Note that email to whitelist@ourcompany.com is not automatically > > > whitelisted but examined to see if it should be. > > > > > > Thoughts? > > > > > > > > > On Fri, 2003-05-16 at 06:01, Julian Field wrote: > > > > > > > At 10:19 > > > > 16/05/2003, you wrote: > > > > >Brilliant !!! Thanks Julian. > > > > > > > > > >I am 100% happy with your solution. But if I may push my > > > > luck... How > > > > >difficult would it be to transfer this header line into an attachment > > > > to > > > > >the message named something like "spam_score_details.txt", > > > > and get the > > > > >list of test & scores in a neat format with carriage returns > > > > after each > > > > >score, and an explanation at the top for the user saying something > > > > like > > > > >"Your MailScanner system has performed the following tests to > > > > determine if > > > > >it was spam. Please see yout local IT officer for more details". > > > > Or leave > > > > >us to create that piece of text so that we can add our contact > > > > details, etc.? > > > > > > > > Not keen on that. MailScanner doesn't mess with the message more than > > > > it > > > > has to, and this would create an attachment on every single message. > > > > Even > > > > if you just do this with spam, you are adding to your spam load > > > > problem, > > > > not reducing it. > > > > -- > > > > Julian Field > > > > www.MailScanner.info > > > > MailScanner thanks > > > > transtec Computers for their > > > > support > > > > > > > > > > > > > > > -- > > > > > > Stephen Swaney > > > > > > > > > Linux Systems Solutions, Inc. > > > > > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030516/d195b075/attachment.html From acragg-lists at CTF.COM Fri May 16 16:08:50 2003 From: acragg-lists at CTF.COM (Alan Cragg - Lists) Date: Thu Jan 12 21:18:08 2006 Subject: Mail stuck in queue after update Message-ID: <25CD9D00BF60EA46B6ED0C22E8EB798624F5F5@arathorn.ctf.com> Hello, ? I updated spamassassin to 2.54 but did not update MailScanner first. As a result mail was being processed from mqueue.in by MailScanner and put in mqueue. Then sendmail would complain about a bogus file uid/gid and not send it. Upgrading to the latest MailScanner fixed the problem but the mail accumulated during this process is still stuck in the queue (mqueue). ? Is there any way to get sendmail to send these out? ? Thanks for any help! ? Alan From mailscanner at ecs.soton.ac.uk Fri May 16 16:23:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: Mail stuck in queue after update In-Reply-To: <25CD9D00BF60EA46B6ED0C22E8EB798624F5F5@arathorn.ctf.com> Message-ID: <5.2.0.9.2.20030516162241.035dc008@imap.ecs.soton.ac.uk> At 16:08 16/05/2003, you wrote: >Hello, > >I updated spamassassin to 2.54 but did not update MailScanner first. >As a result mail was being processed from mqueue.in by MailScanner and put >in mqueue. >Then sendmail would complain about a bogus file uid/gid and not send it. >Upgrading to the latest MailScanner fixed the problem but the mail >accumulated during this process is still stuck in the queue (mqueue). If the mail is in qf* and df* files, then the next time the queue is run by sendmail it will all get sent. If they have been renamed to Qf* then you will need to rename them back again. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Denis.Beauchemin at USHERBROOKE.CA Fri May 16 16:28:43 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:08 2006 Subject: OT: help with SA scores In-Reply-To: References: Message-ID: <1053098923.14290.297.camel@dbeauchemin.si.usherbrooke.ca> Thanks! It was not in my man page. Turns out I was presented with an old manpage... I deleted it and now I see the current one. Denis Le jeu 15/05/2003 ? 21:28, Mark Nienberg a ?crit : > From the man page for Mail::SpamAssassin::Conf > > If only one valid score is listed, then that score is always used for a > test. > > If four valid scores are listed, then the score that is used > depends on how SpamAssassin is being > used. The first score is used when both Bayes and network > tests are disabled. The second score is > used when Bayes is disabled, but network tests are enabled. > The third score is used when Bayes is > enabled and network tests are disabled. The fourth score is > used when Bayes is enabled and net- > work tests are enabled. > > Mark Nienberg > > On Thursday, May 15, 2003, at 06:48 AM, Denis Beauchemin wrote: > > > Hello, > > > > Could someone shed some light on the 4 numbers in SA score file: > > /usr/share/spamassassin/50_scores.cf:score FORGED_MUA_OIMO 4.295 2.799 > > 4.295 2.796 > > > > Some users are getting their Outlook calendar emails flagged as SPAM > > and > > I believe the FORGED_MUA_OIMO is the culprit. > > > > Before I lower the score of this parameter I would like to understand > > why there are 4 different scores for it. > > > > Should I lower this parameter or whitelist my entire domain (it was not > > necessary until now)? > > > > Thanks again! > > -- > > Denis Beauchemin, analyste > > Universit? de Sherbrooke, S.T.I. > > T: 819.821.8000x2252 F: 819.821.8045 -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From Denis.Beauchemin at USHERBROOKE.CA Fri May 16 16:33:47 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:08 2006 Subject: Another one for language.conf Message-ID: <1053099227.14290.304.camel@dbeauchemin.si.usherbrooke.ca> Hi, In an email I received after sending illegal file attachments (.exe and .scr) there was an English word that I would like to be able to translate in French without having to mess into Message.pm: # cd /usr/lib/MailScanner/MailScanner # grep Report: * Message.pm: $report = join('Report: ', @everyreport); Message.pm: my $rept = join(' Report: ', @everyrept); Message.pm: " Report: $rept\n"; Could it be added to languages.conf if not already in the latest version (I am running mailscanner-4.14-9)? Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From bradley at BRADPATTERSON.COM Fri May 16 17:38:31 2003 From: bradley at BRADPATTERSON.COM (Brad Patterson) Date: Thu Jan 12 21:18:08 2006 Subject: Lost text and attachments (Eudora+Cyrus issue) Message-ID: Julian: Unfortunately this did not resolve my issue. The message in the syslog about fixing the awkward mime boundary is gone, but the message still gets passed with no text, attachments, and no MailScanner headers. I am attempting to replicate the sender's environment for testing purposes. Thanks for the quick reply. -- Brad Patterson > Around line 533 of /usr/lib/MailScanner/MailScanner/SweepContent.pm, you > will find this line: > > FixSubstringBoundaries($message, $id); > > Try commenting this out and re-run MailScanner. > If the original Cyrus/Eudora problem has been fixed for a long time, then I > will just get rid of this code altogether. From ree at THUNDERSTAR.NET Fri May 16 06:59:30 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question Message-ID: For all the dcc users - I am installing dcc by following the instructionsin the spamassassin install doc. The relevant part of the spamassassin doc says: To install it, download http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z and perform the following steps: # tar xfvz dcc-dccproc.tar.Z # cd dcc-dccproc-X.X.X # ./configure && make && make install # cdcc 'info' The last command will give some output. One line of it should contain something like: dcc.rhyolite.com,- RTT+0 ms anon When I did this, however, I got: # 05/14/03 22:59:34 PDT /var/dcc/map # Will re-resolve names after 00:57:55 # 9 total addresses 0 working IPv6 off dcc.dcc-servers.net,- RTT+0 ms anon # 137.118.60.88,- dccpub1.neonova.net # not answering # 153.19.44.233,- coral.ely.pg.gda.pl # not answering # 192.188.61.3,- calcite.rhyolite.com # not answering # 195.74.212.70,- dcc-1.be.wanadoo.com # not answering # 203.147.165.193,- bne609lc.server-web.com # not answering # 206.169.162.65,- # not answering # 216.68.107.162,- gypsy.xactcommerce.com # not answering # 216.158.54.131,- ns1.etherboy.com # not answering localhost.localdomain,- RTT-1000 ms 32768 2016319872x336 # 127.0.0.1,- localhost.localdomain # not answering This is obviously different - anyone know if this is allright or is there something amiss with my install? Thanks, Ron From ree at THUNDERSTAR.NET Fri May 16 10:01:58 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question In-Reply-To: Message-ID: On Fri, 16 May 2003, Gerry Doris wrote: > On Fri, 16 May 2003, Ron E. wrote: > > > For all the dcc users - > > > > > > I am installing dcc by following the instructionsin the spamassassin > > install doc. The relevant part of the spamassassin doc says: > > > > To install it, download > > http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z and > > perform the following steps: > > > > # tar xfvz dcc-dccproc.tar.Z > > # cd dcc-dccproc-X.X.X > > # ./configure && make && make install > > # cdcc 'info' > > > > The last command will give some output. One line of it should contain > > something like: > > > >snip... > > > >snip... > > This is obviously different - anyone know if this is allright or is there > > something amiss with my install? > > > > > > Thanks, > > > > Ron > > I just ran the same command and got the same results. The good part is > that DCC is working with MailScanner + SpamAssassin so I believe you > should be ok. > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > Thanks for all the responses - that seems find so I'm continuing with Pyzor - anyone have any comments for or against using it? And anyone know where there is a mirror of it? (sourceforge is down at the moment.) Thanks, Ron From ree at THUNDERSTAR.NET Fri May 16 10:19:18 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:08 2006 Subject: spamassassin install problem Message-ID: Installing spamassassin under RedHat 9, with prerequisites installed, I am running into the following: [root@smtp2 Mail-SpamAssassin-2.54]# perl Makefile.PL Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' locate pod2man yields valid location for it, also other perl modules do not have this problem. Anyone seen this/have any suggestions? Thanks, Ron From ree at THUNDERSTAR.NET Fri May 16 10:46:30 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:08 2006 Subject: spamassassin install problem In-Reply-To: Message-ID: On Fri, 16 May 2003, Raymond Dijkxhoorn wrote: > Hi! > > > Installing spamassassin under RedHat 9, with prerequisites installed, I am > > running into the following: > > > > [root@smtp2 Mail-SpamAssassin-2.54]# perl Makefile.PL > > > > Warning: I could not locate your pod2man program. Please make sure, > > your pod2man program is in your PATH before you execute 'make' > > Browse back the mailinglist archives please, this has been mentioned > before. You have to fix your language settings... > > Bye, > Raymond. > Thanks very much, Raymond, and sorry about that - I definitely should have searched the list first. All fine now. Regards, Ron From ree at THUNDERSTAR.NET Fri May 16 10:47:50 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question In-Reply-To: Message-ID: On Fri, 16 May 2003, Desai, Jason wrote: > > Thanks for all the responses - that seems find so I'm continuing with > > Pyzor - anyone have any comments for or against using it? > > I would suggest using it. It works good for me. > > > And anyone know where there is a mirror of it? (sourceforge > > is down at the > > moment.) > > I don't know of a mirror. I can email it to you off list if you like. > > Jason > Thanks Jason - Sourceforge came up of course, right after I posted this. :) Great how responsive this list is, though. I guess all of us realize that a quick response could mean a mail system being up or down... Regards, Ron From mike at CAMAROSS.NET Fri May 16 18:20:34 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question In-Reply-To: Message-ID: <002701c31bcf$769cbeb0$a91cbdcf@home.middlefinger.net> Should be fine > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > Sent: Friday, May 16, 2003 1:00 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: dcc install question > > > For all the dcc users - > > > I am installing dcc by following the instructionsin the > spamassassin install doc. The relevant part of the > spamassassin doc says: > > To install it, download > http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z and > perform the following steps: > > # tar xfvz dcc-dccproc.tar.Z > # cd dcc-dccproc-X.X.X > # ./configure && make && make install > # cdcc 'info' > > The last command will give some output. One line of it > should contain > something like: > > dcc.rhyolite.com,- RTT+0 ms anon > > When I did this, however, I got: > > # 05/14/03 22:59:34 PDT /var/dcc/map > # Will re-resolve names after 00:57:55 > # 9 total addresses 0 working > IPv6 off > > dcc.dcc-servers.net,- RTT+0 ms anon > # 137.118.60.88,- dccpub1.neonova.net > # not answering > # 153.19.44.233,- coral.ely.pg.gda.pl > # not answering > # 192.188.61.3,- calcite.rhyolite.com > # not answering > # 195.74.212.70,- dcc-1.be.wanadoo.com > # not answering > # 203.147.165.193,- bne609lc.server-web.com > # not answering > # 206.169.162.65,- > # not answering > # 216.68.107.162,- gypsy.xactcommerce.com > # not answering > # 216.158.54.131,- ns1.etherboy.com > # not answering > > localhost.localdomain,- RTT-1000 ms 32768 2016319872x336 > # 127.0.0.1,- localhost.localdomain > # not answering > > > This is obviously different - anyone know if this is allright > or is there something amiss with my install? > > > Thanks, > > Ron > > From jase at SENSIS.COM Fri May 16 18:40:03 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question Message-ID: I seem to remember seeing something similar. I think you're ok. To be sure, run "spamassassin -D -t < sample-spam.txt" and make sure you see DCC being used in the debug output. Jason > -----Original Message----- > From: Ron E. [mailto:ree@THUNDERSTAR.NET] > Sent: Friday, May 16, 2003 2:00 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] dcc install question > > > For all the dcc users - > > > I am installing dcc by following the instructionsin the spamassassin > install doc. The relevant part of the spamassassin doc says: > > To install it, download > http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z and > perform the following steps: > > # tar xfvz dcc-dccproc.tar.Z > # cd dcc-dccproc-X.X.X > # ./configure && make && make install > # cdcc 'info' > > The last command will give some output. One line of it > should contain > something like: > > dcc.rhyolite.com,- RTT+0 ms anon > > When I did this, however, I got: > > # 05/14/03 22:59:34 PDT /var/dcc/map > # Will re-resolve names after 00:57:55 > # 9 total addresses 0 working > IPv6 off > > dcc.dcc-servers.net,- RTT+0 ms anon > # 137.118.60.88,- dccpub1.neonova.net > # not answering > # 153.19.44.233,- coral.ely.pg.gda.pl > # not answering > # 192.188.61.3,- calcite.rhyolite.com > # not answering > # 195.74.212.70,- dcc-1.be.wanadoo.com > # not answering > # 203.147.165.193,- bne609lc.server-web.com > # not answering > # 206.169.162.65,- > # not answering > # 216.68.107.162,- gypsy.xactcommerce.com > # not answering > # 216.158.54.131,- ns1.etherboy.com > # not answering > > localhost.localdomain,- RTT-1000 ms 32768 2016319872x336 > # 127.0.0.1,- localhost.localdomain > # not answering > > > This is obviously different - anyone know if this is allright > or is there > something amiss with my install? > > > Thanks, > > Ron > From mailscanner at ecs.soton.ac.uk Fri May 16 18:41:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: Lost text and attachments (Eudora+Cyrus issue) In-Reply-To: Message-ID: <5.2.1.1.2.20030516183857.021d0d70@imap.ecs.soton.ac.uk> In which case I don't understand what is going wrong. Take a look at the raw message text to see if you can see anything wrong with it. Nothing else should re-write the MIME boundary. At 17:38 16/05/2003, you wrote: >Julian: > >Unfortunately this did not resolve my issue. The message in the syslog >about fixing the >awkward mime boundary is gone, but the message still gets passed with no text, >attachments, and no MailScanner headers. > >I am attempting to replicate the sender's environment for testing >purposes. Thanks for the >quick reply. > >-- >Brad Patterson > > > > Around line 533 of /usr/lib/MailScanner/MailScanner/SweepContent.pm, you > > will find this line: > > > > FixSubstringBoundaries($message, $id); > > > > Try commenting this out and re-run MailScanner. > > If the original Cyrus/Eudora problem has been fixed for a long time, then I > > will just get rid of this code altogether. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri May 16 18:38:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: Calling all translators! In-Reply-To: <1053099227.14290.304.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.1.1.2.20030516183654.021d7560@imap.ecs.soton.ac.uk> Please can you all translate the word Report into the languages supported by MailScanner (i.e. as many different languages as you can). This is used in the virus reports, such as Report: foobar.exe infected by W32/Fizzer Many thanks everyone! At 16:33 16/05/2003, you wrote: >Hi, > >In an email I received after sending illegal file attachments (.exe and >.scr) there was an English word that I would like to be able to >translate in French without having to mess into Message.pm: ># cd /usr/lib/MailScanner/MailScanner ># grep Report: * >Message.pm: $report = join('Report: ', @everyreport); >Message.pm: my $rept = join(' Report: ', @everyrept); >Message.pm: " Report: $rept\n"; > >Could it be added to languages.conf if not already in the latest version >(I am running mailscanner-4.14-9)? > >Thanks again! > >Denis >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From rfabara at NOVADEVICES.COM Fri May 16 18:59:57 2003 From: rfabara at NOVADEVICES.COM (DIEGO FABARA NOVA 1) Date: Thu Jan 12 21:18:08 2006 Subject: Blacklist wrong ?? Message-ID: <00bd01c31bd4$f8d7e120$0d01a8c0@rfabara> I need sign only my outgoing emails, then my conf files are: In my MailScanner.conf : Is Definitely Spam = /home/etc/MailScanner/rules/spam.blacklist.rules My /home/etc/MailScanner/rules/spam.blacklist.rules file : ##Archivo de Configuraci?n spam.blacklist.rules## To: drfabara@hotmail.com yes FromTo: default no # Fin de Archivo But the system don't filter ..Why ?? What's wrong ? -- Este mensaje ha sido analizado por InetCheckMail en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ La informaci?n contenida en este mensaje electr?nico es confidencial y s?lo puede ser utilizada por el individuo o la compa??a a la cual est? dirigido. Cualquier retenci?n, difusi?n, distribuci?n o copia de este mensaje es prohibida y sancionada por la ley. La compa??a no asume responsabilidad sobre informaci?n, opiniones o criterios contenidos en este mensaje que no este relacionada con negocios oficiales de nuestra empresa. www.novadevices.com ************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030516/71a4f17a/attachment.html From Denis.Beauchemin at USHERBROOKE.CA Fri May 16 19:13:06 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:08 2006 Subject: Calling all translators! In-Reply-To: <5.2.1.1.2.20030516183654.021d7560@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030516183654.021d7560@imap.ecs.soton.ac.uk> Message-ID: <1053108785.14290.428.camel@dbeauchemin.si.usherbrooke.ca> Hello Julian, In French: Rapport: or (analysis) Analyse: I think analysis may be better than report. What do you think? Thanks! Denis Le ven 16/05/2003 ? 13:38, Julian Field a ?crit : > Please can you all translate the word > Report > into the languages supported by MailScanner (i.e. as many different > languages as you can). > > This is used in the virus reports, such as > Report: foobar.exe infected by W32/Fizzer > > Many thanks everyone! > > At 16:33 16/05/2003, you wrote: > >Hi, > > > >In an email I received after sending illegal file attachments (.exe and > >.scr) there was an English word that I would like to be able to > >translate in French without having to mess into Message.pm: > ># cd /usr/lib/MailScanner/MailScanner > ># grep Report: * > >Message.pm: $report = join('Report: ', @everyreport); > >Message.pm: my $rept = join(' Report: ', @everyrept); > >Message.pm: " Report: $rept\n"; > > > >Could it be added to languages.conf if not already in the latest version > >(I am running mailscanner-4.14-9)? > > > >Thanks again! > > > >Denis > >-- > >Denis Beauchemin, analyste > >Universit? de Sherbrooke, S.T.I. > >T: 819.821.8000x2252 F: 819.821.8045 -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From kevins at BMRB.CO.UK Fri May 16 19:23:40 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175450@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175450@pascal.priv.bmrb.co.uk> Message-ID: <1053109423.6966.3.camel@bach.kevinspicer.co.uk> Maybe you haven't opened the necessary firewall port (6277 udp) this will prevent dcc from finding any servers. Unfortunately you won't immediately see the effect of opening that port as DCC caches results for several hours, and if connects fail it won't try again until next due. