From MAILER-DAEMON at roadrunner.ecs.soton.ac.uk Mon Apr 5 21:00:07 2004 From: MAILER-DAEMON at roadrunner.ecs.soton.ac.uk (Mail System Internal Data) Date: Thu Jan 12 21:20:48 2006 Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA Message-ID: <1081195207@roadrunner.ecs.soton.ac.uk> This text is part of the internal format of your mail folder, and is not a real message. It is created automatically by the mail system software. If deleted, important folder data will be lost, and it will be re-created with the data reset to initial values. From postmaster at uk.insight.com Thu Apr 1 08:42:48 2004 From: postmaster at uk.insight.com (MailScanner) Date: Thu Jan 12 21:24:10 2006 Subject: Warning: Unacceptable E-mail content detected Message-ID: <200404010742.i317gmm4031487@mail2.uk.insight.com> Our email protection system has just been triggered by a message you sent:- To: noel.donovan@uk.insight.com Subject: Re: Re: Re: Your document Date: Thu Apr 1 08:42:47 2004 One or more of the attachments (document_4351.pif) are on the list of unacceptable attachments for this site and will not have been delivered. Consider renaming files in such a way that they cannot be easily or automatically executed without first saving the file from the e-mail. The email protection system reported this about the message: Report: MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (document_4351.pif) MailScanner: : No programs allowed (document_4351.pif) -- MailScanner Email Virus Scanner www.mailscanner.info From maillist at COMPUTER-MEDIC.US Thu Apr 1 00:00:15 2004 From: maillist at COMPUTER-MEDIC.US (David Shaw) Date: Thu Jan 12 21:24:11 2006 Subject: Memory Usage {Scanned} In-Reply-To: References: <406AF89A.70805@stl.rural.usda.gov> Message-ID: <20040331225746.M76774@ke6upi.com> I thought the same thing, but Ricks comment are correct. Here is my output. Look at the 2nd line under free. I have 781256 free. 12-9-14-103 rules]# free total used free shared buffers cached Mem: 1030908 977196 53712 0 215396 512148 -/+ buffers/cache: 249652 781256 Swap: 2040244 23628 2016616 David -- Open WebMail Project (http://openwebmail.org) ---------- Original Message ----------- From: Kai Schaetzl To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thu, 1 Apr 2004 00:36:59 +0200 Subject: Re: Memory Usage {Scanned} > Rob Burtelow wrote on Wed, 31 Mar 2004 10:58:02 -0600: > > > I'm running MailScanner on a RedHat ES 3 box and having problems with > > really high memory usage, almost to the point of running out. > > > > Apart from Ricks comment, even if you *had* a memory problem there's > nothing in your posted data which would indicate that Mailscanner causes > the problem. > > Kai > > -- > > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > Please contact support@computer-medic.us if you have > questions about this email. ------- End of Original Message ------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. Please contact support@computer-medic.us if you have questions about this email. From mike at CAMAROSS.NET Thu Apr 1 00:30:01 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:11 2006 Subject: Logging recipient? In-Reply-To: <01ed01c41771$4a595bd0$0201a8c0@PCHOMEJORINN> Message-ID: <200403312326.i2VNQYn0017706@avwall.bladeware.com> You might suggest this to the developers of MailWatch as a feature request. They already have quite a few nice reports. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of J?rn-Morten Innselset > Sent: Wednesday, March 31, 2004 4:41 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Logging recipient? > > That's already in there, and all it gives is the recipient > _domain_, not the user part: > > Message 9366 from 194.19.1.186 (ramarshall@voyager.net) to > kjentfolk.no is spam, SpamAssassin (score=28.018, required 6, > autolearn=spam, BANG_EXERCISE 2.94, BANG_GUARANTEE 1.00, > BAYES_99 5.40, CLICK_BELOW_CAPS 0.50, GUARANTEED_STUFF 2.30 > > > And the virus scanners (f-prot and clamav) doesn't log the > recipient at all. > > jmi > > > ----- Original Message ----- > From: "Ugo Bellavance" > To: > Sent: Thursday, April 01, 2004 12:13 AM > Subject: Re: Logging recipient? > > > > >-----Message d'origine----- > >De : J?rn-Morten Innselset > [mailto:jorn-morten.innselset@BANETELE.COM] > >Envoy? : 31 mars, 2004 16:54 > >? : MAILSCANNER@JISCMAIL.AC.UK > >Objet : Re: Logging recipient? > > > > > >The recipient - I would like to extract a report on how many > >messages I have > >blocked per user. Does this info appear in your maillog by default? > > > > Check this setting in MailScanner.conf > > # Do you want all spam to be logged? Useful if you want to gather > # spam statistics from your logs, but can increase the system > load quite > # a bit if you get a lot of spam. > Log Spam = yes > > I think virus activity is logged by default. > > Ugo > > >jmi > > > > > >----- Original Message ----- > >From: "Mike Kercher" > >To: > >Sent: Wednesday, March 31, 2004 10:10 PM > >Subject: Re: Logging recipient? > > > > > > > >Sender or recipient? I wouldn't trust the sender these days! > > > >My systems log all that info...may take a little digging to get to it > >though. > > > >Mike > > > > > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of J?rn-Morten > >Innselset > >> Sent: Wednesday, March 31, 2004 1:50 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Logging recipient? > >> > >> Is there an easy way to enable logging of the full email > >> address of infected/spam messages to syslog? > >> > >> jmi > >> > > > From pete at eatathome.com.au Thu Apr 1 00:46:17 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:11 2006 Subject: Caching DNS Message-ID: <406B5849.7020600@eatathome.com.au> HI there, slightly OT, but i want to use a caching name server on Free BSD. In Red Hat this was simple as apt-getting the caching name server package. In FreeBSD there are heaps of options in ports, one of them being rbldnsd - name server designed for RBLs - since this server is a Scanning gateway only - is there any point going for somethign specific like this, or just use named and put my old caching config in there ? Is there any other RBL/DNS kit worth looking into ? Thanks Pete From maillist at COMPUTER-MEDIC.US Thu Apr 1 00:54:50 2004 From: maillist at COMPUTER-MEDIC.US (David Shaw) Date: Thu Jan 12 21:24:11 2006 Subject: Caching DNS {Scanned} In-Reply-To: <406B5849.7020600@eatathome.com.au> References: <406B5849.7020600@eatathome.com.au> Message-ID: <20040331235017.M72525@ke6upi.com> Do want to cache or do a zone transfer? If you just want to cache then your dns server should cache the return until the TTL has beed reached. David -- Open WebMail Project (http://openwebmail.org) ---------- Original Message ----------- From: Pete To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thu, 1 Apr 2004 09:46:17 +1000 Subject: Caching DNS {Scanned} > HI there, slightly OT, but i want to use a caching name server on > Free BSD. In Red Hat this was simple as apt-getting the caching name > server package. > > In FreeBSD there are heaps of options in ports, one of them being > rbldnsd - name server designed for RBLs - since this server is a > Scanning gateway only - is there any point going for somethign specific > like this, or just use named and put my old caching config in there ? > > Is there any other RBL/DNS kit worth looking into ? > > Thanks > Pete > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > Please contact support@computer-medic.us if you have > questions about this email. ------- End of Original Message ------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. Please contact support@computer-medic.us if you have questions about this email. From msteudel at PANICWARE.COM Thu Apr 1 01:05:47 2004 From: msteudel at PANICWARE.COM (Mark Steudel) Date: Thu Jan 12 21:24:11 2006 Subject: Looking for sample log of MailScanner filtering spam In-Reply-To: <200404010003.i3103JD27768@ripley.powerserving.com> Message-ID: <200404010005.i3105hD27975@ripley.powerserving.com> Hi All, I was wondering if someone could post a sample log of theirs showing MailScannr filtering a spa message. I've enabled spam checking and it doesn't seem to be filtering any spam. But I'm expecting different results than what happen ... Thanks, Mark From msteudel at PANICWARE.COM Thu Apr 1 01:22:58 2004 From: msteudel at PANICWARE.COM (Mark Steudel) Date: Thu Jan 12 21:24:11 2006 Subject: Looking for sample log of MailScanner filtering spam In-Reply-To: <200404010005.i3105hD27975@ripley.powerserving.com> Message-ID: <200404010022.i310MsD29308@ripley.powerserving.com> Ok that was a very poorly worded email ... I apologize. I've actually checked some of our accounts that get tons of spam, and they are being flagged correctly! You don't know how exciting this is :) A different question. I tried at one point to make it so that emails flagged as virus weren't delivered, but it seemed that the mail scanner kept dying ... Any known gotchas? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mark Steudel Sent: Wednesday, March 31, 2004 4:06 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Looking for sample log of MailScanner filtering spam Hi All, I was wondering if someone could post a sample log of theirs showing MailScannr filtering a spa message. I've enabled spam checking and it doesn't seem to be filtering any spam. But I'm expecting different results than what happen ... Thanks, Mark From ssl at AHSC.ARIZONA.EDU Thu Apr 1 01:35:03 2004 From: ssl at AHSC.ARIZONA.EDU (shanna leonard) Date: Thu Jan 12 21:24:11 2006 Subject: Check SpamAssassin If On Spam List -RBL setup. In-Reply-To: <6.0.1.1.2.20040327115454.03e6ae00@imap.ecs.soton.ac.uk> References: <406483C9.8070702@ahsc.arizona.edu> <6.0.1.1.2.20040327115454.03e6ae00@imap.ecs.soton.ac.uk> Message-ID: <406B63B7.1060205@ahsc.arizona.edu> Thanks! Julian Field wrote: > At 19:26 26/03/2004, you wrote: > >> >> >> I am confused about the following comments in MailScanner.conf: >> >> # If a message appears in at least this number of "Spam Lists" (as >> defined >> # above), then the message will be treated as "High Scoring Spam" and so >> # the "High Scoring Spam Actions" will happen.... >> Spam Lists To Reach High Score = 2 >> >> # If the message sender is on any of the Spam Lists, do you still want >> # to do the SpamAssassin checks? Setting this to "no" will reduce the >> load >> # on your server, but will stop the High Scoring Spam Actions from ever >> # happening. >> # This can also be the filename of a ruleset. >> Check SpamAssassin If On Spam List = yes >> >> >> the two coments seem to contradict each other. > > > Oops, my mistake. The first comment is correct, the 2nd one isn't. > >> If I set >> "Check SpamAsssassin If on Spam List = no" then will messages whose >> MTA >> 's IP was found by Mailscanner >> on 2 RBL's be treated as High Scoring spam or not? > > > They will be treated as High Scoring spam. > > Got any better suggestions for the 2nd comment? um. well. I would If I knew what it did :) does it impact High Scoring Spam Actions ever? how about: #If the message sender is on the number of Spam Lists (RBL's) specified in: #"Spam Lists To Reach High Score", # do you still want # to do the SpamAssassin checks? Setting this to "no" will reduce the load # on your server. # This can also be the filename of a ruleset. Check SpamAssassin If On Spam List = yes is the above accurate? I am still unclear on the action of these parameters: i.e. whether it only takes one spam list hit to activate the parameter "Check SpamAssassin If On Spam List" > > > > > >> - >> -- >> ---- >> MHO >> --- >> shanna leonard >> arizona health sciences library >> 626-2923 >> ---------------------------------- > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- ---- MHO --- shanna leonard arizona health sciences library 626-2923 ---------------------------------- From gdoris at ROGERS.COM Thu Apr 1 02:20:09 2004 From: gdoris at ROGERS.COM (Gerry Doris) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification In-Reply-To: References: Message-ID: On Tue, 30 Mar 2004, Rose, Bobby wrote: > I've been using milter-sender with sendmail for quite awhile to do this > with good success. > > http://www.snert.com/Software/milter-sender/ > > But it still won't stop a spammer or virus from using a valid email > address but will stop bogus ones. It also can do some other checks on > the sending system. I've been having trouble getting this work. Specifically I'm having problems with how to define the milter-socket. I assume I need to add Milter-Socket=/var/lib/milter-sender/socket in sendmail.mc somehow? I've copied the sample milter-sender.mc into sendmail.mc and rebuilt sendmail.cf. The default INPUT_MAIL_FILTER macro specifies /var/lib/milter-sender/socket. Do I create an empty file called socket in /var/lib/milter-sender? If so, who should own it and what should be the permissions? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mike at CAMAROSS.NET Thu Apr 1 02:36:47 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification In-Reply-To: Message-ID: <200404010133.i311XKn0029009@avwall.bladeware.com> I had some difficulty too, but got it figured out: In milter-sender.cf (next to last line): MilterSocket=unix:/var/lib/milter-sender/socket # (REQUIRED) the sendmail/milter socket type & name; see INPUT_MAIL_FILTER I also changed this line: MailLogDetail=4 so I could see it working. service start milter-sender service MailScanner restart tail -f /var/log/maillog Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gerry Doris > Sent: Wednesday, March 31, 2004 7:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sendmail Sender Verification > > On Tue, 30 Mar 2004, Rose, Bobby wrote: > > > I've been using milter-sender with sendmail for quite awhile to do > > this with good success. > > > > http://www.snert.com/Software/milter-sender/ > > > > But it still won't stop a spammer or virus from using a valid email > > address but will stop bogus ones. It also can do some > other checks on > > the sending system. > > I've been having trouble getting this work. Specifically I'm > having problems with how to define the milter-socket. I > assume I need to add > Milter-Socket=/var/lib/milter-sender/socket in sendmail.mc somehow? > > I've copied the sample milter-sender.mc into sendmail.mc and > rebuilt sendmail.cf. The default INPUT_MAIL_FILTER macro > specifies /var/lib/milter-sender/socket. Do I create an > empty file called socket in /var/lib/milter-sender? If so, > who should own it and what should be the permissions? > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > From pete at eatathome.com.au Thu Apr 1 02:42:40 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:11 2006 Subject: MailScanner load testing advice Message-ID: <406B7390.8090607@eatathome.com.au> My colleague has written a small PHP script that will send a bunch of messages to my mailscanner machine. I was going to try and see how many i can send it before it starts complaining (eg 1000s, 10000s 1000000s etc) since my mailscanner machine and other test machine are both on the same lan. I have used the details from this test - but i wonder how stressful it is on MailScanner recieving the same email over and over ? as long as it triggers spam ruiles then its providing some stress? http://hyvatti.iki.fi/~jaakko/spam/unkillable.txt BUT i need to set up the output to go nowhere - how do i send a legit email/spam, let it get scanned and placed back in the postfix incoming queue, but not delivered, just deleted? I am using the single postfix and freebsd. If there a way, if i specificied an alias pointed at dev/null in the aliases file and emailed alias@localhost ? What is the best way to do this? Thanks Pete From csm-lists at CSMA.BIZ Thu Apr 1 03:06:19 2004 From: csm-lists at CSMA.BIZ (Corey S. McFadden) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification In-Reply-To: <200404010133.i311XKn0029009@avwall.bladeware.com> References: <200404010133.i311XKn0029009@avwall.bladeware.com> Message-ID: <6.0.0.22.0.20040331210012.03678b90@localhost> Am I understanding the flow properly here? mqueue.in > MailScanner & SpamAssassin > Sendmail Address Verification > Delivery Maybe an easier question is this: Does the High Scoring Spam Action happen BEFORE address verification is tried? Thanks, -Corey -- Corey S. McFadden McFadden Associates, Technology Consultants c@csma.biz - main +1.215.689.4984 - www.csma.biz ********************************************* This message has been scanned for viruses and dangerous content, and is believed to be clean. From mike at CAMAROSS.NET Thu Apr 1 03:07:43 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:11 2006 Subject: "prioritize" traffic with MailScanner? In-Reply-To: Message-ID: <200404010204.i3124Gn0031187@avwall.bladeware.com> I have 5 queues on my boxen and MailScanner does the sorting for me via ruleset. For mailing lists (which are announce only), I disable virus AND spam checks via rulesets. I just excluded the From: address for these checks. I have weekly mailings that go out to 15K+ people in about an hour. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ron E. > Sent: Wednesday, March 31, 2004 3:50 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: "prioritize" traffic with MailScanner? > > Dear All, > > I'm wondering if someone already knows how to do this or has > thought of it. I have run into a situation where occasionally > I'll have a user that sends out of a lot of mail such as a > newsletter to a bunch of subscribers or some such. Bounces > inevitably occur after such a mailing and MailScanner > inevitably gets backlogged. > > My idea for this is some type of ruleset where mail inbound > for a certain list of addresses gets "low priority" and as > such is put aside in favor of all the other traffic until the > server is not as busy. > > Would be interested in any thoughts on how to do this. > > Regards, > > Ron > From brose at MED.WAYNE.EDU Thu Apr 1 03:17:27 2004 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification Message-ID: It's sendmail milter. All MTA related stuff happens before MailScanner. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Corey S. McFadden Sent: Wednesday, March 31, 2004 9:06 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sendmail Sender Verification Am I understanding the flow properly here? mqueue.in > MailScanner & SpamAssassin > Sendmail Address Verification > Delivery Maybe an easier question is this: Does the High Scoring Spam Action happen BEFORE address verification is tried? Thanks, -Corey -- Corey S. McFadden McFadden Associates, Technology Consultants c@csma.biz - main +1.215.689.4984 - www.csma.biz ********************************************* This message has been scanned for viruses and dangerous content, and is believed to be clean. From mike at CAMAROSS.NET Thu Apr 1 03:18:57 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification In-Reply-To: <6.0.0.22.0.20040331210012.03678b90@localhost> Message-ID: <200404010215.i312FUn0031947@avwall.bladeware.com> It works more like this: Incoming SMTP Connection --> milter-sender --> verification --> verification passed --> mqueue.in --> MailScanner --> sendmail --> LDA verification failed --> SMTP connection rejected Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Corey S. McFadden > Sent: Wednesday, March 31, 2004 8:06 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sendmail Sender Verification > > Am I understanding the flow properly here? > mqueue.in > MailScanner & SpamAssassin > Sendmail > Address Verification > Delivery > > Maybe an easier question is this: Does the High Scoring Spam > Action happen BEFORE address verification is tried? > > Thanks, > -Corey > > > -- > Corey S. McFadden > McFadden Associates, Technology Consultants c@csma.biz - main > +1.215.689.4984 - www.csma.biz > > > > ********************************************* > This message has been scanned for viruses and dangerous > content, and is believed to be clean. > From mike at CAMAROSS.NET Thu Apr 1 03:23:56 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification In-Reply-To: <6.0.0.22.0.20040331210012.03678b90@localhost> Message-ID: <200404010220.i312KTn0032378@avwall.bladeware.com> Here's a failed verification: Mar 31 20:16:57 avwall sendmail[32022]: i312Gtn0032022: Milter: from=, reject=550 5.7.1 HELO 66.98.142.95 claims to be us 'avwall.bladeware.com' [66.98.142.95], but the connection [61.40.103.200] is not from us Mar 31 20:16:57 avwall sendmail[32022]: i312Gtn0032022: from=, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[61.40.103.200] or this: Mar 31 20:18:52 avwall milter-sender[17881]: i312Ijn0032232: enter mxCallBack() Mar 31 20:18:52 avwall milter-sender[17881]: i312Ijn0032232: opening DNS connections Mar 31 20:18:52 avwall milter-sender[17881]: i312Ijn0032232: DnsGetMailServers(8067d68, 'birdalone.com') Mar 31 20:18:52 avwall milter-sender[17881]: i312Ijn0032232: closing DNS connections Mar 31 20:18:52 avwall milter-sender[17881]: i312Ijn0032232: trying MX 10 'mail.nethere.net.' [66.63.128.69] for Mar 31 20:18:52 avwall milter-sender[17881]: i312Ijn0032232: exit mxCallBack() rc=0 Mar 31 20:18:53 avwall sendmail[32232]: i312Ijn0032232: ruleset=check_rcpt, arg1=, relay=adsl-68-249-104-173.dsl.ipltin.ameritech.net [68.249.104.173], reject=553 5.3.0 Mar 31 20:18:54 avwall sendmail[32232]: i312Ijn0032232: from=, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=adsl-68-249-104-173.dsl.ipltin.ameritech.net [68.249.104.173] Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Corey S. McFadden > Sent: Wednesday, March 31, 2004 8:06 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sendmail Sender Verification > > Am I understanding the flow properly here? > mqueue.in > MailScanner & SpamAssassin > Sendmail > Address Verification > Delivery > > Maybe an easier question is this: Does the High Scoring Spam > Action happen BEFORE address verification is tried? > > Thanks, > -Corey > > > -- > Corey S. McFadden > McFadden Associates, Technology Consultants c@csma.biz - main > +1.215.689.4984 - www.csma.biz > > > > ********************************************* > This message has been scanned for viruses and dangerous > content, and is believed to be clean. > From csm-lists at CSMA.BIZ Thu Apr 1 03:24:21 2004 From: csm-lists at CSMA.BIZ (Corey S. McFadden) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification In-Reply-To: <200404010215.i312FUn0031947@avwall.bladeware.com> References: <6.0.0.22.0.20040331210012.03678b90@localhost> <200404010215.i312FUn0031947@avwall.bladeware.com> Message-ID: <6.0.0.22.0.20040331212131.03675fa0@localhost> Got it. The reason I ask is that we publish high scoring spam info from around a dozen servers into our public DNSBL (bl.csma.biz) and don't want to throw away a lot of valuable data. I'll probably end up hacking milter to push the IP rejections into our DB. Anyhow, thanks for the responses. -Corey At 09:18 PM 3/31/2004, you wrote: >It works more like this: > >Incoming SMTP Connection --> milter-sender --> verification --> > verification passed --> mqueue.in --> MailScanner --> sendmail --> >LDA > verification failed --> SMTP connection rejected > >Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Corey S. McFadden > > Sent: Wednesday, March 31, 2004 8:06 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Sendmail Sender Verification > > > > Am I understanding the flow properly here? > > mqueue.in > MailScanner & SpamAssassin > Sendmail > > Address Verification > Delivery > > > > Maybe an easier question is this: Does the High Scoring Spam > > Action happen BEFORE address verification is tried? > > > > Thanks, > > -Corey > > > > > > -- > > Corey S. McFadden > > McFadden Associates, Technology Consultants c@csma.biz - main > > +1.215.689.4984 - www.csma.biz > > > > > > > > ********************************************* > > This message has been scanned for viruses and dangerous > > content, and is believed to be clean. > > > >********************************************* >This message has been scanned for viruses and >dangerous content, and is believed to be clean. -- Corey S. McFadden McFadden Associates, Technology Consultants c@csma.biz - main +1.215.689.4984 - www.csma.biz ********************************************* This message has been scanned for viruses and dangerous content, and is believed to be clean. From msteudel at PANICWARE.COM Thu Apr 1 04:17:40 2004 From: msteudel at PANICWARE.COM (Mark Steudel) Date: Thu Jan 12 21:24:11 2006 Subject: Clarification regarding "Content Modify Subject" Message-ID: <200404010317.i313HZ611077@ripley.powerserving.com> I was wondering if someone could clarify for me the purpose for tagging the subject line for "Content Modify Subject". My first idea is that this helps keep up with new malicious code that has been updated to get around virus filtering. --- config in question ---- # If an attachment triggered a content check, but there was nothing # else wrong with the message, do you want to modify the subject line? # This makes filtering in Outlook very easy. # This can also be the filename of a ruleset. Content Modify Subject = yes # This is the text to add to the start of the subject if the # "Content Modify Subject" option is set. # You might want to change this so your users can see at a glance # whether it just was just the content that MailScanner rejected. # This can also be the filename of a ruleset. Content Subject Text = {Blocked Content} I see this randomly and I'm not sure what is triggering it. Recently I got a Outlook 2003 meeting request with a word document attached that triggered it. What could potentially happen if I turned this off? What are the benefits to having this on? Thanks, Mark From egil at WEBDEAL.NO Thu Apr 1 04:42:34 2004 From: egil at WEBDEAL.NO (Egil Fujikawa Nes - Webdeal AS) Date: Thu Jan 12 21:24:11 2006 Subject: Clarification regarding "Content Modify Subject" In-Reply-To: <200404010317.i313HZ611077@ripley.powerserving.com> Message-ID: <000b01c4179b$60208450$0a0a150a@laptopegil> Hi I can?t see any reason to turn this off. For our customers it is important to know if we have been removing attachments etc. that you easily can see from the subject. This Outlook 2003 meeting request is a problem with Mailscanner. It simply can?t scan trough the .msg file that is attached. What I had to do to let this messages pass was to change the ?Deliver Unparsable TNEF? parameter in MailScanner.conf from no to yes. # Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway? # Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this. # We are working on a replacement for the TNEF decoder. # This can also be the filename of a ruleset. As long as I can see, this is the only way to solve this problem with Outlook 2003 meeting requests. Best regards Egil Fujikawa Nes WebDeal AS - Teknologiveien 22 - 2815 Gj?vik - NORWAY Phone: +47 61 13 16 50 - Fax: +47 61 13 16 51 E-mail: post@webdeal.no - URL: www.webdeal.no -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mark Steudel Sent: 1. april 2004 05:18 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Clarification regarding "Content Modify Subject" I was wondering if someone could clarify for me the purpose for tagging the subject line for "Content Modify Subject". My first idea is that this helps keep up with new malicious code that has been updated to get around virus filtering. --- config in question ---- # If an attachment triggered a content check, but there was nothing # else wrong with the message, do you want to modify the subject line? # This makes filtering in Outlook very easy. # This can also be the filename of a ruleset. Content Modify Subject = yes # This is the text to add to the start of the subject if the # "Content Modify Subject" option is set. # You might want to change this so your users can see at a glance # whether it just was just the content that MailScanner rejected. # This can also be the filename of a ruleset. Content Subject Text = {Blocked Content} I see this randomly and I'm not sure what is triggering it. Recently I got a Outlook 2003 meeting request with a word document attached that triggered it. What could potentially happen if I turned this off? What are the benefits to having this on? Thanks, Mark From egil at WEBDEAL.NO Thu Apr 1 04:48:50 2004 From: egil at WEBDEAL.NO (Egil Fujikawa Nes - Webdeal AS) Date: Thu Jan 12 21:24:11 2006 Subject: Hardware issue on 1 000 000 mail a day Message-ID: <000c01c4179c$405dc280$0a0a150a@laptopegil> Hi We are planning to buy new hardware to our Mailscanner system. Today we have two P4 2,2 GHz with 512 MB memory and normal 200 GB IDE harddisk drives. We are only running Mailscanner with all the modules and F-prot antivirus on these servers. Normally we handle 25 to 35 k with mails everyday without any problem. The servers are located on two different locations in Norway and host around 1000 domains together. It is 500 with each server as primary MX and the other as secondary. This system is working very well, if one server is down the other one is taking all the mail and normally it is not more then 4.00 in load on the server and 2 minute mail queue. We are running everything on FreeBSD 5.2 and Postfix. What we have seen more and more often is that we (or our customers) are getting flooded by spam. Yesterday we got almost 1 000 000 spam messages from more then 50 000 IP addresses. This is a big problem and our servers are working and working but it take long time to process everything. We normally stop mail with header_check in postfix when this happen, but this time we know that it also was coming was very important for the customer so we couldn?t stop all the mail for this domain buy header_check. Lately we have been using many Dual AMD Optiron servers that works very well on many things, but we have also some problems with some applications like frontpage extension and some PHP accelerators. Have any body experience with FreeBSD and Mailscanner on amd64 systems ? And where should we put the money on the hardware. Disk, memory or CPU ? I?m interested to hear from other that face the same problem, how do you solve it ? Best regards Egil Fujikawa Nes WebDeal AS - Teknologiveien 22 - 2815 Gj?vik - NORWAY Phone: +47 61 13 16 50 - Fax: +47 61 13 16 51 E-mail: post@webdeal.no - URL: www.webdeal.no -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040401/d8e4943c/attachment.html From ugob at CAMO-ROUTE.COM Thu Apr 1 05:00:11 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:11 2006 Subject: MailScanner load testing advice Message-ID: <54C38A0B814C8E438EF73FC76F362927410B45@mtlnt501fs.CAMOROUTE.COM> >-----Message d'origine----- >De : Pete [mailto:pete@eatathome.com.au] >Envoy? : 31 mars, 2004 20:43 >? : MAILSCANNER@JISCMAIL.AC.UK >Objet : MailScanner load testing advice > > >My colleague has written a small PHP script that will send a bunch of >messages to my mailscanner machine. I was going to try and see how many >i can send it before it starts complaining (eg 1000s, 10000s 1000000s >etc) since my mailscanner machine and other test machine are >both on the >same lan. > >I have used the details from this test - but i wonder how stressful it >is on MailScanner recieving the same email over and over ? as >long as it >triggers spam ruiles then its providing some stress? >http://hyvatti.iki.fi/~jaakko/spam/unkillable.txt > >BUT i need to set up the output to go nowhere - how do i send a legit >email/spam, let