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From gerry at DORFAM.CA Fri May 16 19:39:00 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question In-Reply-To: Message-ID: On Fri, 16 May 2003, Ron E. wrote: > For all the dcc users - > > > I am installing dcc by following the instructionsin the spamassassin > install doc. The relevant part of the spamassassin doc says: > > To install it, download > http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z and > perform the following steps: > > # tar xfvz dcc-dccproc.tar.Z > # cd dcc-dccproc-X.X.X > # ./configure && make && make install > # cdcc 'info' > > The last command will give some output. One line of it should contain > something like: > >snip... > >snip... > This is obviously different - anyone know if this is allright or is there > something amiss with my install? > > > Thanks, > > Ron I just ran the same command and got the same results. The good part is that DCC is working with MailScanner + SpamAssassin so I believe you should be ok. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mbowman at UDCOM.COM Fri May 16 19:59:33 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:08 2006 Subject: Blacklist wrong ?? Message-ID: You want to blacklist all e-mail going to that account or from? If its from that change the To: to From: that way all e-mail from that address is blacklisted. ( I think you mean From ) Matthew DIEGO FABARA NOVA 1 Sent by: MailScanner mailing list 05/16/2003 01:59 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Blacklist wrong ?? I need sign only my outgoing emails, then my conf files are: In my MailScanner.conf : Is Definitely Spam = /home/etc/MailScanner/rules/spam.blacklist.rules My /home/etc/MailScanner/rules/spam.blacklist.rules file : ##Archivo de Configuraci?n spam.blacklist.rules## To: drfabara@hotmail.com yes FromTo: default no # Fin de Archivo But the system don't filter ..Why ?? What's wrong ? -- Este mensaje ha sido analizado por InetCheckMail en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ La informaci?n contenida en este mensaje electr?nico es confidencial y s?lo puede ser utilizada por el individuo o la compa??a a la cual est? dirigido. Cualquier retenci?n, difusi?n, distribuci?n o copia de este mensaje es prohibida y sancionada por la ley. La compa??a no asume responsabilidad sobre informaci?n, opiniones o criterios contenidos en este mensaje que no este relacionada con negocios oficiales de nuestra empresa. www.novadevices.com ************************************************************** From rfabara at NOVADEVICES.COM Fri May 16 20:07:19 2003 From: rfabara at NOVADEVICES.COM (DIEGO FABARA NOVA 1) Date: Thu Jan 12 21:18:08 2006 Subject: Blacklist wrong ?? References: Message-ID: <00e101c31bde$5fa71160$0d01a8c0@rfabara> All e-mail going to that account ----- Original Message ----- From: "Matthew Bowman" To: Sent: Friday, May 16, 2003 1:59 PM Subject: Re: Blacklist wrong ?? > You want to blacklist all e-mail going to that account or from? > > If its from that change the To: to From: that way all e-mail from that > address is blacklisted. > > ( I think you mean From ) > > Matthew > > > > > > DIEGO FABARA NOVA 1 > Sent by: MailScanner mailing list > 05/16/2003 01:59 PM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Blacklist wrong ?? > > > I need sign only my outgoing emails, then my conf files are: > > In my MailScanner.conf : > > Is Definitely Spam = /home/etc/MailScanner/rules/spam.blacklist.rules > > My /home/etc/MailScanner/rules/spam.blacklist.rules file : > > > ##Archivo de Configuraci?n spam.blacklist.rules## > > To: drfabara@hotmail.com yes > FromTo: default no > > # Fin de Archivo > > But the system don't filter ..Why ?? > > What's wrong ? > > -- > Este mensaje ha sido analizado por InetCheckMail > en busca de virus y otros contenidos peligrosos, > y se considera que est? limpio. > > ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ > > La informaci?n contenida en este mensaje electr?nico es > confidencial y s?lo puede ser utilizada por el individuo o > la compa??a a la cual est? dirigido. > Cualquier retenci?n, difusi?n, distribuci?n o copia de este > mensaje es prohibida y sancionada por la ley. > La compa??a no asume responsabilidad sobre informaci?n, > opiniones o criterios contenidos en este mensaje que no este > relacionada con negocios oficiales de nuestra empresa. > www.novadevices.com > > ************************************************************** > -- Este mensaje ha sido analizado por InetCheckMail en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ La informaci?n contenida en este mensaje electr?nico es confidencial y s?lo puede ser utilizada por el individuo o la compa??a a la cual est? dirigido. Cualquier retenci?n, difusi?n, distribuci?n o copia de este mensaje es prohibida y sancionada por la ley. La compa??a no asume responsabilidad sobre informaci?n, opiniones o criterios contenidos en este mensaje que no este relacionada con negocios oficiales de nuestra empresa. www.novadevices.com ************************************************************** From mbowman at UDCOM.COM Fri May 16 20:09:34 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:08 2006 Subject: Blacklist wrong ?? Message-ID: Ok, then To:
is fine I wonder if your spam.whitelist.rules isn't whitelisting your domains. I believe that if your domains (or domains you relay for) are whitelisted then they are not tagged as SPAM even though anything to an address is. ?? Perhaps someone else can shed some light on this. Matthew DIEGO FABARA NOVA 1 Sent by: MailScanner mailing list 05/16/2003 03:07 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Blacklist wrong ?? All e-mail going to that account ----- Original Message ----- From: "Matthew Bowman" To: Sent: Friday, May 16, 2003 1:59 PM Subject: Re: Blacklist wrong ?? > You want to blacklist all e-mail going to that account or from? > > If its from that change the To: to From: that way all e-mail from that > address is blacklisted. > > ( I think you mean From ) > > Matthew > > > > > > DIEGO FABARA NOVA 1 > Sent by: MailScanner mailing list > 05/16/2003 01:59 PM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Blacklist wrong ?? > > > I need sign only my outgoing emails, then my conf files are: > > In my MailScanner.conf : > > Is Definitely Spam = /home/etc/MailScanner/rules/spam.blacklist.rules > > My /home/etc/MailScanner/rules/spam.blacklist.rules file : > > > ##Archivo de Configuraci?n spam.blacklist.rules## > > To: drfabara@hotmail.com yes > FromTo: default no > > # Fin de Archivo > > But the system don't filter ..Why ?? > > What's wrong ? > > -- > Este mensaje ha sido analizado por InetCheckMail > en busca de virus y otros contenidos peligrosos, > y se considera que est? limpio. > > ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ > > La informaci?n contenida en este mensaje electr?nico es > confidencial y s?lo puede ser utilizada por el individuo o > la compa??a a la cual est? dirigido. > Cualquier retenci?n, difusi?n, distribuci?n o copia de este > mensaje es prohibida y sancionada por la ley. > La compa??a no asume responsabilidad sobre informaci?n, > opiniones o criterios contenidos en este mensaje que no este > relacionada con negocios oficiales de nuestra empresa. > www.novadevices.com > > ************************************************************** > -- Este mensaje ha sido analizado por InetCheckMail en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ La informaci?n contenida en este mensaje electr?nico es confidencial y s?lo puede ser utilizada por el individuo o la compa??a a la cual est? dirigido. Cualquier retenci?n, difusi?n, distribuci?n o copia de este mensaje es prohibida y sancionada por la ley. La compa??a no asume responsabilidad sobre informaci?n, opiniones o criterios contenidos en este mensaje que no este relacionada con negocios oficiales de nuestra empresa. www.novadevices.com ************************************************************** From mike at CAMAROSS.NET Fri May 16 20:12:28 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:08 2006 Subject: Blacklist wrong ?? In-Reply-To: Message-ID: <004101c31bdf$17f78420$a91cbdcf@home.middlefinger.net> Is it possible that you have a ruleset that says NOT to scan emails sent FROM your domain? That might counteract your blacklist. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matthew Bowman > Sent: Friday, May 16, 2003 2:10 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Blacklist wrong ?? > > > Ok, then To:
is fine > > I wonder if your spam.whitelist.rules isn't whitelisting your > domains. I > believe that if your domains (or domains you relay for) are > whitelisted then they are not tagged as SPAM even though > anything to an address is. ?? > > Perhaps someone else can shed some light on this. > > Matthew > > > > > > DIEGO FABARA NOVA 1 > Sent by: MailScanner mailing list > 05/16/2003 03:07 PM Please > respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: Blacklist wrong ?? > > > All e-mail going to that account > ----- Original Message ----- > From: "Matthew Bowman" > To: > Sent: Friday, May 16, 2003 1:59 PM > Subject: Re: Blacklist wrong ?? > > > > You want to blacklist all e-mail going to that account or from? > > > > If its from that change the To: to From: that way all > e-mail from that > > address is blacklisted. > > > > ( I think you mean From ) > > > > Matthew > > > > > > > > > > > > DIEGO FABARA NOVA 1 > > Sent by: MailScanner mailing list > > 05/16/2003 01:59 PM Please respond to MailScanner mailing list > > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > cc: > > Subject: Blacklist wrong ?? > > > > > > I need sign only my outgoing emails, then my conf files are: > > > > In my MailScanner.conf : > > > > Is Definitely Spam = > /home/etc/MailScanner/rules/spam.blacklist.rules > > > > My /home/etc/MailScanner/rules/spam.blacklist.rules file : > > > > > > ##Archivo de Configuraci?n spam.blacklist.rules## > > > > To: drfabara@hotmail.com yes > > FromTo: default no > > > > # Fin de Archivo > > > > But the system don't filter ..Why ?? > > > > What's wrong ? > > > > -- > > Este mensaje ha sido analizado por InetCheckMail > > en busca de virus y otros contenidos peligrosos, > > y se considera que est? limpio. > > > > ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ > > > > La informaci?n contenida en este mensaje electr?nico es > confidencial y > > s?lo puede ser utilizada por el individuo o la compa??a a > la cual est? > > dirigido. Cualquier retenci?n, difusi?n, distribuci?n o > copia de este > > mensaje es prohibida y sancionada por la ley. > > La compa??a no asume responsabilidad sobre informaci?n, > > opiniones o criterios contenidos en este mensaje que no este > > relacionada con negocios oficiales de nuestra empresa. > > www.novadevices.com > > > > ************************************************************** > > > > > -- > Este mensaje ha sido analizado por InetCheckMail > en busca de virus y otros contenidos peligrosos, > y se considera que est? limpio. > > ++++++++++++ Descargo de Responsabilidad ++++++++++++++++++++ > > La informaci?n contenida en este mensaje electr?nico es > confidencial y s?lo puede ser utilizada por el individuo o > la compa??a a la cual est? dirigido. > Cualquier retenci?n, difusi?n, distribuci?n o copia de este > mensaje es prohibida y sancionada por la ley. La compa??a no > asume responsabilidad sobre informaci?n, > opiniones o criterios contenidos en este mensaje que no este > relacionada con negocios oficiales de nuestra empresa. > > www.novadevices.com ************************************************************** From peter at UCGBOOK.COM Fri May 16 20:16:22 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:08 2006 Subject: Calling all translators! In-Reply-To: <5.2.1.1.2.20030516183654.021d7560@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030516183654.021d7560@imap.ecs.soton.ac.uk> Message-ID: <1053112582.2091.65.camel@rocco.bonivart.home> In Swedish: Rapport /Peter Bonivart --Unix lovers do it in the Sun On Fri, 2003-05-16 at 19:38, Julian Field wrote: > Please can you all translate the word > Report > into the languages supported by MailScanner (i.e. as many different > languages as you can). > > This is used in the virus reports, such as > Report: foobar.exe infected by W32/Fizzer > > Many thanks everyone! From wkuiters at FREE.FR Fri May 16 20:27:49 2003 From: wkuiters at FREE.FR (Willem Kuiters) Date: Thu Jan 12 21:18:08 2006 Subject: Calling all translators! In-Reply-To: <1053112582.2091.65.camel@rocco.bonivart.home> References: <5.2.1.1.2.20030516183654.021d7560@imap.ecs.soton.ac.uk> <1053112582.2091.65.camel@rocco.bonivart.home> Message-ID: <20030516192749.GA2580@bragann> On Fri, May 16, 2003 at 09:16:22PM +0200, Peter Bonivart wrote: > On Fri, 2003-05-16 at 19:38, Julian Field wrote: > > Please can you all translate the word > > Report In Dutch: Bericht From dh at UPTIME.AT Fri May 16 20:35:07 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:08 2006 Subject: Calling all translators! In-Reply-To: <5.2.1.1.2.20030516183654.021d7560@imap.ecs.soton.ac.uk> Message-ID: <7FF67AE6-87D5-11D7-9AC8-000393920D6C@uptime.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Freitag, Mai 16, 2003, at 07:38 Uhr, Julian Field wrote: > Please can you all translate the word > Report > into the languages supported by MailScanner (i.e. as many different > languages as you can). > > This is used in the virus reports, such as > Report: foobar.exe infected by W32/Fizzer In German this is a little tricky because the chosen word for the translation depends very much on the context. There are 10 literal translations for the English word "Report" so you go figure... Most would use the literal translation for Report as "Bericht" or even "Report" Yet in this case I would go as far as putting "Achtung" which literally means "Danger" but is often used in German to get someones attention. Achtung: foobar.exe ist mit dem Virus W32/Fizzer-A infiziert. Is a valid translation for what you put above and should accomplish what you trying. - -d - - "Deep into that darkness peering, long I stood there wondering, fearing, - - Doubting, dreaming dreams no mortal ever dared to dream to dream before.." Edgar Allen Poe - The Raven -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+xT1viW/Ta/pxHPQRA2sUAJ0TOCsKeYPtzwgmNegb+7SLHyKF3gCeKfC/ m4mVxq4+hjPBLPgloqXuKRQ= =i1u4 -----END PGP SIGNATURE----- From kevins at BMRB.CO.UK Fri May 16 20:49:39 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175458@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175458@pascal.priv.bmrb.co.uk> Message-ID: <1053114580.7484.12.camel@bach.kevinspicer.co.uk> My output looks like this... # 05/16/03 20:40:03 BST /var/dcc/map # Will re-resolve names after 21:39:58 # 231.96 ms chosen delay 9 total addresses 8 working IPv6 off dcc.dcc-servers.net,- RTT+0 ms anon # 137.118.60.88,- dccpub1.neonova.net neonova server-ID 1127 # 50% of 2 requests ok 726.22+0 ms RTT 50 ms queue wait # 153.19.44.233,- coral.ely.pg.gda.pl WEiAPG server-ID 1072 # 75% of 4 requests ok 765.81+0 ms RTT 259 ms queue wait # 192.188.61.3,- calcite.rhyolite.com Rhyolite server-ID 101 # 100% of 2 requests ok 287.15+0 ms RTT 50 ms queue wait # 195.74.212.70,- dcc-1.be.wanadoo.com wanadoo-be server-ID 1016 # 100% of 7 requests ok 343.42+0 ms RTT 152 ms queue wait # 203.147.165.193,- bne609lc.server-web.com MessageCare server-ID 1108# 100% of 2 requests ok 406.33+0 ms RTT 50 ms queue wait # * 206.169.162.65,- servers server-ID 1049 # 100% of 2 requests ok 231.96+0 ms RTT 68 ms queue wait # 216.68.107.162,- gypsy.xactcommerce.com XactSystems server-ID 1083# 100% of 4 requests ok 619.73+0 ms RTT 52 ms queue wait # 216.158.54.131,- ns1.etherboy.com Etherboy server-ID 1002 # 100% of 1 requests ok 259.29+0 ms RTT 95 ms queue wait localhost.localdomain,- RTT-1000 ms 32768 secret1 # 127.0.0.1,- localhost.localdomain # not answering BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at LISTS.COM.AR Fri May 16 21:02:37 2003 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:18:08 2006 Subject: Calling all translators! In-Reply-To: <3DFD0E385303F649AB7C31D651DEDD000A9B14@mafalda.pert.com.ar> Message-ID: Report= "Reporte" in spanish Leonardo Helman Pert Consultores Argentina On Fri, 16 May 2003, Julian Field wrote: > Please can you all translate the word > Report > into the languages supported by MailScanner (i.e. as many different > languages as you can). > > This is used in the virus reports, such as > Report: foobar.exe infected by W32/Fizzer > > Many thanks everyone! > > At 16:33 16/05/2003, you wrote: From raymond at PROLOCATION.NET Fri May 16 21:27:13 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:08 2006 Subject: spamassassin install problem In-Reply-To: Message-ID: Hi! > Installing spamassassin under RedHat 9, with prerequisites installed, I am > running into the following: > > [root@smtp2 Mail-SpamAssassin-2.54]# perl Makefile.PL > > Warning: I could not locate your pod2man program. Please make sure, > your pod2man program is in your PATH before you execute 'make' Browse back the mailinglist archives please, this has been mentioned before. You have to fix your language settings... Bye, Raymond. From jase at SENSIS.COM Fri May 16 21:29:54 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:08 2006 Subject: dcc install question Message-ID: > Thanks for all the responses - that seems find so I'm continuing with > Pyzor - anyone have any comments for or against using it? I would suggest using it. It works good for me. > And anyone know where there is a mirror of it? (sourceforge > is down at the > moment.) I don't know of a mirror. I can email it to you off list if you like. Jason From tony.johansson at SVENSKAKYRKAN.SE Fri May 16 22:46:37 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:18:08 2006 Subject: file header analysis vs file extension Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0CBD@nt.svenskakyrkan.se> Hello, One major sales argument for Sybaris Antigen is that it examines the file header and not the extension. .exe files renamed to .txt would still be scanned/dropped according to the rule sets. You'd haveto have something actually reading parts of every attachment (like a virus scanner) to determine its "real" extension. Is this at all possible with MailScanner? Any plans of implementing such a feature? I can imagine some company policies not allowing .mp3 files, and users figuring out they can just rename to to .txt getting it through /Tony ps: or they could just put it in a .zip file couldnt they? Does MailScanner care about files inside archives? (apart from viruses that is) From kevins at BMRB.CO.UK Fri May 16 23:06:11 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:08 2006 Subject: file header analysis vs file extension In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175468@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175468@pascal.priv.bmrb.co.uk> Message-ID: <1053122775.8210.8.camel@bach.kevinspicer.co.uk> > You'd haveto have something actually reading parts of every attachment (like >a virus scanner) to determine its "real" extension. > I can imagine some company policies not allowing .mp3 files, and users > figuring out they can just rename to to .txt getting it through I imagine it wouldn't be hugely difficult to knock up a custom config module that used something like the 'file' command to check the (real) mime type of a file using magic numbers, perhaps using the perl File::MMagic module? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From billa at STERLING.NET Sat May 17 01:24:20 2003 From: billa at STERLING.NET (Bill Anderson) Date: Thu Jan 12 21:18:08 2006 Subject: How to best add to whitelist Message-ID: <000501c31c0a$a9098550$0a010a0a@dirt> What is the best way to whitelist an account? domainname.com or *@domainname.com is there a difference? For hotmail and yahoo and larger domains I of course add the explicit addresses but for inconspicuous domains I try to add the entire domain if possible. I am just trying to find the best way to do it. Thanks. From billa at STERLING.NET Sat May 17 01:26:10 2003 From: billa at STERLING.NET (Bill Anderson) Date: Thu Jan 12 21:18:08 2006 Subject: Whitelist - how big.... Message-ID: <000b01c31c0a$ea6f76d0$0a010a0a@dirt> How big can the whitelist get? I currently have 378 entries. Am I heading for disaster? Thanks. From billa at STERLING.NET Sat May 17 01:27:53 2003 From: billa at STERLING.NET (Bill Anderson) Date: Thu Jan 12 21:18:08 2006 Subject: Spam score... Message-ID: <001101c31c0b$27e34690$0a010a0a@dirt> Can you have different SPAM scores for different domains? I would like to have domain1.com to have a spam score of 5 or higher as spam, while domain2.com has a score of 7. Thanks. From mike at CAMAROSS.NET Sat May 17 03:55:26 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:08 2006 Subject: Spam score... In-Reply-To: <001101c31c0b$27e34690$0a010a0a@dirt> Message-ID: <01a201c31c1f$c64a7c40$6701a8c0@home.middlefinger.net> Yes...use a ruleset and specify the domain and corresponding score(s). You can also do this on a per-user basis. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Anderson Sent: Friday, May 16, 2003 7:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Spam score... Can you have different SPAM scores for different domains? I would like to have domain1.com to have a spam score of 5 or higher as spam, while domain2.com has a score of 7. Thanks. From mailscanner at BARENDSE.TO Sat May 17 09:13:51 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:08 2006 Subject: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` In-Reply-To: <5.2.1.1.2.20030515194556.0258fa80@imap.ecs.soton.ac.uk> Message-ID: > >Also I had brought up in the past the ability to set blacklisted items to > >the highscore value so that they would be treated like highscore spam, any > >chance of that option in the next stable release? > > If some other people want it too.... Isn't this already possible by creating a spam.blacklist and a spam delivery pair? Just create another entry in the what to do with spam option with the same line as in spam blacklist and just specify delete to send those e-mails to /dev/null :) From tony.johansson at SVENSKAKYRKAN.SE Sat May 17 12:39:26 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:18:08 2006 Subject: Picture analysis Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0CBE@nt.svenskakyrkan.se> Hello, I was thinking to myself why anyone would want to spend a fortune for a service such as Messagelabs (and similar) when they could easily build (or buy) a MailScanner solution. The only real benefit, as I see it, would be their "Porn filter". I could be something very useful for schools, and quite possibly other organizations aswell. Up until recently there has been no open source initiative (that I know of) in this field. Now there is "Poesia", see http://sourceforge.net/projects/poesia/ or http://www.poesia-filter.org I'm no programmer and I see the project involves Java, something i know MailScanner doesnt use at all. Would it be a huge task to implement Poesias Pics- and Imagefilter into MailScanner? Another thing that struck me after reading a recent article, http://www.securityfocus.com/news/4662 Isnt it possible that some organizations might worry about "stegged" content in otherwise allowed files? "Stegcheck" at http://www.outguess.org/detection.php doesnt strike me as too hard (although I may be wrong...) to implement with MailScanner. (I'm sure there are other tools for detecting stegged content in various files, stegcheck would be a good start though) I gather both these features would require quite a lot of processing power and time but I'm sure some it would be acceptable for those who really need these features. Wouldnt a "Porn" and "Stego" feature in MailScanner be worth investigating? regards, Tony From rich at MAIL.WVNET.EDU Sat May 17 15:37:25 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:08 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <5.2.1.1.2.20030515222652.03e08008@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030515222652.03e08008@imap.ecs.soton.ac.uk> Message-ID: <1053182244.1499.52.camel@localhost.localdomain> On Thu, 2003-05-15 at 17:31, Julian Field wrote: > > No, it doesn't. It just does simple lookups for speed. > > This is the matching code: it shows that just the "From" address (envelope > sender), the domain of that address and the exact IP address are tested. > You can specify a whitelist/blacklist for an individual email address or an > individual domain. > > I might expand this later to allow IP prefixes and possibly domain > suffixes, but I have no immediate plans for this. Feel free to add to the > code yourselves! > > return 1 if $BlackWhite->{$to}{$from}; > return 1 if $BlackWhite->{$to}{$fromdomain}; > return 1 if $BlackWhite->{$to}{$ip}; > return 1 if $BlackWhite->{$todomain}{$from}; > return 1 if $BlackWhite->{$todomain}{$fromdomain}; > return 1 if $BlackWhite->{$todomain}{$ip}; Thanks Julian, I don't think the wildcard limitation is all that big of a deal for me but it would be nice. I am trying to mod the code a little to add support for an "everybodyelse" black/whitelist. Actually, my issue is mainly with blacklists. I have a customer who is on a crusade to wipe out *all* spam for his domain. He sends me new blacklist entries everyday. The problem is that he's a bit overzealous and I end up blocking sites for other customers who don't want it. So, my plan is... 1. Move all of his blacklist entries to his own config file in .../by.domain/blacklist. He has multiple domain names so I've created logical links (ln -s) of those domain names to his main config file. 2. Will update the MailScanner.conf file with "Is Definitely Spam = &ByDomainSpamBlacklist". 3. I would still like to have a global blacklist for everybody else so I've created a file called ".../by.domain/all" that I can put global entries in. 4. I've modified the code in CustomConfig.pm with these entries... return 1 if $BlackWhite->{all}{$from}; return 1 if $BlackWhite->{all}{$fromdomain}; return 1 if $BlackWhite->{all}{$ip}; ...inserted right after your matching code. Is this the right approach? I handle several other domains and am trying to avoid having to duplicate blacklist entries that I want to be applied globally. Thanks for all of your help. -- Richard Lynch From smohan at vsnl.com Sat May 17 15:46:31 2003 From: smohan at vsnl.com (S. Mohan) Date: Thu Jan 12 21:18:08 2006 Subject: Bounce que Message-ID: <3ec64be2.3456.0@swift-online.com> Why don't you consign them to /dev/null instead. Will save you a lot of trouble. Mohan >I have set my spam configuration to bounce all spam. Unfortunately this hogs >up my que since most spammers don't use real address (I was shocked to find >out :-) ) >Does anyone know of a automated way to flush these messages in sendmail? > > Sanjay K. Patel > From templem at ABCLABS.COM Sat May 17 16:13:39 2003 From: templem at ABCLABS.COM (Mark Temple) Date: Thu Jan 12 21:18:08 2006 Subject: Urgent: MailScanner apparently stopped processing... Message-ID: I am having a similar problem. I installed MailScanner-4.20-3 with Mail-SpamAssassin-2.53 on RedHat 8.0. Already using Postfix 1.1.11 for about 2 months. Postfix is fabulous. Installing and configuring MailScanner was a breeze. ;-) It ran great for about 48 hours. Then yesterday mail stopped moving. The two Postfix processes (in and out) were on and seemed fine. The MailScanner was down to 2 processes when I had allowed 10 threads for the 2 CPU system (PIII 933mhz 2gb mem). The "dying of old age" messages had stopped appearing in the log. I killed everything and started again. Mail moved a little, but I noticed the: "Batch: Found invalid queue file for message..." repeating quite often. I moved the 20 or so offending files to another path and started again. After a while I had more of the same kind of offending files. Finally I couldn't afford to have the mail failing, so I took MailScanner out of the loop. MailScanner looks like a great product, but I can't afford this kind of a problem. The CEO came in and pointed out the importance he places on reliable email (it had only be down 4 hours). Unfortunatly, he notice the outage before I did. This problem seems to involve the defer/deferred mail not being cleaned up properly. On Fri, 9 May 2003 18:49:47 -0300, Mariano Absatz wrote: >El 9 May 2003 a las 21:54, Julian Field escribi?: > >> I agree it would stay in the queue and, due to the sorting, would always >> appear as the first message in the batch. But why would it jam anything? >> It would get found and logged at the start of each batch, but any other >> messages that later appeared would still be added to the batch. >> So it would cause a log warning at the start of each batch, but what harm >> would it do otherwise? >This was my first thought and that's why I didn't tell you the first time... >but Leo thinks something is going wrong there... I'll ask him on Monday to do >a bunch of tests (actually, the only time he saw it happen was by actually >feeding by hand a manually constructed queue file that contained a typo). > >> I could add it to a hash of known bad messages if you like, so that it >> ignored that message id in subsequent queue scans. But I don't see how the >> current system actually breaks. >I'd rather quarantine the message at the end of ReadQf() (before the >return 0)... > >> >> At 20:05 09/05/2003, you wrote: >> >Julian, >> > >> >Leo Helman (the guy who actually wrote most of ZMailer support) spotted this >> >one a few days ago and I thought it was just unelegant, but it might indeed >> >be a bug... if it is so, it affects _all_ versions (sendmail, exim, zmailer & >> >postfix)... maybe it showed up because of some problem in the postfix queue >> >file parser, but it is there anyway. >> > >> >Leo says that within MailScanner::Sendmail::CreateBatch() you have the >> >following code excerpt: >> > >> > $batchempty = 1; >> > >> > while(($file = shift @SortedFiles) && >> > $HitLimit1+$HitLimit2+$HitLimit3+$HitLimit4<1) { >> > .... .... .... >> > .... .... .... >> > $newmessage = MailScanner::Message->new($id, $queuedirname); >> > next unless $newmessage; >> > .... .... .... >> > .... .... .... >> > } >> > >> > # Wait a bit until I check the queue again >> > sleep(MailScanner::Config::Value('queuescaninterval')) if $batchempty; >> > } while $batchempty; # Keep trying until we get something >> > >> >now, newmessage is false when a lock fails or when there was an error parsing >> >the envelope (e.g. missing envelope from, to or origin). >> > >> >If the lock failed, that is because another MailScanner locked it and the >> >next round of the loop or so, the file will probably be not there, 'cause the >> >other MailScanner that had it locked, processed it and removed it from the >> >queue. >> > >> >But, if the envelope was corrupt, the file stays in the queue forever, and as >> >$batchempty is not modified, it never quits the loop (the $HitLimitX stay >> >always 0). >> > >> >At first I thought that the only problem would be that the queue file would >> >stay there forever (or until an operator read the log message produced within >> >MailScanner::Sendmail::ReadQf() (smtp MailScanner[xxxx]: Batch: Found invalid >> >queue file for message xxxxxx) and would manually remove it from the queue... >> > >> >In fact, I dismissed a message I was writing to you about this when I thought >> >that... now that Leo read this thread and recalls our dialog back then, I re- >> >read it and notice that, as we always sort the queue files by age, this >> >corrupt file will _always_ be the first to be processed and, hence, would >> >stuck the queue... >> > >> >I think we should differntiate the way ReadQf() fails if the queue file is >> >locked or if it is ill-formed... or change the while() condition... >> > >> > >> > >> >El 9 May 2003 a las 8:46, Julian Field escribi?: >> > >> > > At 19:25 08/05/2003, you wrote: >> > > >I'm hoping someone can shed some light on this one - recently I had >> > > >MailScanner which I've implemented on RedHat 8 w/Postfix just yesterday, >> > > >abruptly stop processing mail. >> > > > >> > > >I only happened to notice as the only indication was that no mail was >> > > >passing through to my internal mail/pop servers, etc. >> > > > >> > > >When I checked the maillog I found only entries from the postfix demon >> > > >that receives incoming mail, nothing from MailScanner or the postfix demon >> > > >that then delivers what MailScanner gives it. All processes including the >> > > >MailScanner processes were running - in fact, MailScanner was using a >> > > >majority of cpu time. I tried manually starting up MailScanner and found >> > > >that this fact of "MailScanner starting" and "xxx messages found to be >> > > >scanned" did show up in the maillog, however, no other change, mail did >> > > >not start to flow. >> > > > >> > > >I finally restarted the server and then everything started to move. >> > > >> > > But was it scanning after you restarted? >> > > >> > > Have you use redhat-switchmail-nox to set which email system RedHat thinks >> > > it is trying to run? >> > > >> > > >So, based on this I have a few questions: >> > > > >> > > >1. Any ideas why this happened and how can I prevent it and also does >> > > >anyone have any scripts out there that detect this kindof thing and then >> > > >cleanly shut down mailscanner and restart it? >> > > > >> > > >2. I realized I don't even know how to cleanly shut down MailScanner >> > > >manually. This may seem a stupid question but if someone could answer it >> > > >that would be great. >> > > >> > > service MailScanner stop >> > > >> > > You can do "service MailScanner" to get a list of the command options you >> > > can give it. >> > > Does "service MailScanner start" work cleanly, or does it output any >> > errors? >> > > >> > > >4. I have an error message repeatedly showing up in the maillog that I >> > > >have been unable to discover the cause of. It is: >> > > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message xxxxxx >> > > >> > > For some reason it thinks one of your incoming queue files is corrupt. It >> > > needs to be able to find the sender and recipient addresses, and the last >> > > hop IP address, in the file it lifts from the queue. >> > > >> > > Can you send me one of the files from /var/spool/postfix.in/deferred that >> > > exhibits this problem. >> > > Then I can improve the Postfix parser to stop it happening again. >> > > -- >> > > Julian Field >> > > www.MailScanner.info >> > > MailScanner thanks transtec Computers for their support >> > >> > >> >-- >> >Mariano Absatz >> >El Baby >> >---------------------------------------------------------- >> >I am not afraid of death, I just don't want to >> >be there when it happens. >> > -- Woody Allen >> >> -- >> Julian Field >> www.MailScanner.info >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >Lottery: A tax on people who are bad at math. From mike at CAMAROSS.NET Sat May 17 17:51:15 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:08 2006 Subject: MS + SuSE Email Server 3.1 In-Reply-To: Message-ID: <000901c31c94$89318f90$6701a8c0@home.middlefinger.net> Has anyone installed MS/SA on a SuSE Email Server 3.1? I have a trial copy and wanted to try it out, but it seems like there were issues at one time with delivery to Cyrus? Is this still the case? Mike From mailscanner at ecs.soton.ac.uk Sat May 17 17:19:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: Whitelist - how big.... In-Reply-To: <000b01c31c0a$ea6f76d0$0a010a0a@dirt> Message-ID: <5.2.1.1.2.20030517171912.0278f368@imap.ecs.soton.ac.uk> At 01:26 17/05/2003, you wrote: >How big can the whitelist get? I currently have 378 entries. Am I heading >for disaster? Thanks. I see no reason why it shouldn't be able to cope with tens of thousands of entries. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 17 17:34:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: Picture analysis In-Reply-To: <3C4F5084EF16D4119CE700508B6B8B10058D0CBE@nt.svenskakyrkan. se> Message-ID: <5.2.1.1.2.20030517172113.04135ea8@imap.ecs.soton.ac.uk> These are more possible applications for the general-purpose content filter I want to write. It's going to be a fairly large job, and lots of protocols and stuff to sort out for MailScanner and the content filter to be able to communicate reliably. There are loads of applications for it, it's a matter of working out exactly how to write it, particularly so that external projects can easily be plugged into it. I am basically going to pass it filenames of attachments and chunks of sanitized MIME header info. It will then do stuff with the contents of the file, possibly also using the MIME header info. It then needs to be able to optionally change the MIME header info as well, and then tell MailScanner it has done it. I want to keep the communication extremely simple so that external filters can be written in a wide variety of languages very easily. On the other hand it also needs to be very fast, even in languages with large startup overheads (such as cranking up a Java VM) and so must be able to handle lots of files at once. And so maybe the files aren't returned in the same order they were presented. You could have a farm of processes sitting there waiting for work requests, and these will naturally return the simplest requests first. And not all the files may be returned at all, or maybe the content filter crashes, so it all needs wrapping in timeouts as well. As you (hopefully) see, it's not quite as simple as it looks. But there's no point doing it at all unless it is fast, robust and highly scalable. I leave it to the commercial guys to produce half-baked systems that are slow, dodgy and unscalable. At 12:39 17/05/2003, you wrote: >Hello, > >I was thinking to myself why anyone would want to spend a fortune for a >service such as Messagelabs (and similar) when they could easily build (or >buy) a MailScanner solution. > >The only real benefit, as I see it, would be their "Porn filter". I could >be something very useful for schools, and quite possibly other organizations >aswell. Up until recently there has been no open source initiative (that I >know of) in this field. > >Now there is "Poesia", see http://sourceforge.net/projects/poesia/ or >http://www.poesia-filter.org > >I'm no programmer and I see the project involves Java, something i know >MailScanner doesnt use at all. > >Would it be a huge task to implement Poesias Pics- and Imagefilter into >MailScanner? > > >Another thing that struck me after reading a recent article, >http://www.securityfocus.com/news/4662 >Isnt it possible that some organizations might worry about "stegged" content >in otherwise allowed files? >"Stegcheck" at http://www.outguess.org/detection.php doesnt strike me as too >hard (although I may be wrong...) to implement with MailScanner. >(I'm sure there are other tools for detecting stegged content in various >files, stegcheck would be a good start though) > > >I gather both these features would require quite a lot of processing power >and time but I'm sure some it would be acceptable for those who really need >these features. > >Wouldnt a "Porn" and "Stego" feature in MailScanner be worth investigating? > > >regards, Tony -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 17 17:19:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: How to best add to whitelist In-Reply-To: <000501c31c0a$a9098550$0a010a0a@dirt> Message-ID: <5.2.1.1.2.20030517171839.024a8b18@imap.ecs.soton.ac.uk> At 01:24 17/05/2003, you wrote: >What is the best way to whitelist an account? > >domainname.com >or >*@domainname.com > >is there a difference? No difference at all. They are actually compiled into exactly the same thing. > For hotmail and yahoo and larger domains I of course >add the explicit addresses but for inconspicuous domains I try to add the >entire domain if possible. I am just trying to find the best way to do it. >Thanks. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 17 17:51:44 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: Message-ID: <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> Here is an excerpt from the ChangeLog for 4.21: - Postfix support now has extra permissions parameter on "mkdir" calls, solving a syntax error on some versions of Perl. - Postfix support now won't abandon a message because it could not get the SMTP client IP address out of it. Will insert 0.0.0.0 if no IP address could be found. - Postfix will always pick up IP address of locally-generated mail. - Postfix detects hash directory depth more cleanly. - Postfix handles queue files which are still being written. - Postfix bug fixed when processing messages with no body. At 16:13 17/05/2003, you wrote: >I am having a similar problem. I installed MailScanner-4.20-3 with >Mail-SpamAssassin-2.53 on RedHat 8.0. Already using Postfix 1.1.11 for about >2 months. Postfix is fabulous. Installing and configuring MailScanner was a >breeze. ;-) It ran great for about 48 hours. Then yesterday mail stopped >moving. The two Postfix processes (in and out) were on and seemed fine. The >MailScanner was down to 2 processes when I had allowed 10 threads for the 2 >CPU system (PIII 933mhz 2gb mem). The "dying of old age" messages had >stopped appearing in the log. I killed everything and started again. Mail >moved a little, but I noticed the: > >"Batch: Found invalid queue file for message..." > >repeating quite often. I moved the 20 or so offending files to another path >and started again. After a while I had more of the same kind of offending >files. Finally I couldn't afford to have the mail failing, so I took >MailScanner out of the loop. MailScanner looks like a great product, but I >can't afford this kind of a problem. The CEO came in and pointed out the >importance he places on reliable email (it had only be down 4 hours). >Unfortunatly, he notice the outage before I did. > >This problem seems to involve the defer/deferred mail not being cleaned up >properly. > > >On Fri, 9 May 2003 18:49:47 -0300, Mariano Absatz >wrote: > >El 9 May 2003 a las 21:54, Julian Field escribi?: > > > >> I agree it would stay in the queue and, due to the sorting, would always > >> appear as the first message in the batch. But why would it jam anything? > >> It would get found and logged at the start of each batch, but any other > >> messages that later appeared would still be added to the batch. > >> So it would cause a log warning at the start of each batch, but what harm > >> would it do otherwise? > >This was my first thought and that's why I didn't tell you the first time... > >but Leo thinks something is going wrong there... I'll ask him on Monday > to do > >a bunch of tests (actually, the only time he saw it happen was by actually > >feeding by hand a manually constructed queue file that contained a typo). > > > >> I could add it to a hash of known bad messages if you like, so that it > >> ignored that message id in subsequent queue scans. But I don't see how the > >> current system actually breaks. > >I'd rather quarantine the message at the end of ReadQf() (before the > >return 0)... > > > >> > >> At 20:05 09/05/2003, you wrote: > >> >Julian, > >> > > >> >Leo Helman (the guy who actually wrote most of ZMailer support) > spotted this > >> >one a few days ago and I thought it was just unelegant, but it might > indeed > >> >be a bug... if it is so, it affects _all_ versions (sendmail, exim, >zmailer & > >> >postfix)... maybe it showed up because of some problem in the postfix > queue > >> >file parser, but it is there anyway. > >> > > >> >Leo says that within MailScanner::Sendmail::CreateBatch() you have the > >> >following code excerpt: > >> > > >> > $batchempty = 1; > >> > > >> > while(($file = shift @SortedFiles) && > >> > $HitLimit1+$HitLimit2+$HitLimit3+$HitLimit4<1) { > >> > .... .... .... > >> > .... .... .... > >> > $newmessage = MailScanner::Message->new($id, $queuedirname); > >> > next unless $newmessage; > >> > .... .... .... > >> > .... .... .... > >> > } > >> > > >> > # Wait a bit until I check the queue again > >> > sleep(MailScanner::Config::Value('queuescaninterval')) if >$batchempty; > >> > } while $batchempty; # Keep trying until we get something > >> > > >> >now, newmessage is false when a lock fails or when there was an error >parsing > >> >the envelope (e.g. missing envelope from, to or origin). > >> > > >> >If the lock failed, that is because another MailScanner locked it and the > >> >next round of the loop or so, the file will probably be not there, >'cause the > >> >other MailScanner that had it locked, processed it and removed it > from the > >> >queue. > >> > > >> >But, if the envelope was corrupt, the file stays in the queue forever, >and as > >> >$batchempty is not modified, it never quits the loop (the $HitLimitX stay > >> >always 0). > >> > > >> >At first I thought that the only problem would be that the queue file > would > >> >stay there forever (or until an operator read the log message produced >within > >> >MailScanner::Sendmail::ReadQf() (smtp MailScanner[xxxx]: Batch: Found >invalid > >> >queue file for message xxxxxx) and would manually remove it from the >queue... > >> > > >> >In fact, I dismissed a message I was writing to you about this when I >thought > >> >that... now that Leo read this thread and recalls our dialog back then, >I re- > >> >read it and notice that, as we always sort the queue files by age, this > >> >corrupt file will _always_ be the first to be processed and, hence, would > >> >stuck the queue... > >> > > >> >I think we should differntiate the way ReadQf() fails if the queue > file is > >> >locked or if it is ill-formed... or change the while() condition... > >> > > >> > > >> > > >> >El 9 May 2003 a las 8:46, Julian Field escribi?: > >> > > >> > > At 19:25 08/05/2003, you wrote: > >> > > >I'm hoping someone can shed some light on this one - recently I had > >> > > >MailScanner which I've implemented on RedHat 8 w/Postfix just > yesterday, > >> > > >abruptly stop processing mail. > >> > > > > >> > > >I only happened to notice as the only indication was that no mail was > >> > > >passing through to my internal mail/pop servers, etc. > >> > > > > >> > > >When I checked the maillog I found only entries from the postfix > demon > >> > > >that receives incoming mail, nothing from MailScanner or the postfix >demon > >> > > >that then delivers what MailScanner gives it. All processes >including the > >> > > >MailScanner processes were running - in fact, MailScanner was using a > >> > > >majority of cpu time. I tried manually starting up MailScanner > and found > >> > > >that this fact of "MailScanner starting" and "xxx messages found > to be > >> > > >scanned" did show up in the maillog, however, no other change, > mail did > >> > > >not start to flow. > >> > > > > >> > > >I finally restarted the server and then everything started to move. > >> > > > >> > > But was it scanning after you restarted? > >> > > > >> > > Have you use redhat-switchmail-nox to set which email system RedHat >thinks > >> > > it is trying to run? > >> > > > >> > > >So, based on this I have a few questions: > >> > > > > >> > > >1. Any ideas why this happened and how can I prevent it and also does > >> > > >anyone have any scripts out there that detect this kindof thing > and then > >> > > >cleanly shut down mailscanner and restart it? > >> > > > > >> > > >2. I realized I don't even know how to cleanly shut down MailScanner > >> > > >manually. This may seem a stupid question but if someone could > answer it > >> > > >that would be great. > >> > > > >> > > service MailScanner stop > >> > > > >> > > You can do "service MailScanner" to get a list of the command > options you > >> > > can give it. > >> > > Does "service MailScanner start" work cleanly, or does it output any > >> > errors? > >> > > > >> > > >4. I have an error message repeatedly showing up in the maillog > that I > >> > > >have been unable to discover the cause of. It is: > >> > > >smtp MailScanner[xxxx]: Batch: Found invalid queue file for message >xxxxxx > >> > > > >> > > For some reason it thinks one of your incoming queue files is > corrupt. It > >> > > needs to be able to find the sender and recipient addresses, and > the last > >> > > hop IP address, in the file it lifts from the queue. > >> > > > >> > > Can you send me one of the files from > /var/spool/postfix.in/deferred that > >> > > exhibits this problem. > >> > > Then I can improve the Postfix parser to stop it happening again. > >> > > -- > >> > > Julian Field > >> > > www.MailScanner.info > >> > > MailScanner thanks transtec Computers for their support > >> > > >> > > >> >-- > >> >Mariano Absatz > >> >El Baby > >> >---------------------------------------------------------- > >> >I am not afraid of death, I just don't want to > >> >be there when it happens. > >> > -- Woody Allen > >> > >> -- > >> Julian Field > >> www.MailScanner.info > >> Professional Support Services at www.MailScanner.biz > >> MailScanner thanks transtec Computers for their support > > > > > >-- > >Mariano Absatz > >El Baby > >---------------------------------------------------------- > >Lottery: A tax on people who are bad at math. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat May 17 17:42:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: spam score for each test in header In-Reply-To: <1053093458.32098.4.camel@phobos.internal> References: <1053089862.1351.25.camel@speedy> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516110014.04d649a8@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030516134612.04aaef40@imap.ecs.soton.ac.uk> <1053089862.1351.25.camel@speedy> Message-ID: <5.2.1.1.2.20030517173511.024bb138@imap.ecs.soton.ac.uk> I'm trying to get the encapsulation going at the moment, but Eudora seems to do some very strange things with the message I produce. But from what I read of RFC1521 I am doing it right. If the rfc822 encapsulation doesn't work well (it should in theory, but...) then I could look at the MIME structure. If it is a multipart/alternative, then attach the HTML and text parts as attachments. If it isn't an alternative, then add the HTML and text parts to the list of attachments. I can just fix the names of the attachments to something like "OriginalMessage.html" and "OriginalMessage.txt". Any other type of original body data would, I guess, just end up being "OriginalMessage.dat". But I don't yet know what would happen to HTML messages that included images shipped with the message. Hopefully references to them would still work from the OriginalMessage.html attachment. At 14:57 16/05/2003, you wrote: >I believe the way to do this is to embed the whole message, headers and >all, as content-type message/rfc822. The easy way to verify this is to >forward an existing email as an attachment in Mozilla, or most other email >programs, and then look at the message source. > >Tim > >On Fri, 2003-05-16 at 08:57, Stephen Swaney wrote: >>I'll find out what thet do and get back to you. >> >> >>On Fri, 2003-05-16 at 08:50, Julian Field wrote: >>>The bit I'm not sure about here is what to do with multipart-alternative >>>messages (where you have HTML and plain-text versions). These already >>>have more than 1 part, so I'm not sure what to put in the "attachment" >>>that contains the original message. >>> >>>If I delete the plain-text version, all the pine/mutt users in the world >>>will hate me. But if I delete the HTML version, all the Outlook users in >>>the world will hate me. >>> >>>Any ideas what the system this firm has created actually does with the >>>message? >>>Do we have the ability to be able to pipe messages through it to find >>>out? Or do you know who created it, as I might be able to extract the >>>answer from their tech support :-) >>> >>>At 13:11 16/05/2003, you wrote: >>>>I agree with not messing with the message, but one firm has created a >>>>system where when a message is detected as spam, the original spam is >>>>encapsulated as a attachment to a message that reads: >>>> >>>>----------------------------- >>>> >>>>Our mailscanner believes that the attachment to this message sent to >>>>you by >>>> >>>> spammer@junkmail.com >>>> >>>>Subject: >>>> >>>> Work from Home, Make big Bucks!!! >>>> >>>>is Unsolicited Commerial Email (Spam). Unless you are sure that this >>>>message is incorrectly thoght to be Spam, please delete this message >>>>without opening it. Onpening Spam messages might allow the Spammer to >>>>verify your email address. >>>> >>>>If you believe that this message has been uncorrectly marked a spam, >>>>please forward this email to >>>>whitelist@our-company.com >>>> >>>>------------------------------ >>>> >>>>When this technique is combined with good {Spam?} and {High Spam?} >>>>scoring, it might allow the identification of false positives while >>>>hiding offensive images and messages. >>>> >>>>Note that email to whitelist@ourcompany.com >>>>is not automatically whitelisted but examined to see if it should be. >>>> >>>>Thoughts? >>>> >>>> >>>>On Fri, 2003-05-16 at 06:01, Julian Field wrote: >>>>> >>>>>At 10:19 >>>>>16/05/2003, you wrote: >>>>> >Brilliant !!! Thanks Julian. >>>>> > >>>>> >I am 100% happy with your solution. But if I may push my >>>>>luck... How >>>>> >difficult would it be to transfer this header line into an attachment >>>>>to >>>>> >the message named something like "spam_score_details.txt", >>>>>and get the >>>>> >list of test & scores in a neat format with carriage returns >>>>>after each >>>>> >score, and an explanation at the top for the user saying something >>>>>like >>>>> >"Your MailScanner system has performed the following tests to >>>>>determine if >>>>> >it was spam. Please see yout local IT officer for more details". >>>>>Or leave >>>>> >us to create that piece of text so that we can add our contact >>>>>details, etc.? >>>>> >>>>>Not keen on that. MailScanner doesn't mess with the message more than >>>>>it >>>>>has to, and this would create an attachment on every single message. >>>>>Even >>>>>if you just do this with spam, you are adding to your spam load >>>>>problem, >>>>>not reducing it. >>>>>-- >>>>>Julian Fieldwww.MailScanner.info >>>>>MailScanner thanks >>>>>transtec Computers for their >>>>>support >>>> >>>> >>>> >>>>-- >>>> >>>>Stephen Swaney >>>><Steve@swaney.com> >>>> >>>>Linux Systems Solutions, Inc. >>>> >>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030517/ed320370/attachment.html From mailscanner at ecs.soton.ac.uk Sat May 17 17:48:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <1053182244.1499.52.camel@localhost.localdomain> References: <5.2.1.1.2.20030515222652.03e08008@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030515222652.03e08008@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030517174631.04093d98@imap.ecs.soton.ac.uk> At 15:37 17/05/2003, you wrote: >On Thu, 2003-05-15 at 17:31, Julian Field wrote: > > > > No, it doesn't. It just does simple lookups for speed. > > > > This is the matching code: it shows that just the "From" address (envelope > > sender), the domain of that address and the exact IP address are tested. > > You can specify a whitelist/blacklist for an individual email address or an > > individual domain. > > > > I might expand this later to allow IP prefixes and possibly domain > > suffixes, but I have no immediate plans for this. Feel free to add to the > > code yourselves! > > > > return 1 if $BlackWhite->{$to}{$from}; > > return 1 if $BlackWhite->{$to}{$fromdomain}; > > return 1 if $BlackWhite->{$to}{$ip}; > > return 1 if $BlackWhite->{$todomain}{$from}; > > return 1 if $BlackWhite->{$todomain}{$fromdomain}; > > return 1 if $BlackWhite->{$todomain}{$ip}; > >Thanks Julian, I don't think the wildcard limitation is all that big of >a deal for me but it would be nice. I am trying to mod the code a >little to add support for an "everybodyelse" black/whitelist. > >Actually, my issue is mainly with blacklists. I have a customer who is >on a crusade to wipe out *all* spam for his domain. He sends me new >blacklist entries everyday. The problem is that he's a bit overzealous >and I end up blocking sites for other customers who don't want it. So, >my plan is... > >1. Move all of his blacklist entries to his own config file in >.../by.domain/blacklist. He has multiple domain names so I've created >logical links (ln -s) of those domain names to his main config file. > >2. Will update the MailScanner.conf file with "Is Definitely Spam = >&ByDomainSpamBlacklist". > >3. I would still like to have a global blacklist for everybody else so >I've created a file called ".../by.domain/all" that I can put global >entries in. > >4. I've modified the code in CustomConfig.pm with these entries... > > return 1 if $BlackWhite->{all}{$from}; > return 1 if $BlackWhite->{all}{$fromdomain}; > return 1 if $BlackWhite->{all}{$ip}; > > ...inserted right after your matching code. > > >Is this the right approach? I handle several other domains and am >trying to avoid having to duplicate blacklist entries that I want to be >applied globally. Thanks for all of your help. That should work a treat. Call it "default" instead of "all" and I'll put your contribution into the distribution for you. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From rich at MAIL.WVNET.EDU Sat May 17 18:16:07 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:08 2006 Subject: User controlled whitelist/blacklist In-Reply-To: <5.2.1.1.2.20030517174631.04093d98@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030515222652.03e08008@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030515114016.09b806e0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030515222652.03e08008@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174631.04093d98@imap.ecs.soton.ac.uk> Message-ID: <1053191767.1499.59.camel@localhost.localdomain> On Sat, 2003-05-17 at 12:48, Julian Field wrote: > > That should work a treat. Call it "default" instead of "all" and I'll put > your contribution into the distribution for you. Done. Thanks!!! -- Richard Lynch From templem at ABCLABS.COM Sat May 17 19:28:25 2003 From: templem at ABCLABS.COM (Mark Temple) Date: Thu Jan 12 21:18:08 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> Message-ID: <32996.65.239.205.117.1053196105.squirrel@mail2.abclabs.com> So is the problem fixed by upgrading MailScanner to 4.21, or do I upgrade postfix to 2.0.9 (latest), or do I need to upgrade both? Thanks for the insight and response. > Here is an excerpt from the ChangeLog for 4.21: > > - Postfix support now has extra permissions parameter on "mkdir" calls, > solving a syntax error on some versions of Perl. > - Postfix support now won't abandon a message because it could not get > the SMTP client IP address out of it. Will insert 0.0.0.0 if no IP > address could be found. > - Postfix will always pick up IP address of locally-generated mail. - > Postfix detects hash directory depth more cleanly. > - Postfix handles queue files which are still being written. > - Postfix bug fixed when processing messages with no body. > > At 16:13 17/05/2003, you wrote: >>I am having a similar problem. I installed MailScanner-4.20-3 with >> Mail-SpamAssassin-2.53 on RedHat 8.0. Already using Postfix 1.1.11 for >> about 2 months. Postfix is fabulous. Installing and configuring MailScanner >> was a breeze. ;-) It ran great for about 48 hours. Then yesterday mail >> stopped moving. The two Postfix processes (in and out) were on and seemed >> fine. The MailScanner was down to 2 processes when I had allowed 10 threads >> for the 2 CPU system (PIII 933mhz 2gb mem). The "dying of old age" messages >> had stopped appearing in the log. I killed everything and started again. >> Mail moved a little, but I noticed the: >> >>"Batch: Found invalid queue file for message..." >> >>repeating quite often. I moved the 20 or so offending files to another path >> and started again. After a while I had more of the same kind of offending >> files. Finally I couldn't afford to have the mail failing, so I took >> MailScanner out of the loop. MailScanner looks like a great product, but I >> can't afford this kind of a problem. The CEO came in and pointed out the >> importance he places on reliable email (it had only be down 4 hours). >> Unfortunatly, he notice the outage before I did. >> >>This problem seems to involve the defer/deferred mail not being cleaned up >> properly. >> --snip-- -- -------------------------------------------------- Mark Temple, Information Technology Manager ABC Labs, Columbia, Missouri 65202 voice:573.876.8198 fax:573.443.9033 -------------------------------------------------- From mailscanner at ecs.soton.ac.uk Sat May 17 19:54:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:08 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <32996.65.239.205.117.1053196105.squirrel@mail2.abclabs.com > References: <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> At 19:28 17/05/2003, you wrote: >So is the problem fixed by upgrading MailScanner to 4.21, or do I upgrade >postfix to 2.0.9 (latest), or do I need to upgrade both? I run 2.0.7 so I think you probably don't need 2.0.9. The newest MailScanner should solve it. The Postfix code in MailScanner is very new, so it is finishing settling down. >Thanks for the insight and response. > > > Here is an excerpt from the ChangeLog for 4.21: > > > > - Postfix support now has extra permissions parameter on "mkdir" calls, > > solving a syntax error on some versions of Perl. > > - Postfix support now won't abandon a message because it could not get > > the SMTP client IP address out of it. Will insert 0.0.0.0 if no IP > > address could be found. > > - Postfix will always pick up IP address of locally-generated mail. - > > Postfix detects hash directory depth more cleanly. > > - Postfix handles queue files which are still being written. > > - Postfix bug fixed when processing messages with no body. > > > > At 16:13 17/05/2003, you wrote: > >>I am having a similar problem. I installed MailScanner-4.20-3 with > >> Mail-SpamAssassin-2.53 on RedHat 8.0. Already using Postfix 1.1.11 for > >> about 2 months. Postfix is fabulous. Installing and configuring > MailScanner > >> was a breeze. ;-) It ran great for about 48 hours. Then yesterday mail > >> stopped moving. The two Postfix processes (in and out) were on and seemed > >> fine. The MailScanner was down to 2 processes when I had allowed 10 > threads > >> for the 2 CPU system (PIII 933mhz 2gb mem). The "dying of old age" > messages > >> had stopped appearing in the log. I killed everything and started again. > >> Mail moved a little, but I noticed the: > >> > >>"Batch: Found invalid queue file for message..." > >> > >>repeating quite often. I moved the 20 or so offending files to another path > >> and started again. After a while I had more of the same kind of offending > >> files. Finally I couldn't afford to have the mail failing, so I took > >> MailScanner out of the loop. MailScanner looks like a great product, but I > >> can't afford this kind of a problem. The CEO came in and pointed out the > >> importance he places on reliable email (it had only be down 4 hours). > >> Unfortunatly, he notice the outage before I did. > >> > >>This problem seems to involve the defer/deferred mail not being cleaned up > >> properly. > >> >--snip-- >-- >-------------------------------------------------- > Mark Temple, Information Technology Manager > ABC Labs, Columbia, Missouri 65202 > voice:573.876.8198 fax:573.443.9033 >-------------------------------------------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Sat May 17 23:39:21 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:08 2006 Subject: Bounce que In-Reply-To: <3ec64be2.3456.0@swift-online.com> Message-ID: <012901c31cc5$298b0ea0$6f01a8c0@Laptop1> How would I do that? Thanks for your reply. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of S. Mohan Sent: Saturday, May 17, 2003 10:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bounce que Why don't you consign them to /dev/null instead. Will save you a lot of trouble. Mohan >I have set my spam configuration to bounce all spam. Unfortunately this hogs >up my que since most spammers don't use real address (I was shocked to find >out :-) ) >Does anyone know of a automated way to flush these messages in sendmail? > > Sanjay K. Patel > From michele at BLACKNIGHTSOLUTIONS.COM Sun May 18 00:43:21 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:08 2006 Subject: Bounce que In-Reply-To: <012901c31cc5$298b0ea0$6f01a8c0@Laptop1> References: <3ec64be2.3456.0@swift-online.com> Message-ID: <5.2.1.1.0.20030518014250.037a5ba0@blacknightsolutions.com> At 18:39 17/05/2003 -0400, you wrote: Why don't you just set the spam action to delete? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com Reseller hosting available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From gerry at DORFAM.CA Sun May 18 01:18:09 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:08 2006 Subject: Spam scores don't add up Message-ID: I was just checking the spam scores of a message and noticed that they aren't adding up correctly. If you check the header shown below it comes out to a total of 5.76 but the actual score is 8.2. Any idea why??? snip.... X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, SpamAssassin (score=8.2, required 4, AWL 0.00, BAYES_80 2.86, MIME_BOUND_MANY_HEX 2.90, UPPERCASE_75_100 0.00) EL-GORDO SWEEPSTAKE INTERNATIONAL LOTTERY NL. BURDENSTRAAT 22 1053 DS, AMSTERDAM.THE NETHERLANDS snip.... -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From butler at GLOBESERVER.COM Sun May 18 01:59:19 2003 From: butler at GLOBESERVER.COM (Philip Butler) Date: Thu Jan 12 21:18:08 2006 Subject: Language strings file.... Message-ID: Hi all, I just installed Julian's 4.20-3 version and get the following error in my syslog: Cannot open language-strings file /opt/MailScanner/etc/reports/en/languages.conf, skipping but in my mailscanner.conf file, I have: Language Strings = /usr/local/mailscanner/etc/reports/en/languages.conf which is the distribution langages.conf file. I have tested to make sure it's using my mailscanner.conf file OK and it is. I tested by changing the "Found to be clean" to something else and messages send do in fact have my new message. It's obvious that it's using the default and not the one I am trying to override it with. As always, kudos to Julian !!! Thanks, Phil Butler butler@globeserver.com From sanjay.patel at REXWIRE.COM Sun May 18 04:23:38 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:08 2006 Subject: Bounce que In-Reply-To: <5.2.1.1.0.20030518014250.037a5ba0@blacknightsolutions.com> Message-ID: <013c01c31cec$dfe34920$6f01a8c0@Laptop1> So incase a legitimate e-mail does get tagged at spam the original senders will know that the recipient did not receive the e-mail. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: Blacknight Solutions Sent: Saturday, May 17, 2003 7:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bounce que At 18:39 17/05/2003 -0400, you wrote: Why don't you just set the spam action to delete? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com Reseller hosting available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From splee at PLEXIO.COM Sun May 18 09:32:55 2003 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:18:08 2006 Subject: Spamassassin error even without Spamassassin Message-ID: <1053246775.3026.10.camel@ralph.plexio.private> I got the following error even with "Use SpamAssassin = no": MailScanner[802]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to. I simply pointed it to "/tmp" and that got rid of the message. Do I need to turn off SA somewhere else in the configs? My box runs RH7.3/MS-4.20-3RPM. Thanks, Stephen From LISTSERV at JISCMAIL.AC.UK Sun May 18 00:00:28 2003 From: LISTSERV at JISCMAIL.AC.UK (Automatic digest processor) Date: Thu Jan 12 21:18:09 2006 Subject: MAILSCANNER Digest - 16 May 2003 to 17 May 2003 (#2003-138) Message-ID: <200305172300.AAA24160@magpie.ecs.soton.ac.uk> An embedded message was scrubbed... From: Automatic digest processor Subject: MAILSCANNER Digest - 16 May 2003 to 17 May 2003 (#2003-138) Date: Sun, 18 May 2003 00:00:28 +0100 Size: 934 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment.mht -------------- next part -------------- An embedded message was scrubbed... From: Bill Anderson Subject: How to best add to whitelist Date: Fri, 16 May 2003 17:24:20 -0700 Size: 570 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0001.mht -------------- next part -------------- An embedded message was scrubbed... From: Bill Anderson Subject: Whitelist - how big.... Date: Fri, 16 May 2003 17:26:10 -0700 Size: 346 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0002.mht -------------- next part -------------- An embedded message was scrubbed... From: Bill Anderson Subject: Spam score... Date: Fri, 16 May 2003 17:27:53 -0700 Size: 419 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0003.mht -------------- next part -------------- An embedded message was scrubbed... From: Mike Kercher Subject: Re: Spam score... Date: Fri, 16 May 2003 21:55:26 -0500 Size: 768 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0004.mht -------------- next part -------------- An embedded message was scrubbed... From: Remco Barendse Subject: Re: New install question - MailScanner-4.15-13 + McAfee virus scan - eicar test fails...sort of?` Date: Sat, 17 May 2003 10:13:51 +0200 Size: 789 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0005.mht -------------- next part -------------- An embedded message was scrubbed... From: Tony Johansson Subject: Picture analysis Date: Sat, 17 May 2003 13:39:26 +0200 Size: 1680 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0006.mht -------------- next part -------------- An embedded message was scrubbed... From: Richard Lynch Subject: Re: User controlled whitelist/blacklist Date: Sat, 17 May 2003 10:37:25 -0400 Size: 2486 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0007.mht -------------- next part -------------- An embedded message was scrubbed... From: "S. Mohan" Subject: Re: Bounce que Date: Sat, 17 May 2003 10:46:31 -0400 Size: 592 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0008.mht -------------- next part -------------- An embedded message was scrubbed... From: Mark Temple Subject: Re: Urgent: MailScanner apparently stopped processing... Date: Sat, 17 May 2003 16:13:39 +0100 Size: 8585 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0009.mht -------------- next part -------------- An embedded message was scrubbed... From: Mike Kercher Subject: MS + SuSE Email Server 3.1 Date: Sat, 17 May 2003 11:51:15 -0500 Size: 451 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0010.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: How to best add to whitelist Date: Sat, 17 May 2003 17:19:05 +0100 Size: 835 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0011.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Whitelist - how big.... Date: Sat, 17 May 2003 17:19:51 +0100 Size: 604 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0012.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Picture analysis Date: Sat, 17 May 2003 17:34:32 +0100 Size: 3547 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0013.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: spam score for each test in header Date: Sat, 17 May 2003 17:42:52 +0100 Size: 11527 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0014.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: User controlled whitelist/blacklist Date: Sat, 17 May 2003 17:48:12 +0100 Size: 2833 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0015.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Urgent: MailScanner apparently stopped processing... Date: Sat, 17 May 2003 17:51:44 +0100 Size: 9817 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0016.mht -------------- next part -------------- An embedded message was scrubbed... From: Richard Lynch Subject: Re: User controlled whitelist/blacklist Date: Sat, 17 May 2003 13:16:07 -0400 Size: 479 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0017.mht -------------- next part -------------- An embedded message was scrubbed... From: Mark Temple Subject: Re: Urgent: MailScanner apparently stopped processing... Date: Sat, 17 May 2003 13:28:25 -0500 Size: 2642 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0018.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Urgent: MailScanner apparently stopped processing... Date: Sat, 17 May 2003 19:54:45 +0100 Size: 3080 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0019.mht -------------- next part -------------- An embedded message was scrubbed... From: Sanjay Patel Subject: Re: Bounce que Date: Sat, 17 May 2003 18:39:21 -0400 Size: 878 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/03c882d4/attachment-0020.mht From mailscanner at ecs.soton.ac.uk Sun May 18 12:40:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Calling all translators (again) Message-ID: <5.2.1.1.2.20030518123644.0238f688@imap.ecs.soton.ac.uk> In addition to a translation of the word Report I am also now looking for translations of the following. This is put into an email message when the original (spam) message has been turned into an attachment: >Our MailScanner believes that the attachment to this message sent to you > > From: $from > Subject: $subject > >is Unsolicited Commerial Email (Spam). Unless you are sure that this message >is incorrectly thoght to be Spam, please delete this message without opening >it. Onpening Spam messages might allow the Spammer to verify your email >address. > >If you believe that this message has been incorrectly marked a spam, please >forward this email to $localpostmaster. Also, if there are any other variables you would like to be available in this report, please let me know now so we can get it right for your setup in the 1st version. Thanks folks! -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun May 18 13:06:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Spamassassin error even without Spamassassin In-Reply-To: <1053246775.3026.10.camel@ralph.plexio.private> Message-ID: <5.2.1.1.2.20030518130350.025127e8@imap.ecs.soton.ac.uk> Bug fixed in 4.21-6 (which I haven't released yet). It's only a warning, for now just ignore it. At 09:32 18/05/2003, you wrote: >I got the following error even with "Use SpamAssassin = no": > >MailScanner[802]: You need to set the "SpamAssassin User State Dir" to a >directory that the "Run As User" can write to. > >I simply pointed it to "/tmp" and that got rid of the message. Do I need >to turn off SA somewhere else in the configs? > >My box runs RH7.3/MS-4.20-3RPM. > >Thanks, >Stephen -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun May 18 12:56:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Language strings file.... In-Reply-To: Message-ID: <5.2.1.1.2.20030518125353.02390248@imap.ecs.soton.ac.uk> Edit /usr/local/mailscanner/lib/MailScanner/ConfigDefs.pl and delete the default value it is looking for. I have already fixed this in 4.21, but I don't think I've released it yet. Look for a line that says this: languagestrings /opt/MailScanner/etc/reports/en/languages.conf and change it to this: languagestrings At 01:59 18/05/2003, you wrote: >Hi all, > >I just installed Julian's 4.20-3 version and get the following error in >my syslog: > > Cannot open language-strings file >/opt/MailScanner/etc/reports/en/languages.conf, skipping > >but in my mailscanner.conf file, I have: > > Language Strings = > /usr/local/mailscanner/etc/reports/en/languages.conf > >which is the distribution langages.conf file. I have tested to make >sure it's using my mailscanner.conf file OK and it is. I tested by >changing the "Found to be clean" to something else and messages send do >in fact have my new message. > >It's obvious that it's using the default and not the one I am trying to >override it with. > >As always, kudos to Julian !!! > >Thanks, > >Phil Butler >butler@globeserver.com -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun May 18 12:57:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Bounce que In-Reply-To: <013c01c31cec$dfe34920$6f01a8c0@Laptop1> References: <5.2.1.1.0.20030518014250.037a5ba0@blacknightsolutions.com> Message-ID: <5.2.1.1.2.20030518125640.02514500@imap.ecs.soton.ac.uk> If you want to notify the sender as well then you need to add the spam action "bounce" to the list of actions you take. At 04:23 18/05/2003, you wrote: >So incase a legitimate e-mail does get tagged at spam the original senders >will know that the recipient did not receive the e-mail. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Michele Neylon :: Blacknight Solutions >Sent: Saturday, May 17, 2003 7:43 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Bounce que > > >At 18:39 17/05/2003 -0400, you wrote: >Why don't you just set the spam action to delete? > >Mr. Michele Neylon >Blacknight Solutions >http://www.blacknightsolutions.com >Reseller hosting available > > >######################################################### >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance to it is prohibited. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From marco at MUW.EDU Sun May 18 15:06:50 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:09 2006 Subject: sophossavi-Postfix on Redhat 9 In-Reply-To: <1051988823.1330.184.camel@speedy> References: <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> <1051988823.1330.184.camel@speedy> Message-ID: <1053266810.3ec7937a87a3f@its.muw.edu> Hi everyone, I have been searching the archives for an issue between Postfix, MS, and Sophossavi and I found a post (at the end of this message) but no solution. This issue is *only* occurring on a Redhat 9. If Virus Scanners = sophos (or command in my case), the delivery occurs. If Virus Scanners = sophossavi , the delivery halts ( or deferred). This is a *snip* from the maillog when sophossavi is used: May 18 09:22:37 its postfix/nqmgr[21523]: 96AE2164180: from=, size=1020, nrcpt=1 (queue active) May 18 09:22:37 its postfix/nqmgr[21523]: 96AE2164180: to=, relay=none, delay=0, status=deferred (deferred transport) May 18 09:22:38 its postfix/smtpd[21603]: disconnect from bay8- f31.bay8.hotmail.com[64.4.27.31] This is a *snip* after changing Virus Scanners = command and restarting MS: May 18 08:25:32 its MailScanner[3412]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... May 18 08:25:35 its MailScanner[3412]: Using locktype = flock May 18 08:25:35 its MailScanner[3412]: New Batch: Scanning 5 messages, 7096 bytes May 18 08:25:35 its MailScanner[3412]: Spam Checks: Starting May 18 08:25:38 its MailScanner[3412]: Virus and Content Scanning: Starting May 18 08:25:40 its MailScanner[3412]: Content Checks: Need to convert HTML to plain text in 5 messages May 18 08:25:40 its MailScanner[3412]: Uninfected: Delivered 5 messages May 18 09:25:40 its postfix/nqmgr[3408]: 1D5622780F7: from=, size=1308, nrcpt=1 (queue active) May 18 09:25:40 its postfix/nqmgr[3408]: 135D2278129: from=, size=1740, nrcpt=1 (queue active) May 18 09:25:40 its postfix/nqmgr[3408]: 5C84927812B: from=, size=1326, nrcpt=1 (queue active) May 18 09:25:40 its postfix/nqmgr[3408]: D9B0127812A: from=, size=1126, nrcpt=1 (queue active) May 18 09:25:40 its postfix/nqmgr[3408]: 4FDAD27812C: from=, size=1112, nrcpt=1 (queue active) May 18 08:25:41 its postfix/local[3468]: 135D2278129: to=, relay=local, delay=961, status=sent ("|/usr/bin/procmail") May 18 08:25:41 its postfix/local[3467]: 1D5622780F7: to=, relay=local, delay=404, status=sent ("|/usr/bin/procmail") May 18 08:25:41 its postfix/local[3468]: D9B0127812A: to=, relay=local, delay=184, status=sent ("|/usr/bin/procmail") May 18 08:25:41 its postfix/local[3471]: 5C84927812B: to=, relay=local, delay=174, status=sent ("|/usr/bin/procmail") May 18 08:25:41 its postfix/local[3467]: 4FDAD27812C: to=, relay=local, delay=809, status=sent ("|/usr/bin/procmail") I am working with a test machine, so nothing urgent. I just wanted to bring it up to Julian's attention. Thank you Marco Quoting Stephen Swaney : > I've just installed MailScanner 4.2-3 configured for postfix on Redhat 9 > with SpamAssassin 2.53. All works perfectly! when using: > > Virus Scanners = sophos > > But when I switch to: > > Virus Scanner= sophossavi > > > Mail is accepted but deferred. MailScanner doesn't pick up the message. > > Switching back to > > Virus Scanners = sophos > > and restarting MailScanner causes MailScanner to find and deliver the > stalled message. _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From Steve at swaney.com Sun May 18 14:36:06 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:09 2006 Subject: Calling all translators (again) In-Reply-To: <5.2.1.1.2.20030518123644.0238f688@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030518123644.0238f688@imap.ecs.soton.ac.uk> Message-ID: <1053264966.1355.87.camel@speedy> No translation, but I will correct the mis-spellings and grammer in my original post - lest they haunt me through the ages. Also think that while $localpostmaster might be a reasonable default, if exists $spamwatcher, $localpostmaster = $spamwatcher. Thanks for the good work! Steve Steve Swaney Steve@Swaney.com --------------------------------------------------------- Our MailScanner believes that the attachment to this message which was sent to you: From: $from Subject: $subject Is Unsolicited Commercial Email (Spam). Unless you are sure that the message in the attachment is incorrectly thought to be Spam, please delete this message without opening it. Opening a Spam message might allow the Spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to $localpostmaster. --------------------------------------------------------- On Sun, 2003-05-18 at 07:40, Julian Field wrote: > In addition to a translation of the word > Report > > I am also now looking for translations of the following. This is put into > an email message when the original (spam) message has been turned into an > attachment: > > >Our MailScanner believes that the attachment to this message