it get scanned and placed back in the postfix incoming >queue, but not delivered, just deleted? I am using the single postfix >and freebsd. If there a way, if i specificied an alias pointed at >dev/null in the aliases file and emailed alias@localhost ? What is the >best way to do this? I think this is the best way. Or if it is a test server, you can put both spam actions and high scoring spam actions to delete or store, but no deliver. > > > >Thanks >Pete > From ugob at CAMO-ROUTE.COM Thu Apr 1 05:16:49 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:11 2006 Subject: Clarification regarding "Content Modify Subject" Message-ID: <54C38A0B814C8E438EF73FC76F362927410B47@mtlnt501fs.CAMOROUTE.COM> >-----Message d'origine----- >De : Mark Steudel [mailto:msteudel@PANICWARE.COM] >Envoy? : 31 mars, 2004 22:18 >? : MAILSCANNER@JISCMAIL.AC.UK >Objet : Clarification regarding "Content Modify Subject" > > >I was wondering if someone could clarify for me the purpose >for tagging the >subject line for "Content Modify Subject". My first idea is >that this helps >keep up with new malicious code that has been updated to get >around virus >filtering. > >--- config in question ---- ># If an attachment triggered a content check, but there was nothing ># else wrong with the message, do you want to modify the subject line? ># This makes filtering in Outlook very easy. ># This can also be the filename of a ruleset. >Content Modify Subject = yes > ># This is the text to add to the start of the subject if the ># "Content Modify Subject" option is set. ># You might want to change this so your users can see at a glance ># whether it just was just the content that MailScanner rejected. ># This can also be the filename of a ruleset. >Content Subject Text = {Blocked Content} > >I see this randomly and I'm not sure what is triggering it. >Recently I got a >Outlook 2003 meeting request with a word document attached >that triggered >it. > >What could potentially happen if I turned this off? >What are the benefits to having this on? You must set this on if you want to know it has been identified as "dangerous content". The management of false positive are something else. (your meeting request being identified as dangerous content) > > >Thanks, Mark > From ugob at CAMO-ROUTE.COM Thu Apr 1 05:22:33 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:11 2006 Subject: Hardware issue on 1 000 000 mail a day Message-ID: <54C38A0B814C8E438EF73FC76F362927410B48@mtlnt501fs.CAMOROUTE.COM> -----Message d'origine----- De : Egil Fujikawa Nes - Webdeal AS [mailto:egil@WEBDEAL.NO] Envoy? : 31 mars, 2004 22:49 ? : MAILSCANNER@JISCMAIL.AC.UK Objet : Hardware issue on 1 000 000 mail a day Hi We are planning to buy new hardware to our Mailscanner system. Today we have two P4 2,2 GHz with 512 MB memory and normal 200 GB IDE harddisk drives. We are only running Mailscanner with all the modules and F-prot antivirus on these servers. Normally we handle 25 to 35 k with mails everyday without any problem. The servers are located on two different locations in Norway and host around 1000 domains together. It is 500 with each server as primary MX and the other as secondary. This system is working very well, if one server is down the other one is taking all the mail and normally it is not more then 4.00 in load on the server and 2 minute mail queue. We are running everything on FreeBSD 5.2 and Postfix. What we have seen more and more often is that we (or our customers) are getting flooded by spam. Yesterday we got almost 1 000 000 spam messages from more then 50 000 IP addresses. This is a big problem and our servers are working and working but it take long time to process everything. We normally stop mail with header_check in postfix when this happen, but this time we know that it also was coming was very important for the customer so we couldn't stop all the mail for this domain buy header_check. Lately we have been using many Dual AMD Optiron servers that works very well on many things, but we have also some problems with some applications like frontpage extension and some PHP accelerators. Have any body experience with FreeBSD and Mailscanner on amd64 systems ? And where should we put the money on the hardware. Disk, memory or CPU ? I'm interested to hear from other that face the same problem, how do you solve it ? Please avoid HTML in posts, use plain-text. You probably lack memory. 512 MB is very low with your volume It probably begins swapping. Memory is the first thing to put money in with MailScanner. Julian got 1.4 Million messages/day on a dual 2.4 Xeon with 2 GB RAM. I invite you to read the MAQ I'm working on right now, (www.routier.org/ms.htm), especially the section on optimisation http://www.routier.org/ms.htm#optimize. Best regards Egil Fujikawa Nes WebDeal AS - Teknologiveien 22 - 2815 Gj?vik - NORWAY Phone: +47 61 13 16 50 - Fax: +47 61 13 16 51 E-mail: post@webdeal.no - URL: www.webdeal.no From Karl.Bailey at LANDMARK-INFORMATION.CO.UK Thu Apr 1 06:33:37 2004 From: Karl.Bailey at LANDMARK-INFORMATION.CO.UK (Karl Bailey) Date: Thu Jan 12 21:24:11 2006 Subject: Memory Usage {Scanned} Message-ID: <8937CEE03A742F43B172CF9016813B933FC28D@exmx01.corp.edrlandmark.net> I've run MailScanner with sendmail for over a year, hasn't gone wrong once, I always upgrade to latest version. Mail gets past through spam assassin & three virus scanners, it started life on a 2Ghz dual xeon machine with 1 Gbyte ram running RH7.3, it now lives on a 3Ghz dual xeon with 2Gbytes ram under RH9.0. I also manage a remote mailscanner in a small office RH8.0 single 1100Mhz PIII with 512MBytes ram.. Same results! The machines are dedicated & no gui is running, it's a very trimmed down install. My memory usage is through the roof all the time, never drops below 90% of physical memory used, this was first seen using snmp, I got interested & ran mailscanner-mrtg both show the same thing.. Memory usage through the roof. I can attach the mem graph if you wish.. But my point is... There seems to be no problem with this machines are solid, but I am interested in why the memory usage is so high, I figured I'd claw some of the memory back when upgrading the machine to 2Gbyte of ram but it seems as much of the memory is grabbed as possible by MailScanner. Regards Karl Bailey Systems Administrator -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Shaw Sent: 01 April 2004 00:00 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Memory Usage {Scanned} I thought the same thing, but Ricks comment are correct. Here is my output. Look at the 2nd line under free. I have 781256 free. 12-9-14-103 rules]# free total used free shared buffers cached Mem: 1030908 977196 53712 0 215396 512148 -/+ buffers/cache: 249652 781256 Swap: 2040244 23628 2016616 David -- Open WebMail Project (http://openwebmail.org) ---------- Original Message ----------- From: Kai Schaetzl To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thu, 1 Apr 2004 00:36:59 +0200 Subject: Re: Memory Usage {Scanned} > Rob Burtelow wrote on Wed, 31 Mar 2004 10:58:02 -0600: > > > I'm running MailScanner on a RedHat ES 3 box and having problems > > with really high memory usage, almost to the point of running out. > > > > Apart from Ricks comment, even if you *had* a memory problem there's > nothing in your posted data which would indicate that Mailscanner > causes the problem. > > Kai > > -- > > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > Please contact support@computer-medic.us if you have questions about > this email. ------- End of Original Message ------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. Please contact support@computer-medic.us if you have questions about this email. From mike at CAMAROSS.NET Thu Apr 1 06:58:05 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:11 2006 Subject: Memory Usage {Scanned} In-Reply-To: <8937CEE03A742F43B172CF9016813B933FC28D@exmx01.corp.edrlandmark.net> Message-ID: <200404010554.i315scn0014212@avwall.bladeware.com> My understanding is that this is normal behavior. The kernel releases memory as it is needed. Output of free on 2 of my machines: $ free total used free shared buffers cached Mem: 1548284 1457620 90664 0 131196 782980 -/+ buffers/cache: 543444 1004840 Swap: 1044216 47660 996556 # free total used free shared buffers cached Mem: 1022796 944676 78120 0 188224 341936 -/+ buffers/cache: 414516 608280 Swap: 2048276 170856 1877420 Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Karl Bailey > Sent: Wednesday, March 31, 2004 11:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Memory Usage {Scanned} > > I've run MailScanner with sendmail for over a year, hasn't > gone wrong once, I always upgrade to latest version. Mail > gets past through spam assassin & three virus scanners, it > started life on a 2Ghz dual xeon machine with 1 Gbyte ram > running RH7.3, it now lives on a 3Ghz dual xeon with 2Gbytes > ram under RH9.0. I also manage a remote mailscanner in a > small office RH8.0 single 1100Mhz PIII with 512MBytes ram.. > Same results! The machines are dedicated & no gui is running, > it's a very trimmed down install. > > My memory usage is through the roof all the time, never drops > below 90% of physical memory used, this was first seen using > snmp, I got interested & ran mailscanner-mrtg both show the > same thing.. Memory usage through the roof. I can attach the > mem graph if you wish.. But my point is... There seems to be > no problem with this machines are solid, but I am interested > in why the memory usage is so high, I figured I'd claw some > of the memory back when upgrading the machine to 2Gbyte of > ram but it seems as much of the memory is grabbed as possible > by MailScanner. > > Regards > Karl Bailey > Systems Administrator > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Shaw > Sent: 01 April 2004 00:00 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Memory Usage {Scanned} > > I thought the same thing, but Ricks comment are correct. > > Here is my output. Look at the 2nd line under free. I have > 781256 free. > 12-9-14-103 rules]# free > total used free shared > buffers cached > Mem: 1030908 977196 53712 0 > 215396 512148 > -/+ buffers/cache: 249652 781256 > Swap: 2040244 23628 2016616 > > > David > -- > Open WebMail Project (http://openwebmail.org) > > > ---------- Original Message ----------- > From: Kai Schaetzl > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Thu, 1 Apr 2004 00:36:59 +0200 > Subject: Re: Memory Usage {Scanned} > > > Rob Burtelow wrote on Wed, 31 Mar 2004 10:58:02 -0600: > > > > > I'm running MailScanner on a RedHat ES 3 box and having problems > > > with really high memory usage, almost to the point of running out. > > > > > > > Apart from Ricks comment, even if you *had* a memory > problem there's > > nothing in your posted data which would indicate that Mailscanner > > causes the problem. > > > > Kai > > > > -- > > > > Kai Sch?tzl, Berlin, Germany > > Get your web at Conactive Internet Services: > http://www.conactive.com > > IE-Center: http://ie5.de & http://msie.winware.org > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > MailScanner thanks transtec Computers for their support. > > Please contact support@computer-medic.us if you have > questions about > > this email. > ------- End of Original Message ------- > > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > Please contact support@computer-medic.us if you have > questions about this email. > From mike-sender-1ed4e7 at zanker.org Thu Apr 1 07:11:46 2004 From: mike-sender-1ed4e7 at zanker.org (Mike Zanker) Date: Thu Jan 12 21:24:11 2006 Subject: Logging recipient? In-Reply-To: <200403312326.i2VNQYn0017706@avwall.bladeware.com> References: <200403312326.i2VNQYn0017706@avwall.bladeware.com> Message-ID: <262285171.1080803506@jemima.zanker.org> On 31 March 2004 17:30 -0600 Mike Kercher wrote: > You might suggest this to the developers of MailWatch as a feature > request. They already have quite a few nice reports. Just installing MailWatch should be enough. You can then write a script to extract and process all the spam entries from the database. Mike. From smilga at MIKROTIK.COM Thu Apr 1 07:22:40 2004 From: smilga at MIKROTIK.COM (Martins Smilga) Date: Thu Jan 12 21:24:11 2006 Subject: Deliver unifected virus References: <54C38A0B814C8E438EF73FC76F362927410B0D@mtlnt501fs.CAMOROUTE.COM> Message-ID: <047a01c417b1$bbe2cdf0$6508050a@martinsss> Hello, Well it is viruse. I forwarded once more and log say the same. I try set Deliver Disinfected Files = no May there us other option where I can set to not deliver Disinfected? Best regards, Martins Smilga ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Tuesday, March 30, 2004 4:42 PM Subject: RE : Deliver unifected virus > > -----Message d'origine----- > > De : Martins Smilga [mailto:smilga@MIKROTIK.COM] > > Envoy? : 30 mars, 2004 08:09 > > ? : MAILSCANNER@JISCMAIL.AC.UK > > Objet : Deliver unifected virus > > > > > > Hello, > > > > How can I turn off that mailscanner not deliver uninfected virus? > > It probably delivered a notice, not the virus. Check with the user or test it yourself. > > > > > Mar 30 15:57:51 scanermail MailScanner[28348]: Virus > > Scanning: ClamAV Module > > found 1 infections > > Mar 30 15:57:51 scanermail MailScanner[28348]: Virus Scanning: Found 1 > > viruses > > Mar 30 15:57:51 scanermail MailScanner[28348]: Uninfected: Delivered 1 > > messages > > > > > > Best regards, > > Martins Smilga > > > From shrek-m at GMX.DE Thu Apr 1 07:30:18 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:24:11 2006 Subject: AV Engine Licence In-Reply-To: <019701c4176f$5c5b9110$c8fe010a@lsplaptop1> References: <0B646CB9C2952C46B0E819F6C42DA5DB19E911@lkl61.ltkalmar.se> <019701c4176f$5c5b9110$c8fe010a@lsplaptop1> Message-ID: <406BB6FA.2000908@gmx.de> Jim Robinson wrote: >I have over 12 mail servers with MailScanner installed and ClamAV catches >more than Sophos. > > and your sophos is always up2date ? clamav has a lot of false_positive, see below >Just my zero cents worth (As ClamAV is free) > >I would stick with ClamAV, sleep easy and have more budget left to spend. > > i could not sleep very well with your suggestion ;-) http://www.tekit.de/tekit-aktuelles.html http://www.tekit.de/pdf/testbericht_tekit-v7.pdf catched in_the_wild_viruses in the lab and via email: gmx.de + sophos = 100% 1und1.de + symantec = 100% web.de + clamav = 55% freenet.de + clamav = 55% short-summary: clamav as only av-solution is *not* recommended clamav has a lot of false_positive >Having said that, you still need good AV on the desktops unless you remove >all CD/DVD and Floppy drives and ban all external email and webmail access. >Even then it might be an idea to ban users on them too as you'll still find >some chump who can get a virus frorm a web page. :) > >Anyway, joking aside, even with the best AV on your mail server your >desktops still need good AV at the desktop level as well. A decent IDS on >the network perimeter (Snort) really helps with Virus issues but I'm getting >off topic! > > -- shrek-m From linux at KMUN.GOV.KW Thu Apr 1 07:37:48 2004 From: linux at KMUN.GOV.KW (Simon Something) Date: Thu Jan 12 21:24:11 2006 Subject: queries abt mailscanner MRTG In-Reply-To: <1080542586.7294.21.camel@bach.kevinspicer.co.uk> References: <1080542586.7294.21.camel@bach.kevinspicer.co.uk> Message-ID: <1255.62.215.250.85.1080801468.squirrel@webmail.baladia.gov.kw> hi all, i ammailscanner running on red hat linux 8 and also have a MRTG for mail scanner but i see something in the mailscanner graph i am confused 1) the 2nd graph SPAM IDENDIFIED DAILY GRAPH SAYS: Current spam caught(total) 139 messages cureent Spam caught by MTA rules 0.0 messages i have in MS.conf files for spam actions to rebounce does this mean that my users are gettin the spam but i do see in maillog that action is rebounce do i have to have any other rules and the second graph SPAM RATIO DAILY GRAPH shows me current total spam 99.0 percent curent spam blocked by MTA 0.0 percent appreciate if you can help me and let me know about this also if i have to change any entries in the MS.conf file let me know the link to my MRTG mailscanner is http://maillog.baladia.gov.kw/ thanks and appreciate simon From Jan-Peter.Koopmann at SECEIDOS.DE Thu Apr 1 07:53:31 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:11 2006 Subject: Caching DNS Message-ID: On Thursday, April 01, 2004 1:46 AM Pete wrote: > Is there any other RBL/DNS kit worth looking into ? Look at tinydns/dnscache. Dnscache is a simple caching server, pretty fast and very secure. Regards, Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Senior Engineer -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de From Jan-Peter.Koopmann at SECEIDOS.DE Thu Apr 1 07:56:17 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:11 2006 Subject: FreeBSD ports Message-ID: On Thursday, April 01, 2004 12:23 AM Pete wrote: > I am about to go live with my first FreeBSD machine, I used > the devel branch of the mailscanner port. > > When the beta/devel branch turns into a final/release product > - does that mean the last of the betas is now one release > behind? So to have the latest version, would have to switch > from mailscanner-devel to mailscanner ? You should then switch from mailscanner-devel to mailscanner. But that really is as simple as cd /usr/ports/mail/mailscanner-devel make uninstall cd /usr/ports/mail/mailscanner make install > If the above is true, then would it be possible to release a > new beta relase, maybe for the next 'series'/release number > so both versions are current ? In theory: yes. But keep in mind that it usually takes the FreeBSD folks a few days to commit a new port. 4.29.5 took about 1 1/2 weeks. I can usually push the main releases a bit. Therefore: Change to stable once the new version is out. Regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Senior Engineer -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de From kevins at BMRB.CO.UK Thu Apr 1 07:57:51 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:11 2006 Subject: AV Engine Licence In-Reply-To: <406BB6FA.2000908@gmx.de> References: <0B646CB9C2952C46B0E819F6C42DA5DB19E911@lkl61.ltkalmar.se> <019701c4176f$5c5b9110$c8fe010a@lsplaptop1> <406BB6FA.2000908@gmx.de> Message-ID: <1080802670.17785.11.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-01 at 07:30, shrek-m@gmx.de wrote: > catched in_the_wild_viruses in the lab and via email: > gmx.de + sophos = 100% > 1und1.de + symantec = 100% > web.de + clamav = 55% > freenet.de + clamav = 55% > short-summary: > clamav as only av-solution is *not* recommended > clamav has a lot of false_positive These tests have been discussed on the clamav list. The long and the short of it is that these are not truly independent tests. In the wild doesn't necessarily mean spreading. The clamav folks have tried to gain access to GMX's list of samples, but haven't been sucessful (aparently both Symantec and Sophos do have access). It stands to reason that any AV will have signatures for all viruses available to its signature writers. Its therefore not particularly fair to judge the performance of three AV engines against a list that two of them have access to, My real world experience (running those three scanners with MailScanner) is that Clam occaisionally misses things, but so do Sophos and Symantec, On one of the recent outbreaks clam was 12hrs ahead of Sophos and 14 ahead of Symantec with a signature - clam was responsible for catching around 100 viruses that day whilst the commercial vendors were getting their act together. Ther have been problems with false positives, but these were mostly on macro viruses. Until recently Clam lacked an OLE2 unpacker - but that has now been rectified. I've also found the clam team very responsive at removing/ correcting false positives as and when they appear. All that said, I would still echo your advice to run a second scanner - but not because Clam isn't good, because no vendor is perfect so using multiple vendors spreads the risk. Desktop anti-virus (ideally another different brand) is also a must. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From Jan-Peter.Koopmann at SECEIDOS.DE Thu Apr 1 07:57:26 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:11 2006 Subject: queries abt mailscanner MRTG Message-ID: On Thursday, April 01, 2004 8:38 AM Simon Something wrote: > does this mean that my users are gettin the spam but i do see > in maillog that action is rebounce do i have to have any other rules No it means that your MTA is not catching "spam", e.g. via RBL lookups. Regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Senior Engineer -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de From kevins at BMRB.CO.UK Thu Apr 1 08:04:53 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:11 2006 Subject: queries abt mailscanner MRTG In-Reply-To: <1255.62.215.250.85.1080801468.squirrel@webmail.baladia.gov.kw> References: <1080542586.7294.21.camel@bach.kevinspicer.co.uk> <1255.62.215.250.85.1080801468.squirrel@webmail.baladia.gov.kw> Message-ID: <1080803093.17777.18.