sent to you > > > > From: $from > > Subject: $subject > > > >is Unsolicited Commerial Email (Spam). Unless you are sure that this message > >is incorrectly thoght to be Spam, please delete this message without opening > >it. Onpening Spam messages might allow the Spammer to verify your email > >address. > > > >If you believe that this message has been incorrectly marked a spam, please > >forward this email to $localpostmaster. > > Also, if there are any other variables you would like to be available in > this report, please let me know now so we can get it right for your setup > in the 1st version. > > Thanks folks! > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/30540477/attachment.html From mailscanner at ecs.soton.ac.uk Sun May 18 15:23:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: sophossavi-Postfix on Redhat 9 In-Reply-To: <1053266810.3ec7937a87a3f@its.muw.edu> References: <1051988823.1330.184.camel@speedy> <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> <1051988823.1330.184.camel@speedy> Message-ID: <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> At 15:06 18/05/2003, you wrote: >Hi everyone, > >I have been searching the archives for an issue between Postfix, MS, and >Sophossavi and I found a post (at the end of this message) but no solution. >This issue is *only* occurring on a Redhat 9. > >If Virus Scanners = sophos (or command in my case), the delivery occurs. >If Virus Scanners = sophossavi , the delivery halts ( or deferred). > >This is a *snip* from the maillog when sophossavi is used: > >May 18 09:22:37 its postfix/nqmgr[21523]: 96AE2164180: >from=, size=1020, nrcpt=1 (queue active) >May 18 09:22:37 its postfix/nqmgr[21523]: 96AE2164180: to=, >relay=none, delay=0, status=deferred (deferred transport) >May 18 09:22:38 its postfix/smtpd[21603]: disconnect from bay8- >f31.bay8.hotmail.com[64.4.27.31] That is before MailScanner has picked up the message. So it cannot be scanner-specific. At this point MailScanner might not even be running. The "status=deferred" is perfectly normal, it signifies that the incoming Postfix has put the message in the deferred queue, which is where MailScanner collects it from. >This is a *snip* after changing Virus Scanners = command and restarting MS: > >May 18 08:25:32 its MailScanner[3412]: MailScanner E-Mail Virus Scanner >version >4.20-3 starting... >May 18 08:25:35 its MailScanner[3412]: Using locktype = flock >May 18 08:25:35 its MailScanner[3412]: New Batch: Scanning 5 messages, 7096 >bytes >May 18 08:25:35 its MailScanner[3412]: Spam Checks: Starting >May 18 08:25:38 its MailScanner[3412]: Virus and Content Scanning: Starting >May 18 08:25:40 its MailScanner[3412]: Content Checks: Need to convert HTML to >plain text in 5 messages >May 18 08:25:40 its MailScanner[3412]: Uninfected: Delivered 5 messages >May 18 09:25:40 its postfix/nqmgr[3408]: 1D5622780F7: >from=, size=1308, nrcpt=1 (queue active) >May 18 09:25:40 its postfix/nqmgr[3408]: 135D2278129: from=, >size=1740, nrcpt=1 (queue active) >May 18 09:25:40 its postfix/nqmgr[3408]: 5C84927812B: >from=, size=1326, nrcpt=1 (queue active) >May 18 09:25:40 its postfix/nqmgr[3408]: D9B0127812A: >from=, size=1126, nrcpt=1 (queue active) >May 18 09:25:40 its postfix/nqmgr[3408]: 4FDAD27812C: >from=, size=1112, nrcpt=1 (queue active) >May 18 08:25:41 its postfix/local[3468]: 135D2278129: to=, >relay=local, delay=961, status=sent ("|/usr/bin/procmail") >May 18 08:25:41 its postfix/local[3467]: 1D5622780F7: to=, >relay=local, delay=404, status=sent ("|/usr/bin/procmail") >May 18 08:25:41 its postfix/local[3468]: D9B0127812A: to=, >relay=local, delay=184, status=sent ("|/usr/bin/procmail") >May 18 08:25:41 its postfix/local[3471]: 5C84927812B: to=, >relay=local, delay=174, status=sent ("|/usr/bin/procmail") >May 18 08:25:41 its postfix/local[3467]: 4FDAD27812C: to=, >relay=local, delay=809, status=sent ("|/usr/bin/procmail") And that is all from MailScanner and the outgoing Postfix, there is no sign there of how the incoming Postfix got the message or placed it in the deferred queue. I don't see any sign of a bug given these reports. >I am working with a test machine, so nothing urgent. I just wanted to bring it >up to Julian's attention. > >Thank you >Marco > > >Quoting Stephen Swaney : > > > I've just installed MailScanner 4.2-3 configured for postfix on Redhat 9 > > with SpamAssassin 2.53. All works perfectly! when using: > > > > Virus Scanners = sophos > > > > But when I switch to: > > > > Virus Scanner= sophossavi > > > > > > Mail is accepted but deferred. MailScanner doesn't pick up the message. > > > > Switching back to > > > > Virus Scanners = sophos > > > > and restarting MailScanner causes MailScanner to find and deliver the > > stalled message. > > >_________________________________________________________________ >This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun May 18 15:17:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Calling all translators (again) In-Reply-To: <1053264966.1355.87.camel@speedy> References: <5.2.1.1.2.20030518123644.0238f688@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030518123644.0238f688@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030518150938.02530b50@imap.ecs.soton.ac.uk> At 14:36 18/05/2003, you wrote: >No translation, but I will correct the mis-spellings and grammer in my >original post - lest they haunt me through the ages. :-) I have fixed most of them for you already, but possibly not all. >Also think that while $localpostmaster might be a reasonable default, if >exists $spamwatcher, $localpostmaster = $spamwatcher. I will leave it as localpostmaster, as siteadmins can always just edit the report file if they want to receive the mismarked spam messages at some other address. The localpostmaster address will do as a default. >Thanks for the good work! You would be amazed: I have found something that Outlook does well ! Its handling of RFC822 attachments is far better than Eudora's. I wrote a complete Eudora-compatible solution to the problem as well, but the RFC822 method produces much more reliable output in MUAs that handle RFC822 attachments properly. Sorry to all those Eudora users out there (which includes me). I'll publish it later on when I have done some more testing. I discovered another little bug too: you couldn't use the "StripHTML" spam action on mail you weren't virus scanning. You can now. >--------------------------------------------------------- >Our MailScanner believes that the attachment to this message which was >sent to you: > >From: $from >Subject: $subject > >Is Unsolicited Commercial Email (Spam). Unless you are sure that the message >in the attachment is incorrectly thought to be Spam, please delete this >message >without opening it. > >Opening a Spam message might allow the Spammer to verify your email address. > >If you believe that this message has been incorrectly marked as spam, please >forward this email to $localpostmaster. >--------------------------------------------------------- > >On Sun, 2003-05-18 at 07:40, Julian Field wrote: >> >>In addition to a translation of the word >> Report >> >>I am also now looking for translations of the following. This is put into >>an email message when the original (spam) message has been turned into an >>attachment: >> >> >Our MailScanner believes that the attachment to this message sent to you >> > >> > From: $from >> > Subject: $subject >> > >> >is Unsolicited Commerial Email (Spam). Unless you are sure that this >> message >> >is incorrectly thoght to be Spam, please delete this message without >> opening >> >it. Onpening Spam messages might allow the Spammer to verify your email >> >address. >> > >> >If you believe that this message has been incorrectly marked a spam, please >> >forward this email to $localpostmaster. >> >>Also, if there are any other variables you would like to be available in >>this report, please let me know now so we can get it right for your setup >>in the 1st version. >> >>Thanks folks! >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at >>www.MailScanner.biz >>MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/9f30b771/attachment.html From SJCJonker at SJC.NL Sun May 18 16:00:25 2003 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:18:09 2006 Subject: Calling all translators (again) In-Reply-To: <5.2.1.1.2.20030518123644.0238f688@imap.ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian, First of all in your english message, the word Opening in the sentence: Onpening Spam messages might allow..... it's the for last paragraph. And thoght in "is incorrectly thoght to be Spam, please delete this message without opening" Dutch translations: Report = Rapport - From = Afzender Subject = Onderwerp Full text: ==== Start ==== Mailscanner vermoed dat de bijlage in deze e-mail Afzender: $from Onderwerp: $subject niet gewenste commerciele bulk (Spam) e-mail is. Als u er zeker van bent dat dit bericht niet onjuist als Spam is gemarkeerd, dan is het verstandig om deze email te wissen zonder hem te openen. Door het openen van Spam berichten kan de verzender van de Spam uw e-mail adres verifieeren. Indien u ervan overtuigd bent dat het bericht onjuist is gemarkeerd als spam, stuur dan het bericht door aan $localpostmaster. ==== Stop ==== Maybe there is an other option that you could include in the new version? I'm supporting a community where some people don't understand english and some don't understand dutch. They are all in the same domain. For this I created a new language en-nl directory. Is it possible to extend the template system to automaticly combine 2 or more languages? (This might lead to a seperate footer, it think.) I attached an example how one of my current reports look like. On Sun, 18 May 2003, Julian Field wrote: > In addition to a translation of the word > Report > > I am also now looking for translations of the following. This is put into > an email message when the original (spam) message has been turned into an > attachment: > > >Our MailScanner believes that the attachment to this message sent to you > > > > From: $from > > Subject: $subject > > > >is Unsolicited Commerial Email (Spam). Unless you are sure that this message > >is incorrectly thoght to be Spam, please delete this message without opening > >it. Onpening Spam messages might allow the Spammer to verify your email > >address. > > > >If you believe that this message has been incorrectly marked a spam, please > >forward this email to $localpostmaster. > > Also, if there are any other variables you would like to be available in > this report, please let me know now so we can get it right for your setup > in the 1st version. > > Thanks folks! > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > - -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+x6ALjU9r45tKnOARAgDbAKDv/DFAXDUNcbwfJVDr9SvhW+ZZYgCgo8Sx BgTrBcwsTQvny7DW9XDGVK4= =XWQN -----END PGP SIGNATURE----- -------------- next part -------------- This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "$filename" was believed to be infected by a virus and has been replaced by this warning message. Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the infected attachment. Please ask the sender of the message to disinfect their original version and send you a clean copy. At $date the virus scanner said: $report Dit is een bericht van het MailScanner virus beschermingssysteem ---------------------------------------------------------------- De oorspronkelijke e-mail bijlage "$filename" scheen te zijn geinfecteerd door een virus. De bijlage is vervangen door deze waarschuwing. Op basis van de Wet bescherming persoonsgegevens kunnen we geen kopie bewaren van de oorspronkelijke bijlage. Indien u de bijlage alsnog wenst te ontvangen raden we u aan de afzender te vragen zijn bericht te ontsmetten en u een schone versie te sturen. Op $date genereerde de virus scanner het volgende: $report -- Postmaster From mailscanner at ecs.soton.ac.uk Sun May 18 16:13:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Calling all translators (again) In-Reply-To: References: <5.2.1.1.2.20030518123644.0238f688@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030518161232.0242ecd8@imap.ecs.soton.ac.uk> At 16:00 18/05/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 Thanks for the translations. >Maybe there is an other option that you could include in the new version? > >I'm supporting a community where some people don't understand english and >some don't understand dutch. They are all in the same domain. For this I >created a new language en-nl directory. > >Is it possible to extend the template system to automaticly combine 2 or >more languages? (This might lead to a seperate footer, it think.) This is unfortunately a pain to do as it breaks the structure of the configuration parser. I'll take a look, but no promises I'm afraid. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From marco at MUW.EDU Sun May 18 16:37:11 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:09 2006 Subject: sophossavi-Postfix on Redhat 9 In-Reply-To: <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> References: <1051988823.1330.184.camel@speedy> <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> <1051988823.1330.184.camel@speedy> <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> Message-ID: <1053272231.3ec7a8a7a4e75@its.muw.edu> Hi Julian, Quoting Julian Field : > I don't see any sign of a bug given these reports. Maybe the logs are not documenting where the *bug* or the *issue* is occuring. It looks to me that the mail is being accepted and put in the right queue. However, the delivery is not occuring after that. The proof of this is that I waited one hour during which I did not receive any mail. After one hour, I changed Virus Scanners = command ---> from sophossavi and the mail started flowing. Also, a couple of admins from other schools have reported this to me. This is why I built a RH9 machine to see it for myself. I will be more than happy to provide you or anyone access to the test machine to see it for yourself. Meanwhile, I will investigate more about the issue myself and if I find anything useful, I will post it on the list. Thank you and have a great day Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at ecs.soton.ac.uk Sun May 18 16:45:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Beta release 4.21-6 Message-ID: <5.2.1.1.2.20030518162823.040a2008@imap.ecs.soton.ac.uk> I have just put up 4.21-6 on the website. This includes - "attachment" spam action to turn the entire message into an attachment. Then puts inline.spam.warning.txt report in the main body of the message. How well this works depends on how compliant your email app is. - several fixes in the Postfix support, which should greatly improve reliability. - any of the spam actions can now be applied to non-spam. This means you can archive non-spam, among other things. You can't "bounce" non-spam. - McAfee autoupdater replaced with Tony Finch's version. - spam scores can be included in the SpamAssassin report. Don't blame me if they don't add up correctly! Plenty of other things too, plus a bunch of fixes. Please see the ChangeLog for more info. Download as usual from www.mailscanner.info. Please let me know how you get on with it. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030518/d969021f/attachment.html From mailscanner at ecs.soton.ac.uk Sun May 18 16:44:20 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: sophossavi-Postfix on Redhat 9 In-Reply-To: <1053272231.3ec7a8a7a4e75@its.muw.edu> References: <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> <1051988823.1330.184.camel@speedy> <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> <1051988823.1330.184.camel@speedy> <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030518164251.024f2eb8@imap.ecs.soton.ac.uk> At 16:37 18/05/2003, you wrote: >Hi Julian, > >Quoting Julian Field : > > > I don't see any sign of a bug given these reports. > >Maybe the logs are not documenting where the *bug* or the *issue* is occuring. >It looks to me that the mail is being accepted and put in the right queue. >However, the delivery is not occuring after that. The proof of this is that I >waited one hour during which I did not receive any mail. After one hour, I >changed Virus Scanners = command ---> from sophossavi >and the mail started flowing. Also, a couple of admins from other schools have >reported this to me. This is why I built a RH9 machine to see it for myself. What if you just restarted MailScanner without changing the Virus Scanners setting? I have fixed quite a few problems with the Postfix code in the beta release (see my next post), could I possibly ask you to try it there and see if the problem remains please? >I will be more than happy to provide you or anyone access to the test >machine to >see it for yourself. Meanwhile, I will investigate more about the issue myself >and if I find anything useful, I will post it on the list. Let's see if the beta solves it. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From chicks at CHICKS.NET Sun May 18 17:01:31 2003 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:18:09 2006 Subject: Spam scores don't add up In-Reply-To: Message-ID: On Sat, 17 May 2003, Gerry Doris wrote: > I was just checking the spam scores of a message and noticed that they > aren't adding up correctly. If you check the header shown below it > comes out to a total of 5.76 but the actual score is 8.2. Any idea why??? > > snip.... > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: spam, SpamAssassin (score=8.2, required 4, AWL 0.00, > BAYES_80 2.86, MIME_BOUND_MANY_HEX 2.90, UPPERCASE_75_100 0.00) > > EL-GORDO SWEEPSTAKE INTERNATIONAL LOTTERY NL. > BURDENSTRAAT 22 1053 DS, AMSTERDAM.THE NETHERLANDS > snip.... It's not your SA srore, but somebody elses' who uses different values? -- The death of democracy is not likely to be an assassination from ambush. It will be a slow extinction from apathy, indifference, and undernourishment. -Robert Maynard Hutchins, educator (1899-1977) From michele at BLACKNIGHTSOLUTIONS.COM Sun May 18 17:15:43 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:09 2006 Subject: Virus testing In-Reply-To: <5.2.1.1.2.20030518162823.040a2008@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.0.20030518181406.025d7c38@blacknightsolutions.com> I was wondering if anybody knew of a source/resource for viruses. Basically I want to test a mailserver to see if they get through or not, but I'd be happier using real viruses if at all possible Thanks in advance Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com Reseller hosting available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From kevins at BMRB.CO.UK Sun May 18 17:35:13 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:09 2006 Subject: Spam scores don't add up In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117547F@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117547F@pascal.priv.bmrb.co.uk> Message-ID: <1053275713.8212.12.camel@bach.kevinspicer.co.uk> On Sun, 2003-05-18 at 01:18, Gerry Doris wrote: I was just checking the spam scores of a message and noticed that they aren't adding up correctly. If you check the header shown below it comes out to a total of 5.76 but the actual score is 8.2. Any idea why??? snip.... X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, SpamAssassin (score=8.2, required 4, AWL 0.00, BAYES_80 2.86, MIME_BOUND_MANY_HEX 2.90, UPPERCASE_75_100 0.00) --- Its a bit weird that the report includes scores of 0.00 for AWL and UPPERCASE_75_100, which should disable the test & therefore stop it appearing in the report! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From gerry at DORFAM.CA Sun May 18 17:49:22 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:09 2006 Subject: Spam scores don't add up In-Reply-To: Message-ID: On Sun, 18 May 2003, Christopher Hicks wrote: > On Sat, 17 May 2003, Gerry Doris wrote: > > I was just checking the spam scores of a message and noticed that they > > aren't adding up correctly. If you check the header shown below it > > comes out to a total of 5.76 but the actual score is 8.2. Any idea why??? > > > > snip.... > > X-MailScanner: Found to be clean > > X-MailScanner-SpamCheck: spam, SpamAssassin (score=8.2, required 4, AWL 0.00, > > BAYES_80 2.86, MIME_BOUND_MANY_HEX 2.90, UPPERCASE_75_100 0.00) > > > > EL-GORDO SWEEPSTAKE INTERNATIONAL LOTTERY NL. > > BURDENSTRAAT 22 1053 DS, AMSTERDAM.THE NETHERLANDS > > snip.... > > It's not your SA srore, but somebody elses' who uses different values? > > -- > Hmmm, not sure what you mean. I cut the above segment directly from a spam message that I received. I didn't bother to show the entire header but it was the SA score that was generated by my MailScanner calling SA. I have no idea what is going on. The total scores seem to be correct. The individual scores are out of whack. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From marco at MUW.EDU Sun May 18 18:28:01 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:09 2006 Subject: sophossavi-Postfix on Redhat 9 In-Reply-To: <5.2.1.1.2.20030518164251.024f2eb8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> <1051988823.1330.184.camel@speedy> <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> <1051988823.1330.184.camel@speedy> <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030518164251.024f2eb8@imap.ecs.soton.ac.uk> Message-ID: <1053278881.3ec7c2a154f01@webmail.MUW.Edu> Hi Julian, > Let's see if the beta solves it. Sure did ... It is working now !!! MS 4.21-6, SA 2.54, sophossavi, Postfix, on Redhat 9. Thank you for whatever you did ... One thing about the install of the BETA, after running ./install.sh and starting MS, I got this error: Shutting down MailScanner daemons: MailScanner: [ OK ] incoming postfix: [ OK ] outgoing postfix: [ OK ] /etc/init.d/MailScanner: line 218: cd: /var/spool/MailScanner/incoming: No such file or directory Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: [ OK ] I had to create /var/spool/MailScanner/incoming and chmod to postfix.postfix. I am not sure if the install.sh deleted the old *incoming* folder. Because, I was using the system for sending/receiving mail prior to the upgrade and never seen this message. Only it would not work when Virus Scanners is set to sophossavi. Anyways, by creating /var/spool/MailScanner/incoming, everything is working just fine right now with 4.21-6 Beta. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at ecs.soton.ac.uk Sun May 18 18:27:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: Virus testing In-Reply-To: <5.2.1.1.0.20030518181406.025d7c38@blacknightsolutions.com> References: <5.2.1.1.2.20030518162823.040a2008@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030518182659.028a2b08@imap.ecs.soton.ac.uk> It is safest to test with the eicar test file (see www.eicar.com). But someone may volunteer to send you some viruses off-list. At 17:15 18/05/2003, you wrote: >I was wondering if anybody knew of a source/resource for viruses. Basically >I want to test a mailserver to see if they get through or not, but I'd be >happier using real viruses if at all possible >Thanks in advance > > > >Mr. Michele Neylon >Blacknight Solutions >http://www.blacknightsolutions.com >Reseller hosting available > > >######################################################### >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance to it is prohibited. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun May 18 18:26:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:09 2006 Subject: sophossavi-Postfix on Redhat 9 In-Reply-To: <1053278881.3ec7c2a154f01@webmail.MUW.Edu> References: <5.2.1.1.2.20030518164251.024f2eb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> <1051988823.1330.184.camel@speedy> <000201c3119c$ffec9150$54dc6f83@corpus.cam.ac.uk> <1051988823.1330.184.camel@speedy> <5.2.1.1.2.20030518152053.02493e60@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030518164251.024f2eb8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030518182106.023895f8@imap.ecs.soton.ac.uk> At 18:28 18/05/2003, you wrote: >Hi Julian, > > > Let's see if the beta solves it. > >Sure did ... It is working now !!! >MS 4.21-6, SA 2.54, sophossavi, Postfix, on Redhat 9. > >Thank you for whatever you did ... Great. >One thing about the install of the BETA, after running ./install.sh >and starting MS, I got this error: > >Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming postfix: [ OK ] > outgoing postfix: [ OK ] >/etc/init.d/MailScanner: line 218: cd: /var/spool/MailScanner/incoming: No >such >file or directory >Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: [ OK ] > > >I had to create /var/spool/MailScanner/incoming and chmod to postfix.postfix. Are you using some other value for Incoming Work Dir in MailScanner.conf? If so, you need to update the value of WORKDIR in /etc/sysconfig/MailScanner, so that the init.d script knows what to clear up for you. >I am not sure if the install.sh deleted the old *incoming* folder. Because, I >was using the system for sending/receiving mail prior to the upgrade and never >seen this message. Ah, that's possible. The new installation scriptlets in the RPM don't re-create the incoming and quarantine directories if they are already there. Anyone else seeing this problem at all? What I am trying to do is to not overwrite the incoming and quarantine directories if they already exist, so you don't have to change their ownership again if you are upgrading. >Anyways, by creating /var/spool/MailScanner/incoming, everything is working >just fine right now with 4.21-6 Beta. Cool. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From michele at BLACKNIGHTSOLUTIONS.COM Sun May 18 18:30:56 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:09 2006 Subject: Virus testing In-Reply-To: <5.2.1.1.2.20030518182659.028a2b08@imap.ecs.soton.ac.uk> References: <5.2.1.1.0.20030518181406.025d7c38@blacknightsolutions.com> <5.2.1.1.2.20030518162823.040a2008@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.0.20030518192944.025db798@blacknightsolutions.com> At 18:27 18/05/2003 +0100, you wrote: >It is safest to test with the eicar test file (see www.eicar.com). But >someone may volunteer to send you some viruses off-list. Safety isn't an issue :-) If some kind soul would like to thow as many nasties as possible at michele@mneylon.com I would really appreciate it. The Eicar file is too easy to stop :-) Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com Reseller hosting available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From mikea at MIKEA.ATH.CX Sun May 18 18:59:30 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:09 2006 Subject: Virus testing In-Reply-To: <5.2.1.1.0.20030518181406.025d7c38@blacknightsolutions.com>; from michele@BLACKNIGHTSOLUTIONS.COM on Sun, May 18, 2003 at 06:15:43PM +0200 References: <5.2.1.1.2.20030518162823.040a2008@imap.ecs.soton.ac.uk> <5.2.1.1.0.20030518181406.025d7c38@blacknightsolutions.com> Message-ID: <20030518125930.A48032@mikea.ath.cx> On Sun, May 18, 2003 at 06:15:43PM +0200, Michele Neylon :: Blacknight Solutions wrote: > I was wondering if anybody knew of a source/resource for viruses. Basically > I want to test a mailserver to see if they get through or not, but I'd be > happier using real viruses if at all possible > Thanks in advance I can post, or put on a website, the nasties out of my quarantine directory, if anyone is interested. Probably the website will be better. Shall I assemble them individually, or just gzip up the set? -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From michele at BLACKNIGHTSOLUTIONS.COM Sun May 18 19:05:35 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:09 2006 Subject: Virus testing In-Reply-To: <20030518125930.A48032@mikea.ath.cx> References: <5.2.1.1.0.20030518181406.025d7c38@blacknightsolutions.com> <5.2.1.1.2.20030518162823.040a2008@imap.ecs.soton.ac.uk> <5.2.1.1.0.20030518181406.025d7c38@blacknightsolutions.com> Message-ID: <5.2.1.1.0.20030518200157.0392fe30@blacknightsolutions.com> At 12:59 18/05/2003 -0500, you wrote: >I can post, or put on a website, the nasties out of my quarantine >directory, if anyone is interested. Probably the website will be >better. Shall I assemble them individually, or just gzip up the >set? Thanks, but my problem is that my local firewalls and virus protection won't allow me to access the files - they will be cleaned or quarantined before I can get a chance to throw them at the michele@mneylon.com email address. So far one kind volunteer has been sending that email address loads of really nice viruses. Thank you!! Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com Reseller hosting available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From lance at WARE.NET Sun May 18 21:04:50 2003 From: lance at WARE.NET (Lance Ware) Date: Thu Jan 12 21:18:10 2006 Subject: small problem with upgrade to 4.20-3 Message-ID: <9F214F8D10934845A3664A21425C79FC6E64D6@dhcp5.ware.net> Hi Folks, I upgraded to 4.20-3, but had left MailScanner.conf.rpmnew and spam.assassin.prefs.conf.rpmnew from a previous upgrade in place. So I don't have access to the new configs. I tried renaming them and reinstalling but still no new config files. Any hints? Best, Lance From mailscanner at ecs.soton.ac.uk Sun May 18 21:08:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:10 2006 Subject: small problem with upgrade to 4.20-3 In-Reply-To: <9F214F8D10934845A3664A21425C79FC6E64D6@dhcp5.ware.net> Message-ID: <5.2.1.1.2.20030518210811.041d5020@imap.ecs.soton.ac.uk> At 21:04 18/05/2003, you wrote: >Hi Folks, > >I upgraded to 4.20-3, but had left MailScanner.conf.rpmnew and >spam.assassin.prefs.conf.rpmnew from a previous upgrade in place. > >So I don't have access to the new configs. > >I tried renaming them and reinstalling but still no new config files. > >Any hints? Try renaming the entire /etc/MailScanner directory out of the way, then upgrade the main MailScanner RPM again with a "--force" option. >Best, > >Lance -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Sun May 18 21:10:40 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:10 2006 Subject: small problem with upgrade to 4.20-3 In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117549A@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117549A@pascal.priv.bmrb.co.uk> Message-ID: <1053288641.8211.16.camel@bach.kevinspicer.co.uk> use mc to extract the files from the rpm. Alternatively grab the tarfile and extract them from that. On Sun, 2003-05-18 at 21:04, Lance Ware wrote: Hi Folks, I upgraded to 4.20-3, but had left MailScanner.conf.rpmnew and spam.assassin.prefs.conf.rpmnew from a previous upgrade in place. So I don't have access to the new configs. I tried renaming them and reinstalling but still no new config files. Any hints? Best, Lance BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From lance at WARE.NET Sun May 18 21:11:06 2003 From: lance at WARE.NET (Lance Ware) Date: Thu Jan 12 21:18:10 2006 Subject: small problem with upgrade to 4.20-3 Message-ID: <9F214F8D10934845A3664A21425C79FC6E64D8@dhcp5.ware.net> Can I do this while MailScanner is running? > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Sunday, May 18, 2003 1:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: small problem with upgrade to 4.20-3 > > At 21:04 18/05/2003, you wrote: > >Hi Folks, > > > >I upgraded to 4.20-3, but had left MailScanner.conf.rpmnew and > >spam.assassin.prefs.conf.rpmnew from a previous upgrade in place. > > > >So I don't have access to the new configs. > > > >I tried renaming them and reinstalling but still no new config files. > > > >Any hints? > > Try renaming the entire /etc/MailScanner directory out of the way, then > upgrade the main MailScanner RPM again with a "--force" option. > > > >Best, > > > >Lance > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun May 18 21:13:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:10 2006 Subject: small problem with upgrade to 4.20-3 In-Reply-To: <9F214F8D10934845A3664A21425C79FC6E64D8@dhcp5.ware.net> Message-ID: <5.2.1.1.2.20030518211234.04061d98@imap.ecs.soton.ac.uk> At 21:11 18/05/2003, you wrote: >Can I do this while MailScanner is running? Bear in mind that it will attempt to re-read its config files every 4 hours by default. You might want to stop it while you do this. > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: Sunday, May 18, 2003 1:09 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: small problem with upgrade to 4.20-3 > > > > At 21:04 18/05/2003, you wrote: > > >Hi Folks, > > > > > >I upgraded to 4.20-3, but had left MailScanner.conf.rpmnew and > > >spam.assassin.prefs.conf.rpmnew from a previous upgrade in place. > > > > > >So I don't have access to the new configs. > > > > > >I tried renaming them and reinstalling but still no new config files. > > > > > >Any hints? > > > > Try renaming the entire /etc/MailScanner directory out of the way, >then > > upgrade the main MailScanner RPM again with a "--force" option. > > > > > > >Best, > > > > > >Lance > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From templem at ABCLABS.COM Sun May 18 21:47:33 2003 From: templem at ABCLABS.COM (Mark Temple) Date: Thu Jan 12 21:18:10 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> Message-ID: <52827.10.2.1.27.1053290853.squirrel@mail2.abclabs.com> Hey Julian, thanks a lot. Upgraded MS 4.21-6 , Postfix 2.0.9, Sophos, etc. All seems to be working great. I also got the error "...incomingworkdir does not exist..." after the upgrade. I simply did a mkdir ... to fix the problem. If this proves to be as good as I think it is, we will buy a support contract. I assume you can direct me to a link for that.? ;-) > At 19:28 17/05/2003, you wrote: >>So is the problem fixed by upgrading MailScanner to 4.21, or do I upgrade >> postfix to 2.0.9 (latest), or do I need to upgrade both? > > I run 2.0.7 so I think you probably don't need 2.0.9. The newest > MailScanner should solve it. The Postfix code in MailScanner is very new, so > it is finishing settling down. > > >>Thanks for the insight and response. >> >> > Here is an excerpt from the ChangeLog for 4.21: >> > --snip-- -- -------------------------------------------------- Mark Temple, Information Technology Manager ABC Labs, Columbia, Missouri 65202 voice:573.876.8198 fax:573.443.9033 -------------------------------------------------- From mailscanner at ecs.soton.ac.uk Sun May 18 22:03:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:10 2006 Subject: Urgent: MailScanner apparently stopped processing... In-Reply-To: <52827.10.2.1.27.1053290853.squirrel@mail2.abclabs.com> References: <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030518220244.04229e10@imap.ecs.soton.ac.uk> At 21:47 18/05/2003, you wrote: >Hey Julian, thanks a lot. Upgraded MS 4.21-6 , Postfix 2.0.9, Sophos, etc. All >seems to be working great. > >I also got the error "...incomingworkdir does not exist..." after the upgrade. >I simply did a mkdir ... to fix the problem. I think this is now fixed. I left out a "-p". >If this proves to be as good as I think it is, we will buy a support contract. >I assume you can direct me to a link for that.? ;-) Drop me a line off-list. > > At 19:28 17/05/2003, you wrote: > >>So is the problem fixed by upgrading MailScanner to 4.21, or do I upgrade > >> postfix to 2.0.9 (latest), or do I need to upgrade both? > > > > I run 2.0.7 so I think you probably don't need 2.0.9. The newest > > MailScanner should solve it. The Postfix code in MailScanner is very > new, so > > it is finishing settling down. > > > > > >>Thanks for the insight and response. > >> > >> > Here is an excerpt from the ChangeLog for 4.21: > >> > >--snip-- > >-- >-------------------------------------------------- > Mark Temple, Information Technology Manager > ABC Labs, Columbia, Missouri 65202 > voice:573.876.8198 fax:573.443.9033 >-------------------------------------------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From marco at MUW.EDU Sun May 18 22:53:20 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:10 2006 Subject: MailScanner 4.21-6 Repeated Start In-Reply-To: <5.2.1.1.2.20030518220244.04229e10@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030518220244.04229e10@imap.ecs.soton.ac.uk> Message-ID: <1053294800.3ec800d0c4a53@its.muw.edu> Hi Julian and all, Is this normal in 4.21-6? May 18 16:43:00 its MailScanner[8269]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:43:10 its MailScanner[8273]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:43:20 its MailScanner[8274]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:43:30 its MailScanner[8275]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:43:40 its MailScanner[8276]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:43:50 its MailScanner[8277]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:44:00 its MailScanner[8278]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:44:10 its MailScanner[8279]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:44:20 its MailScanner[8280]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:44:30 its MailScanner[8282]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:44:40 its MailScanner[8283]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:44:50 its MailScanner[8284]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:45:00 its MailScanner[8285]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:45:10 its MailScanner[8286]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:45:20 its MailScanner[8287]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:45:30 its MailScanner[8288]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:45:40 its MailScanner[8289]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:45:50 its MailScanner[8290]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:46:00 its MailScanner[8291]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:46:10 its MailScanner[8292]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:46:20 its MailScanner[8293]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:46:30 its MailScanner[8294]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... May 18 16:46:40 its MailScanner[8295]: MailScanner E-Mail Virus Scanner version 4.21-6 starting... Mail traffic is fine as far as I can tell ... This is on RH9, Postfix, MS 4.21-6 combination. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From baldguy33165 at YAHOO.COM Mon May 19 01:01:48 2003 From: baldguy33165 at YAHOO.COM (Juan Quesada) Date: Thu Jan 12 21:18:10 2006 Subject: Translation Message-ID: <20030519000148.89478.qmail@web20807.mail.yahoo.com> I accidentally deleted the emails you sent about translators needed (or something like that). Do you need something translated, I can do so in Spanish. __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com From butler at GLOBESERVER.COM Mon May 19 01:41:25 2003 From: butler at GLOBESERVER.COM (Philip Butler) Date: Thu Jan 12 21:18:10 2006 Subject: MailScanner 4.21-6 Repeated Start In-Reply-To: <1053294800.3ec800d0c4a53@its.muw.edu> Message-ID: <9EA067D0-8992-11D7-A50A-000393D75504@globeserver.com> Marco, etc., Just to add fuel to the fire.... I am getting the same thing with 4.20-3. When I look at the syslog file, I get: /var/spool/mqueue is not owned by user 1 User 1 is 'bin' in my /etc/passwd file. I have the /var/spool/mqueue chmod'ed to 777, chgrp'ed to bin (bin and root are in this group), and everything else I know of to make user 'bin' able to write to this directory. Phil On Sunday, May 18, 2003, at 05:53 PM, Marco Obaid wrote: > Hi Julian and all, > > Is this normal in 4.21-6? > > May 18 16:43:00 its MailScanner[8269]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:43:10 its MailScanner[8273]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:43:20 its MailScanner[8274]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:43:30 its MailScanner[8275]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:43:40 its MailScanner[8276]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:43:50 its MailScanner[8277]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:44:00 its MailScanner[8278]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:44:10 its MailScanner[8279]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:44:20 its MailScanner[8280]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:44:30 its MailScanner[8282]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:44:40 its MailScanner[8283]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:44:50 its MailScanner[8284]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:45:00 its MailScanner[8285]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:45:10 its MailScanner[8286]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:45:20 its MailScanner[8287]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:45:30 its MailScanner[8288]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:45:40 its MailScanner[8289]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:45:50 its MailScanner[8290]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:46:00 its MailScanner[8291]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:46:10 its MailScanner[8292]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:46:20 its MailScanner[8293]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:46:30 its MailScanner[8294]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > May 18 16:46:40 its MailScanner[8295]: MailScanner E-Mail Virus > Scanner version > 4.21-6 starting... > > Mail traffic is fine as far as I can tell ... This is on RH9, Postfix, > MS 4.21-6 > combination. > > Thank you > Marco > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar From LISTSERV at JISCMAIL.AC.UK Mon May 19 00:00:12 2003 From: LISTSERV at JISCMAIL.AC.UK (Automatic digest processor) Date: Thu Jan 12 21:18:10 2006 Subject: MAILSCANNER Digest - 17 May 2003 to 18 May 2003 (#2003-139) Message-ID: <200305182300.AAA19498@magpie.ecs.soton.ac.uk> An embedded message was scrubbed... From: Automatic digest processor Subject: MAILSCANNER Digest - 17 May 2003 to 18 May 2003 (#2003-139) Date: Mon, 19 May 2003 00:00:12 +0100 Size: 930 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment.mht -------------- next part -------------- An embedded message was scrubbed... From: "Michele Neylon :: Blacknight Solutions" Subject: Re: Bounce que Date: Sun, 18 May 2003 01:43:21 +0200 Size: 841 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0001.mht -------------- next part -------------- An embedded message was scrubbed... From: Gerry Doris Subject: Spam scores don't add up Date: Sat, 17 May 2003 20:18:09 -0400 Size: 837 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0002.mht -------------- next part -------------- An embedded message was scrubbed... From: Philip Butler Subject: Language strings file.... Date: Sat, 17 May 2003 20:59:19 -0400 Size: 986 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0003.mht -------------- next part -------------- An embedded message was scrubbed... From: Sanjay Patel Subject: Re: Bounce que Date: Sat, 17 May 2003 23:23:38 -0400 Size: 1211 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0004.mht -------------- next part -------------- An embedded message was scrubbed... From: Stephen Lee Subject: Spamassassin error even without Spamassassin Date: Sun, 18 May 2003 01:32:55 -0700 Size: 594 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0005.