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-01 at 07:37, Simon Something wrote: > but i see something in the mailscanner graph i am confused > > 1) the 2nd graph SPAM IDENDIFIED DAILY GRAPH SAYS: > > Current spam caught(total) 139 messages > cureent Spam caught by MTA rules 0.0 messages > > i have in MS.conf files for spam actions to rebounce > > does this mean that my users are gettin the spam but i do see in maillog > that action is rebounce > do i have to have any other rules No, all it means is that MailScanner found spam, the graph does not care what happens to that spam. BTW please do not bounce spam, its pointless and an irritation for the innocent senders who have had their addresses forged. > > and the second graph > > SPAM RATIO DAILY GRAPH > > shows me > > current total spam 99.0 percent > curent spam blocked by MTA 0.0 percent You have a very low traffic server, therefore in any five minute period (particularly overnight) its possible that all mail received in a period is all spam, your graph shows this fluctuating wildly, which is what I would expect with a low mail throughput. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From raymond at PROLOCATION.NET Thu Apr 1 08:09:11 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:11 2006 Subject: Sendmail Sender Verification In-Reply-To: <6.0.0.22.0.20040331212131.03675fa0@localhost> Message-ID: Hi! > Got it. The reason I ask is that we publish high scoring spam info from > around a dozen servers into our public DNSBL (bl.csma.biz) and don't > want to throw away a lot of valuable data. I'll probably end up hacking > milter to push the IP rejections into our DB. Anyhow, thanks for the > responses. I DO hope you are detecting multihop spam, since if you list directly high spam IP's you will block a shitload of legit ISPs, but hy, its your blacklist :) Rather then that do for example proxy checking on the IP's you find and submit them to a regular list, like DSBL. Bye, Raymond. From Karl.Bailey at LANDMARK-INFORMATION.CO.UK Thu Apr 1 08:29:42 2004 From: Karl.Bailey at LANDMARK-INFORMATION.CO.UK (Karl Bailey) Date: Thu Jan 12 21:24:11 2006 Subject: Memory Usage {Scanned} Message-ID: <8937CEE03A742F43B172CF9016813B933FC28E@exmx01.corp.edrlandmark.net> Why do none of my other Linux boxes behave in this manner then such as DNS servers Web servers running very memory intensive processing via jboss ... All of these show spikes of usage up to 100% but none are constant 90% & above usage of physical memory.. As I say this is not a problem & the whole system is rock solid... Just very curious. Regrds Karl -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: 01 April 2004 06:58 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Memory Usage {Scanned} My understanding is that this is normal behavior. The kernel releases memory as it is needed. Output of free on 2 of my machines: $ free total used free shared buffers cached Mem: 1548284 1457620 90664 0 131196 782980 -/+ buffers/cache: 543444 1004840 Swap: 1044216 47660 996556 # free total used free shared buffers cached Mem: 1022796 944676 78120 0 188224 341936 -/+ buffers/cache: 414516 608280 Swap: 2048276 170856 1877420 Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Karl Bailey > Sent: Wednesday, March 31, 2004 11:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Memory Usage {Scanned} > > I've run MailScanner with sendmail for over a year, hasn't gone wrong > once, I always upgrade to latest version. Mail gets past through spam > assassin & three virus scanners, it started life on a 2Ghz dual xeon > machine with 1 Gbyte ram running RH7.3, it now lives on a 3Ghz dual > xeon with 2Gbytes ram under RH9.0. I also manage a remote mailscanner > in a small office RH8.0 single 1100Mhz PIII with 512MBytes ram.. > Same results! The machines are dedicated & no gui is running, it's a > very trimmed down install. > > My memory usage is through the roof all the time, never drops below > 90% of physical memory used, this was first seen using snmp, I got > interested & ran mailscanner-mrtg both show the same thing.. Memory > usage through the roof. I can attach the mem graph if you wish.. But > my point is... There seems to be no problem with this machines are > solid, but I am interested in why the memory usage is so high, I > figured I'd claw some of the memory back when upgrading the machine to > 2Gbyte of ram but it seems as much of the memory is grabbed as > possible by MailScanner. > > Regards > Karl Bailey > Systems Administrator > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Shaw > Sent: 01 April 2004 00:00 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Memory Usage {Scanned} > > I thought the same thing, but Ricks comment are correct. > > Here is my output. Look at the 2nd line under free. I have > 781256 free. > 12-9-14-103 rules]# free > total used free shared > buffers cached > Mem: 1030908 977196 53712 0 > 215396 512148 > -/+ buffers/cache: 249652 781256 > Swap: 2040244 23628 2016616 > > > David > -- > Open WebMail Project (http://openwebmail.org) > > > ---------- Original Message ----------- > From: Kai Schaetzl > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Thu, 1 Apr 2004 00:36:59 +0200 > Subject: Re: Memory Usage {Scanned} > > > Rob Burtelow wrote on Wed, 31 Mar 2004 10:58:02 -0600: > > > > > I'm running MailScanner on a RedHat ES 3 box and having problems > > > with really high memory usage, almost to the point of running out. > > > > > > > Apart from Ricks comment, even if you *had* a memory > problem there's > > nothing in your posted data which would indicate that Mailscanner > > causes the problem. > > > > Kai > > > > -- > > > > Kai Sch?tzl, Berlin, Germany > > Get your web at Conactive Internet Services: > http://www.conactive.com > > IE-Center: http://ie5.de & http://msie.winware.org > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > MailScanner thanks transtec Computers for their support. > > Please contact support@computer-medic.us if you have > questions about > > this email. > ------- End of Original Message ------- > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > Please contact support@computer-medic.us if you have questions about > this email. > From mike.norton at JOBSITE.CO.UK Thu Apr 1 08:55:14 2004 From: mike.norton at JOBSITE.CO.UK (Mike Norton) Date: Thu Jan 12 21:24:11 2006 Subject: mailwatch Message-ID: <49301F35FCFD3844B7091986F6584DDA37113B@sesma6pc.gjnet.jobsite.co.uk> Hi, Just wondered if anyone had used MailWatch (http://sourceforge.net/projects/mailwatch/) before ? if so how well does it perform on a fairly busy server ? Thanks Mike From Jan-Peter.Koopmann at SECEIDOS.DE Thu Apr 1 09:00:23 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:11 2006 Subject: mailwatch Message-ID: On Thursday, April 01, 2004 9:55 AM Mike Norton wrote: > Just wondered if anyone had used MailWatch > (http://sourceforge.net/projects/mailwatch/) before ? > > if so how well does it perform on a fairly busy server ? PLEASE search the archives. MailWatch is quite a common topic. Moreover it has its own mailing list. I use MailWatch on all of our servers and it performs pretty well. On the other hand most of my servers have a 10K e-mails max so its not really a challenge. Regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer / COO -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de From mailscanner at SMITS.CO.UK Thu Apr 1 09:27:07 2004 From: mailscanner at SMITS.CO.UK (MailScanner) Date: Thu Jan 12 21:24:12 2006 Subject: how to monitor mailscanner is running Message-ID: <58696C94787F16468267F3509F115030077022@hermes.clumpton.homeip.net> Check out the startin and startout options for the MS script. They allow you to select which sendmail is running. Bart... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Rudd Posted At: 31 March 2004 22:10 Posted To: MailScanner Conversation: how to monitor mailscanner is running Subject: Re: how to monitor mailscanner is running Julian Field wrote: > > If MailScanner stops, no mail should flow at all. Again, I disagree. There have been many times where I want sendmail or CGP to keep running while mailscanner is stopped, or visa-versa. The "monolithic mailscanner rc script" just makes this a pain. (for example, there have been times where a mail server has been flooded, so I take its incoming sendmail offline, while leaving the outgoing sendmail and mailscanner running, so that it can clear out the mqueue.in, while the other smtp servers keep incoming mail flowing) (another example, on my sendmail machines I want to change mailscanner without interrupting the SMTP service; or, on the CGP machines, I want to change mailscanner without interrupting IMAP, POP, or WebMail service, which are all part of CGP in addition to SMTP) If MailScanner stops, it should not _necessarily_ change whether or not you are receiving mail in mqueue.in. It should definitely not change whether or not your 2nd sendmail (the -q15m one) is running. If the MTA stops, it should also not necessarily change whether or not MailScanner is running. From mailscanner at ecs.soton.ac.uk Thu Apr 1 09:26:34 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: MailScanner load testing advice In-Reply-To: <406B7390.8090607@eatathome.com.au> References: <406B7390.8090607@eatathome.com.au> Message-ID: <6.0.1.1.2.20040401092211.03f9d530@imap.ecs.soton.ac.uk> At 02:42 01/04/2004, you wrote: >My colleague has written a small PHP script that will send a bunch of >messages to my mailscanner machine. I was going to try and see how many >i can send it before it starts complaining (eg 1000s, 10000s 1000000s >etc) since my mailscanner machine and other test machine are both on the >same lan. > >I have used the details from this test - but i wonder how stressful it >is on MailScanner recieving the same email over and over ? as long as it >triggers spam ruiles then its providing some stress? >http://hyvatti.iki.fi/~jaakko/spam/unkillable.txt Ideally you want to send different mail, a real life sample of your mail traffic is best. I keep a little archive of 500,000 recent messages for doing this. I have blatted all the sender and recipient addresses to "anonymous" in the envelope data so that it can't leak out. All the mail servers on my site have "anonymous" aliased to "/dev/null" so every other mail server here will throw it away (my test leaked out