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Calling all translators (again) Date: Sun, 18 May 2003 12:40:03 +0100 Size: 1268 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0006.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Language strings file.... Date: Sun, 18 May 2003 12:56:16 +0100 Size: 1491 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0007.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Bounce que Date: Sun, 18 May 2003 12:57:07 +0100 Size: 1508 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0008.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Spamassassin error even without Spamassassin Date: Sun, 18 May 2003 13:06:16 +0100 Size: 903 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0009.mht -------------- next part -------------- An embedded message was scrubbed... From: Stephen Swaney Subject: Re: Calling all translators (again) Date: Sun, 18 May 2003 09:36:06 -0400 Size: 5205 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0010.mht -------------- next part -------------- An embedded message was scrubbed... From: Marco Obaid Subject: sophossavi-Postfix on Redhat 9 Date: Sun, 18 May 2003 09:06:50 -0500 Size: 3754 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0011.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: sophossavi-Postfix on Redhat 9 Date: Sun, 18 May 2003 15:23:06 +0100 Size: 4564 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0012.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Calling all translators (again) Date: Sun, 18 May 2003 15:17:48 +0100 Size: 7646 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0013.mht -------------- next part -------------- An embedded message was scrubbed... From: Stijn Jonker Subject: Re: Calling all translators (again) Date: Sun, 18 May 2003 17:00:25 +0200 Size: 5227 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0014.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Calling all translators (again) Date: Sun, 18 May 2003 16:13:54 +0100 Size: 1053 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0015.mht -------------- next part -------------- An embedded message was scrubbed... From: Marco Obaid Subject: Re: sophossavi-Postfix on Redhat 9 Date: Sun, 18 May 2003 10:37:11 -0500 Size: 1339 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0016.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Beta release 4.21-6 Date: Sun, 18 May 2003 16:45:03 +0100 Size: 2909 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0017.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: sophossavi-Postfix on Redhat 9 Date: Sun, 18 May 2003 16:44:20 +0100 Size: 1595 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0018.mht -------------- next part -------------- An embedded message was scrubbed... From: Christopher Hicks Subject: Re: Spam scores don't add up Date: Sun, 18 May 2003 12:01:31 -0400 Size: 1126 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0019.mht -------------- next part -------------- An embedded message was scrubbed... From: "Michele Neylon :: Blacknight Solutions" Subject: Virus testing Date: Sun, 18 May 2003 18:15:43 +0200 Size: 968 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0020.mht -------------- next part -------------- An embedded message was scrubbed... From: Kevin Spicer Subject: Re: Spam scores don't add up Date: Sun, 18 May 2003 17:35:13 +0100 Size: 1468 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0021.mht -------------- next part -------------- An embedded message was scrubbed... From: Gerry Doris Subject: Re: Spam scores don't add up Date: Sun, 18 May 2003 12:49:22 -0400 Size: 1399 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0022.mht -------------- next part -------------- An embedded message was scrubbed... From: Marco Obaid Subject: Re: sophossavi-Postfix on Redhat 9 Date: Sun, 18 May 2003 12:28:01 -0500 Size: 1747 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0023.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: sophossavi-Postfix on Redhat 9 Date: Sun, 18 May 2003 18:26:48 +0100 Size: 2275 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0024.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Virus testing Date: Sun, 18 May 2003 18:27:59 +0100 Size: 1267 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0025.mht -------------- next part -------------- An embedded message was scrubbed... From: "Michele Neylon :: Blacknight Solutions" Subject: Re: Virus testing Date: Sun, 18 May 2003 19:30:56 +0200 Size: 1109 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0026.mht -------------- next part -------------- An embedded message was scrubbed... From: mikea Subject: Re: Virus testing Date: Sun, 18 May 2003 12:59:30 -0500 Size: 774 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0027.mht -------------- next part -------------- An embedded message was scrubbed... From: "Michele Neylon :: Blacknight Solutions" Subject: Re: Virus testing Date: Sun, 18 May 2003 20:05:35 +0200 Size: 1330 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0028.mht -------------- next part -------------- An embedded message was scrubbed... From: Lance Ware Subject: small problem with upgrade to 4.20-3 Date: Sun, 18 May 2003 13:04:50 -0700 Size: 547 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0029.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: small problem with upgrade to 4.20-3 Date: Sun, 18 May 2003 21:08:55 +0100 Size: 864 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0030.mht -------------- next part -------------- An embedded message was scrubbed... From: Kevin Spicer Subject: Re: small problem with upgrade to 4.20-3 Date: Sun, 18 May 2003 21:10:40 +0100 Size: 1291 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0031.mht -------------- next part -------------- An embedded message was scrubbed... From: Lance Ware Subject: Re: small problem with upgrade to 4.20-3 Date: Sun, 18 May 2003 13:11:06 -0700 Size: 1195 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0032.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: small problem with upgrade to 4.20-3 Date: Sun, 18 May 2003 21:13:35 +0100 Size: 1543 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0033.mht -------------- next part -------------- An embedded message was scrubbed... From: Mark Temple Subject: Re: Urgent: MailScanner apparently stopped processing... Date: Sun, 18 May 2003 15:47:33 -0500 Size: 1347 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0034.mht -------------- next part -------------- An embedded message was scrubbed... From: Julian Field Subject: Re: Urgent: MailScanner apparently stopped processing... Date: Sun, 18 May 2003 22:03:21 +0100 Size: 1638 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0035.mht -------------- next part -------------- An embedded message was scrubbed... From: Marco Obaid Subject: MailScanner 4.21-6 Repeated Start Date: Sun, 18 May 2003 16:53:20 -0500 Size: 2879 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030519/0358c804/attachment-0036.mht From hden at KCBBS.GEN.NZ Mon May 19 06:20:04 2003 From: hden at KCBBS.GEN.NZ (Hendrik den Hartog) Date: Thu Jan 12 21:18:10 2006 Subject: Ruleset for spamassassin scores In-Reply-To: References: <20030515231314.GA27397@mew.kcbbs.gen.nz> Message-ID: <20030519052004.GA29285@mew.kcbbs.gen.nz> Hi Could I please have an indication if the snippert below would work for a ruleset setting different scores for the 'Required SpamAssassin Score' ? If not, I'd appreciate an example. (I'd like a different value for Staff and Pupils) FromTo staffmember1@ 5 FromTo staffmember2@ 5 FromTo default 3.9 Cheers! Hendrik From munafo at PREZZEMOLO.POLITO.IT Mon May 19 09:35:18 2003 From: munafo at PREZZEMOLO.POLITO.IT (Maurizio Matteo Munafo') Date: Thu Jan 12 21:18:10 2006 Subject: Silence Object and IFrame Message-ID: <03051910351801.12446@prezzemolo.polito.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. Is there a way, in MailScanner.conf, to suppress the warning messages that are sent when a message HTML Object (or Iframe, if enabled) is blocked? I mean, besides editing the code in SweepContent.pm as suggested by Julian in a message last January. I was thinking to a string to be added to the list of Silent Viruses. Thanks. Maurizio - -- ______ / Maurizio M. Munafo' / dMMMMMMMMb dMMMMb / Dip. di Elettronica - Politecnico di Torino / dMP"dMP"dMP "dMP / Corso Duca degli Abruzzi 24 / dMP dMP dMP dMMK" / I-10129 Torino (Italia) / dMP dMP dMP dMF / Tel: +39 011 5644128 Fax: +39 011 5644099 / dMP dMP dMP dMMMMP" / E-mail: munafo@polito.it /__________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+yJdGtgCCNnfQWWkRAi4hAJ4i2ghjMTUK0zvLO+vvdS5K5AGuaQCgu8Y/ aWi7R0I2CwiwsrvGva/vIxY= =GEtQ -----END PGP SIGNATURE----- From mailscanner at ecs.soton.ac.uk Mon May 19 09:44:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:10 2006 Subject: MailScanner 4.21-6 Repeated Start In-Reply-To: <9EA067D0-8992-11D7-A50A-000393D75504@globeserver.com> References: <1053294800.3ec800d0c4a53@its.muw.edu> Message-ID: <5.2.1.1.2.20030519094319.03d5ede0@imap.ecs.soton.ac.uk> What MTA are you using? What are the "Run As User" and "Run As Group" settings in your MailScanner.conf? I really wouldn't advise making your mqueue world-writable! At 01:41 19/05/2003, you wrote: >Marco, etc., > >Just to add fuel to the fire.... > >I am getting the same thing with 4.20-3. When I look at the syslog >file, I get: > > /var/spool/mqueue is not owned by user 1 > >User 1 is 'bin' in my /etc/passwd file. I have the /var/spool/mqueue >chmod'ed to 777, chgrp'ed to bin (bin and root are in this group), and >everything else I know of to make user 'bin' able to write to this >directory. > >Phil > > >On Sunday, May 18, 2003, at 05:53 PM, Marco Obaid wrote: > >>Hi Julian and all, >> >>Is this normal in 4.21-6? >> >>May 18 16:43:00 its MailScanner[8269]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:43:10 its MailScanner[8273]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:43:20 its MailScanner[8274]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:43:30 its MailScanner[8275]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:43:40 its MailScanner[8276]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:43:50 its MailScanner[8277]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:44:00 its MailScanner[8278]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:44:10 its MailScanner[8279]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:44:20 its MailScanner[8280]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:44:30 its MailScanner[8282]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:44:40 its MailScanner[8283]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:44:50 its MailScanner[8284]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:45:00 its MailScanner[8285]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:45:10 its MailScanner[8286]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:45:20 its MailScanner[8287]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:45:30 its MailScanner[8288]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:45:40 its MailScanner[8289]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:45:50 its MailScanner[8290]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:46:00 its MailScanner[8291]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:46:10 its MailScanner[8292]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:46:20 its MailScanner[8293]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:46:30 its MailScanner[8294]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >>May 18 16:46:40 its MailScanner[8295]: MailScanner E-Mail Virus >>Scanner version >>4.21-6 starting... >> >>Mail traffic is fine as far as I can tell ... This is on RH9, Postfix, >>MS 4.21-6 >>combination. >> >>Thank you >>Marco >> >>_________________________________________________________________ >>This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >>For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 19 09:26:50 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:11 2006 Subject: Ruleset for spamassassin scores In-Reply-To: <20030519052004.GA29285@mew.kcbbs.gen.nz> References: <20030515231314.GA27397@mew.kcbbs.gen.nz> Message-ID: <5.2.1.1.2.20030519092612.0243d310@imap.ecs.soton.ac.uk> At 06:20 19/05/2003, you wrote: >Hi > >Could I please have an indication if the snippert below >would work for a ruleset setting different scores for the >'Required SpamAssassin Score' ? > >If not, I'd appreciate an example. > > (I'd like a different value for Staff and Pupils) > >FromTo staffmember1@ 5 >FromTo staffmember2@ 5 >FromTo default 3.9 > >Cheers! >Hendrik Should work just fine. You might want to make it slightly clearer by making the entries staffmember1@* -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 19 09:43:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:11 2006 Subject: MailScanner 4.21-6 Repeated Start In-Reply-To: <1053294800.3ec800d0c4a53@its.muw.edu> References: <5.2.1.1.2.20030518220244.04229e10@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517174916.024dceb8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030517195256.04095008@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030518220244.04229e10@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030519094122.03ec2a40@imap.ecs.soton.ac.uk> At 22:53 18/05/2003, you wrote: >Is this normal in 4.21-6? No. For some reason it is refusing to start. Does your maillog show anything else useful? If you stop all the MailScanner processes, set "Debug = yes" in MailScanner.conf, and then run the check_MailScanner command what does it say? >Mail traffic is fine as far as I can tell ... This is on RH9, Postfix, MS >4.21-6 >combination. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon May 19 09:50:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:11 2006 Subject: Silence Object and IFrame In-Reply-To: <03051910351801.12446@prezzemolo.polito.it> Message-ID: <5.2.1.1.2.20030519095016.03ed1e68@imap.ecs.soton.ac.uk> At 09:35 19/05/2003, you wrote: >Is there a way, in MailScanner.conf, to suppress the warning messages that >are sent when a message HTML Object (or Iframe, if enabled) is blocked? > >I mean, besides editing the code in SweepContent.pm as suggested by Julian in >a message last January. I was thinking to a string to be added to the list of >Silent Viruses. Not at the moment. Is this a big problem? What does anyone else think? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From munafo at PREZZEMOLO.POLITO.IT Mon May 19 10:07:40 2003 From: munafo at PREZZEMOLO.POLITO.IT (Maurizio Matteo Munafo') Date: Thu Jan 12 21:18:11 2006 Subject: Silence Object and IFrame In-Reply-To: <5.2.1.1.2.20030519095016.03ed1e68@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030519095016.03ed1e68@imap.ecs.soton.ac.uk> Message-ID: <03051911074004.12446@prezzemolo.polito.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 19 May 2003 10:50, Julian Field wrote: > At 09:35 19/05/2003, you wrote: > >Is there a way, in MailScanner.conf, to suppress the warning messages that > >are sent when a message HTML Object (or Iframe, if enabled) is blocked? > > > >I mean, besides editing the code in SweepContent.pm as suggested by Julian > > in a message last January. I was thinking to a string to be added to the > > list of Silent Viruses. > > Not at the moment. Is this a big problem? What does anyone else think? For me the problem is that several blocked Object warnings are for dead or fake addresses, so they are immediately rejected (and I receive the error message), or they are from almost legit mailing lists, so I suppose they really do not care for the warnings I generate. Editing the code is not a big issue (I noticed that the instructions are already there, commented), besides the fact that I should/must remember to re-edit it at every upgrade. Regards, Maurizio - -- ______ / Maurizio M. Munafo' / dMMMMMMMMb dMMMMb / Dip. di Elettronica - Politecnico di Torino / dMP"dMP"dMP "dMP / Corso Duca degli Abruzzi 24 / dMP dMP dMP dMMK" / I-10129 Torino (Italia) / dMP dMP dMP dMF / Tel: +39 011 5644128 Fax: +39 011 5644099 / dMP dMP dMP dMMMMP" / E-mail: munafo@polito.it /__________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+yJ7ctgCCNnfQWWkRAnGFAKCKY5vyJ9l29/rUejEDVQAHhE2ByQCgsMqi 5rBnscuzXNQAkD//EHGbz1E= =fdCk -----END PGP SIGNATURE----- From mailscanner at ecs.soton.ac.uk Mon May 19 10:15:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:11 2006 Subject: Silence Object and IFrame In-Reply-To: <03051911074004.12446@prezzemolo.polito.it> References: <5.2.1.1.2.20030519095016.03ed1e68@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030519095016.03ed1e68@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030519101316.03f03bf0@imap.ecs.soton.ac.uk> At 10:07 19/05/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Monday 19 May 2003 10:50, Julian Field wrote: > > At 09:35 19/05/2003, you wrote: > > >Is there a way, in MailScanner.conf, to suppress the warning messages that > > >are sent when a message HTML Object (or Iframe, if enabled) is blocked? > > > > > >I mean, besides editing the code in SweepContent.pm as suggested by Julian > > > in a message last January. I was thinking to a string to be added to the > > > list of Silent Viruses. > > > > Not at the moment. Is this a big problem? What does anyone else think? > >For me the problem is that several blocked Object warnings are for dead or >fake addresses, so they are immediately rejected (and I receive the error >message), or they are from almost legit mailing lists, so I suppose they >really do not care for the warnings I generate. > >Editing the code is not a big issue (I noticed that the instructions are >already there, commented), besides the fact that I should/must remember to >re-edit it at every upgrade. Here is a nicer patch: --- SweepContent.pm 2003-05-18 16:25:28.000000000 +0100 +++ SweepContent.pm.new 2003-05-19 10:12:31.000000000 +0100 @@ -280,7 +280,7 @@ my($message, $id, $filename, $allowiframes, $allowobjects, $stripdangerous) = @_; - my($fh, $counter); + my($fh, $counter, $silentviruses); $counter = 0; $fh = new FileHandle; if ($fh->open("$filename")) { @@ -308,6 +308,12 @@ $inobject = 0 if /\<\/object/i; } $fh->close(); + + # Get this so we can set the silent flag if they don't want reports + # about IGrames or Object-Codebases + $silentviruses = ' ' . MailScanner::Config::Value('silentviruses', + $message) . ' '; + if ($iframefound) { # Log the