once and I learnt the hard way!). I then set up the MTA on the test server to send all the mail to a separate named server which runs a little "smtpsinkd" script I wrote which implements just enough SMTP to fool a mail server into thinking it is talking to a real MTA. It throws away all data sent to it. So the tests involve 3 machines: 1) SMTP mail generator 2) test server you are interested in 3) SMTP sink If you want the smtpsinkd script, I have attached it to this message. >BUT i need to set up the output to go nowhere - how do i send a legit >email/spam, let it get scanned and placed back in the postfix incoming >queue, but not delivered, just deleted? I am using the single postfix >and freebsd. If there a way, if i specificied an alias pointed at >dev/null in the aliases file and emailed alias@localhost ? What is the >best way to do this? > > > >Thanks >Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smtpsinkd Type: application/octet-stream Size: 2677 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040401/f5718e36/smtpsinkd.obj -------------- next part -------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Thu Apr 1 09:16:33 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: "prioritize" traffic with MailScanner? In-Reply-To: References: Message-ID: <6.0.1.1.2.20040401091504.06b83f18@imap.ecs.soton.ac.uk> At a very simple level, you can use a ruleset to calculate the outgoing queue dir and put some addresses in 1 queue and some in another. Run a MTA queue runner on each of the queues so that deliveries are retried, and you can put a much slower time interval on the queue runner that is handling the mailing list outbound traffic. At 22:49 31/03/2004, you wrote: >Dear All, > >I'm wondering if someone already knows how to do this or has thought of >it. I have run into a situation where occasionally I'll have a user that >sends out of a lot of mail such as a newsletter to a bunch of subscribers >or some such. Bounces inevitably occur after such a mailing and >MailScanner inevitably gets backlogged. > >My idea for this is some type of ruleset where mail inbound for a certain >list of addresses gets "low priority" and as such is put aside in favor of >all the other traffic until the server is not as busy. > >Would be interested in any thoughts on how to do this. > >Regards, > >Ron -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Thu Apr 1 09:44:39 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: Hardware issue on 1 000 000 mail a day In-Reply-To: <000c01c4179c$405dc280$0a0a150a@laptopegil> References: <000c01c4179c$405dc280$0a0a150a@laptopegil> Message-ID: <6.0.1.1.2.20040401094409.06b83dd0@imap.ecs.soton.ac.uk> I've got a dual Opteron box on the way to me right now, for 6 weeks. Give me a shout off-list in a week or two and I'll tell you how I'm getting on. At 04:48 01/04/2004, you wrote: >Hi > >We are planning to buy new hardware to our Mailscanner system. Today we >have two P4 2,2 GHz with 512 MB memory and normal 200 GB IDE harddisk >drives. We are only running Mailscanner with all the modules and F-prot >antivirus on these servers. Normally we handle 25 to 35 k with mails >everyday without any problem. The servers are located on two different >locations in Norway and host around 1000 domains together. It is 500 with >each server as primary MX and the other as secondary. This system is >working very well, if one server is down the other one is taking all the >mail and normally it is not more then 4.00 in load on the server and 2 >minute mail queue. We are running everything on FreeBSD 5.2 and Postfix. > >What we have seen more and more often is that we (or our customers) are >getting flooded by spam. Yesterday we got almost 1 000 000 spam messages >from more then 50 000 IP addresses. This is a big problem and our servers >are working and working but it take long time to process everything. We >normally stop mail with header_check in postfix when this happen, but this >time we know that it also was coming was very important for the customer >so we couldn?t stop all the mail for this domain buy header_check. > >Lately we have been using many Dual AMD Optiron servers that works very >well on many things, but we have also some problems with some applications >like frontpage extension and some PHP accelerators. Have any body >experience with FreeBSD and Mailscanner on amd64 systems ? And where >should we put the money on the hardware. Disk, memory or CPU ? I?m >interested to hear from other that face the same problem, how do you solve it ? > > >Best regards >Egil Fujikawa Nes > >WebDeal AS - Teknologiveien 22 - 2815 Gj?vik - NORWAY > >Phone: +47 61 13 16 50 - Fax: +47 61 13 16 51 >E-mail: post@webdeal.no - URL: >www.webdeal.no > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Thu Apr 1 09:19:19 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: MS stops working randomly In-Reply-To: <01a101c4176f$c03cdf40$c8fe010a@lsplaptop1> References: <200403311603.51620.jacques@monaco.net> <01a101c4176f$c03cdf40$c8fe010a@lsplaptop1> Message-ID: <6.0.1.1.2.20040401091834.03d22c50@imap.ecs.soton.ac.uk> A while ago a timeout was added to the ClamAV autoupdate script so this problem can't happen. Check you don't have any clamav-autoupdate.rpmnew scripts kicking around in /usr/lib/MailScanner. At 23:30 31/03/2004, you wrote: >Hi, > >When it quits, do a this: >ps aux | grep clam > >I sometimes get a hung ClamAV update script that seems to hold the whole >thing up. I recently updated to a more recent version of MailScanner & >ClamAV and I have yet to see the problem again. In fact, in the dim past >of my memory I seem to recall a bug reported about this but then maybe not. >Anyway, check your running processes and look for a hung update. > >Jim >----- Original Message ----- >From: "Jacques Caruso" >To: >Sent: Wednesday, March 31, 2004 9:04 AM >Subject: MS stops working randomly > > > > Hi, > > > > I've still an ongoing problem with MS. Sometimes, MS just stops > > processing mail (it doesn't die, the threads just idle), causing a > > bottleneck in the mail queue -- and it can be very big if I don't happen > > to notice that MS has gone on vacation. It happened again yesterday, you > > can see the result at > > >ml>. > > Note that once it happens, MS never restarts, the decrease after > > midnight is due to this line I put in the crontab as a precaution some > > time ago : > > > > 30 0 * * * /etc/init.d/mailscanner restart >&>/dev/null > > > > Does someone else has seen this problem ? FYI, my current MS config is > > like this (only lines modified from the default Debian configuration are > > listed) : > > > > %report-dir% = /etc/MailScanner/reports/fr > > %org-name% = Internix > > Max Children = 5 > > Run As User = postfix > > Run As Group = postfix > > Incoming Queue Dir = /var/spool/postfix.in/deferred > > Outgoing Queue Dir = /var/spool/postfix/incoming > > MTA = postfix > > Sendmail = /usr/sbin/sendmail > > Sendmail2 = /usr/sbin/sendmail > > Deliver Unparsable TNEF = yes > > File Command = /usr/bin/file > > Virus Scanners = clamav > > Virus Scanner Timeout = 40 > > Allow Password-Protected Archives = yes > > Allow Partial Messages = yes > > Allow External Message Bodies = yes > > Allow IFrame Tags = yes > > Allow Object Codebase Tags = yes > > Quarantine Whole Message = yes > > Information Header = X-%org-name%-MailScanner-Information: > > Spam Score Character = * > > Information Header Value = See for >details > > Hostname = sceuzi.monaco.net > > Scanned Subject Text = [SCANNED] > > Virus Subject Text = [VIRUS] > > Filename Subject Text = [FILENAME] > > Content Subject Text = [BLOCKED CONTENT] > > Spam Subject Text = [SPAM] > > High Scoring Spam Subject Text = [SPAM] > > Attachment Encoding Charset = ISO-8859-15 > > Notices Include Full Headers = yes > > Notices To = postmaster@monaco.net > > Local Postmaster = postmaster@monaco.net > > Max SpamAssassin Size = 65536 > > Required SpamAssassin Score = 1 > > High SpamAssassin Score = 3 > > Always Include SpamAssassin Report = yes > > Log Speed = yes > > Log Spam = yes > > > > If it can help, I can try to extract the MailScanner logs around the > > time the problem happened, but I never found anything suspicious in > > there (the main clue about this is precisely that MS threads stop > > logging)... > > > > Cheers, > > -- > > [ Jacques Caruso D?veloppeur PHP ] > > [ Monaco Internet http://monaco-internet.mc/ ] > > [ T?l : (+377) 93 10 00 43 Cl? PGP : 0x41F5C63D ] > > [ -*- Look behind you! A three-headed monkey!--Guybrush Threepwood -*- ] -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Thu Apr 1 09:47:16 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: Deliver unifected virus In-Reply-To: <047a01c417b1$bbe2cdf0$6508050a@martinsss> References: <54C38A0B814C8E438EF73FC76F362927410B0D@mtlnt501fs.CAMOROUTE.COM> <047a01c417b1$bbe2cdf0$6508050a@martinsss> Message-ID: <6.0.1.1.2.20040401094520.06b6c900@imap.ecs.soton.ac.uk> MailScanner has a distinction between "Cleaned" and "Disinfected". Disinfected ---- only possible to do this with document macro viruses. Real removal of the virus from the attachment, while leaving the attachment itself totally intact. Very few macro viruses around these days, so you probably want to leave this switched off. Cleaned ---- what you can do to any virus, i.e. just remove the entire attachment from the message and replace it with a text file saying what went wrong. I suspect the option you are looking for is Deliver Cleaned Messages = no At 07:22 01/04/2004, you wrote: >Hello, > >Well it is viruse. I forwarded once more and log say the same. > >I try set Deliver Disinfected Files = no >May there us other option where I can set to not deliver Disinfected? > > >Best regards, >Martins Smilga > >----- Original Message ----- >From: "Ugo Bellavance" >To: >Sent: Tuesday, March 30, 2004 4:42 PM >Subject: RE : Deliver unifected virus > > > > > -----Message d'origine----- > > > De : Martins Smilga [mailto:smilga@MIKROTIK.COM] > > > Envoy? : 30 mars, 2004 08:09 > > > ? : MAILSCANNER@JISCMAIL.AC.UK > > > Objet : Deliver unifected virus > > > > > > > > > Hello, > > > > > > How can I turn off that mailscanner not deliver uninfected virus? > > > > It probably delivered a notice, not the virus. Check with the user or >test it yourself. > > > > > > > > Mar 30 15:57:51 scanermail MailScanner[28348]: Virus > > > Scanning: ClamAV Module > > > found 1 infections > > > Mar 30 15:57:51 scanermail MailScanner[28348]: Virus Scanning: Found 1 > > > viruses > > > Mar 30 15:57:51 scanermail MailScanner[28348]: Uninfected: Delivered 1 > > > messages > > > > > > > > > Best regards, > > > Martins Smilga > > > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Thu Apr 1 09:20:41 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: Black List From: UserA To: UserB {Scanned} In-Reply-To: <20040331225151.M49431@ke6upi.com> References: <20040331170201.M38728@ke6upi.com> <6.0.1.1.2.20040331180745.03da9258@imap.ecs.soton.ac.uk> <003701c41747$06c04fc0$3601a8c0@cnpapers.net> <6.0.1.1.2.20040331184243.04035b50@imap.ecs.soton.ac.uk> <006301c4174a$a5dc1820$3601a8c0@cnpapers.net> <6.0.1.1.2.20040331191529.03b1c1b8@imap.ecs.soton.ac.uk> <061501c41754$c454ccc0$3601a8c0@cnpapers.net> <20040331225151.M49431@ke6upi.com> Message-ID: <6.0.1.1.2.20040401092003.03d23340@imap.ecs.soton.ac.uk> Define "bounce". If you actually mean "forward" or "redirect" then you can specify email addresses in the "Archive Mail" setting. Combine that with a ruleset and you're away. At 23:55 31/03/2004, you wrote: >Julian, Well I upgraded and that worked great. Thanks for the help. Now would >have any ideas on this. :) I would like to bounce mail from userA to userB? I >saw the bounce rules but I just played around with it and don't understand it. > >Thanks, David > > > >-- >Open WebMail Project (http://openwebmail.org) > > >---------- Original Message ----------- >From: Stephe Campbell >To: MAILSCANNER@JISCMAIL.AC.UK >Sent: Wed, 31 Mar 2004 14:17:10 -0500 >Subject: Re: Black List From: UserA To: UserB {Scanned} > > > Mr. Field, > > > > I, too, am grateful for the response. Cloudiness does not always > > hang around my head, believe it or not, but I have been using the > > wrong format since the FromAndTo came out (FromAndTo: plus two > > addresses plus a yes or no). There was never a complaint in the logs. > > > > As always, thank you for the fine program and quick responses. > > > > Steve Campbell > > campbell@cnpapers.com > > Charleston Newspapers > > > > ----- Original Message ----- > > From: "Julian Field" > > To: > > Sent: Wednesday, March 31, 2004 1:17 PM > > Subject: Re: Black List From: UserA To: UserB {Scanned} > > > > > At 19:04 31/03/2004, you wrote: > > > >Mr. Field or anybody, > > > > > > > >I hate to be so cloudy, but when did the From: .... and To: .... come > > into > > > >being? > > > > > > 4.26.8. > > > > > > > And what is the difference, then between the two (FromAndTo: and the > > > >"From: ... and To: ...). Is there restrictions on where they can be > > used? > > > > > > FromAndTo: only takes 1 address. It is used for catching internal mail, > > e.g. > > > FromAndTo: domain1.com no > > > It will catch mail which is going from domain1.com to domain1.com. > > > > > > condition and condition > > > obviously takes 2 addresses. So you can catch mail going from 1 domain to > > a > > > different domain, for example. > > > > > > You should be able to use either one in any ruleset. > > > > > > > > > >Thank you very much. > > > > > > > > > > > >Steve Campbell > > > >campbell@cnpapers.com > > > >Charleston Newspapers > > > > > > > > > > > >----- Original Message ----- > > > >From: "Julian Field" > > > >To: > > > >Sent: Wednesday, March 31, 2004 12:43 PM > > > >Subject: Re: Black List From: UserA To: UserB {Scanned} > > > > > > > > > > > > > At 18:38 31/03/2004, you wrote: > > > > > >Oops, > > > > > > > > > > > >what I meant was: > > > > > > > > > > > >Is this right? How does this differ from > > > > > > > > > > > >FromAndTo: UserA@domain.com UserB@2nd.domain.com yes > > > > > > > > > > That doesn't work. > > > > > > > > > > >and is this also a solution? > > > > > > > > > > No. > > > > > > > > > > > > > > > >Sorry for the quick finger. > > > > > > > > > > > >Steve Campbell > > > > > >campbell@cnpapers.com > > > > > >Charleston Newspapers > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > >From: "Julian Field" > > > > > >To: > > > > > >Sent: Wednesday, March 31, 2004 12:08 PM > > > > > >Subject: Re: Black List From: UserA To: UserB {Scanned} > > > > > > > > > > > > > > > > > > > At 18:04 31/03/2004, you wrote: > > > > > > > >Hello All, Question. Can I black list a internal user from > > sending an > > > > > >email to > > > > > > > >a signal address/User? > > > > > > > > > > > > > > > >Black-list > > > > > > > >From: spam@spam.com yes > > > > > > > >From: UserA@domain.com To: UserB@2nd.domain.com yes > > > > > > > > > > > > > > > >I know this doesn't work but is there a way? Any Ideas? > > > > > > > > > > > > > > You are almost there, just put > > > > > > > From: UserA@domain.com and To: UserB@2nd.domain.com yes > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Thanks, David > > > > > > > > > > > > > > > > > > > > > > > >Open WebMail Project (http://openwebmail.org) > > > > > > > > > > > > > > > > > > > > > > > >-- > > > > > > > >This message has been scanned for viruses and > > > > > > > >dangerous content by MailScanner, and is > > > > > > > >believed to be clean. > > > > > > > >MailScanner thanks transtec Computers for their support. > > > > > > > >Please contact support@computer-medic.us if you have > > > > > > > >questions about this email. > > > > > > > > > > > > > > -- > > > > > > > Julian Field > > > > > > > www.MailScanner.info > > > > > > > Professional Support Services at www.MailScanner.biz > > > > > > > MailScanner thanks transtec Computers for their support > > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > > -- > > > > > Julian Field > > > > > www.MailScanner.info > > > > > Professional Support Services at www.MailScanner.biz > > > > > MailScanner thanks transtec Computers for their support > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > Professional Support Services at www.MailScanner.biz > > > MailScanner thanks transtec Computers for their support > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > Please contact support@computer-medic.us if you have > > questions about this email. >------- End of Original Message ------- > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. >Please contact support@computer-medic.us if you have >questions about this email. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Thu Apr 1 09:19:38 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: Latest Postfix snapshot and MS 4.29.6-1 In-Reply-To: <406B4733.8030106@eatathome.com.au> References: <6.0.1.1.2.20040331193829.04014910@imap.ecs.soton.ac.uk> <6.0.1.1.2.20040331205341.040f1ea8@imap.ecs.soton.ac.uk> <406B4733.8030106@eatathome.com.au> Message-ID: <6.0.1.1.2.20040401091925.03d22d98@imap.ecs.soton.ac.uk> At 23:33 31/03/2004, you wrote: >Julian Field wrote: > >>At 20:10 31/03/2004, you wrote: >> >>>Will this have any effect on those of us who are using a "single" >>>postfix >>>configuration? All of our email gets dumped to a the Hold queue where >>>MailScanner picks it up... >> >> >>It doesn't matter how you get the files from and to the queues, it's >>changes in the format of the queue files which I have addressed. So it >>will >>affect you if/when you upgrade to a newer Postfix. >> >> >> >But if we never upgrade POstfix (i dont plan to) we will be fine? The >old q format is still compatible with MS ? Absolutely. It will work with all versions. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From pete at eatathome.com.au Thu Apr 1 09:01:21 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:12 2006 Subject: MailScanner load testing advice In-Reply-To: <54C38A0B814C8E438EF73FC76F362927410B45@mtlnt501fs.CAMOROUTE.COM> References: <54C38A0B814C8E438EF73FC76F362927410B45@mtlnt501fs.CAMOROUTE.COM> Message-ID: <406BCC51.9000808@eatathome.com.au> Ugo Bellavance wrote: >>-----Message d'origine----- >>De : Pete [mailto:pete@eatathome.com.au] >>Envoy? : 31 mars, 2004 20:43 >>? : MAILSCANNER@JISCMAIL.AC.UK >>Objet : MailScanner load testing advice >> >> >>My colleague has written a small PHP script that will send a bunch of >>messages to my mailscanner machine. I was going to try and see how many >>i can send it before it starts complaining (eg 1000s, 10000s 1000000s >>etc) since my mailscanner machine and other test machine are >>both on the >>same lan. >> >>I have used the details from this test - but i wonder how stressful it >>is on MailScanner recieving the same email over and over ? as >>long as it >>triggers spam ruiles then its providing some stress? >>http://hyvatti.iki.fi/~jaakko/spam/unkillable.txt >> >>BUT i need to set up the output to go nowhere - how do i send a legit >>email/spam, let it get scanned and placed back in the postfix incoming >>queue, but not delivered, just deleted? I am using the single postfix >>and freebsd. If there a way, if i specificied an alias pointed at >>dev/null in the aliases file and emailed alias@localhost ? What is the >>best way to do this? >> >> > >I think this is the best way. Or if it is a test server, you can put both spam actions and high scoring spam actions to delete or store, but no deliver. > > >> >>Thanks >>Pete >> >> >> > > > > > Thank you, this worked perfectly - good idea :) I put Non Spam and High Spam to Delete and Spam to store and pumped in 1000s of emails, with a spammy body from the link above. We have modded the script to send attachments now, pics and zips - now we will start nesting the zip files and varying the attachments in a batch. I was sending them in batches of 500 tried turning off MS and letting postfix recieve them all, turnning MS on and them pummping another 500 in while MS is dealing with the last 500 - with every check on i can think of (no dcc, razor etc), file, spam, clamav etc our new machine doesnt even raise a sweat i couldnt get it above 20% CPU usage, .3 Load average and 800MB RAM free - I may have slight over specced the RAM for this machine :) I am going to spend tomorrow morning with my developer colleague tyin to bombard server with nested zip files and the deep nested zip scanning all turned on, see if we can find a way to jam this server right up - we only have 3 small machines set up for pumping in the mail though..... My colleague says he will write a form for his script, maybe this can be useful to others? Lemme know and i will post it somewhere From raymond at PROLOCATION.NET Thu Apr 1 10:04:19 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:12 2006 Subject: Caching DNS In-Reply-To: Message-ID: Hi! > > Is there any other RBL/DNS kit worth looking into ? > > Look at tinydns/dnscache. Dnscache is a simple caching server, pretty > fast and very secure. Uhm, if you gonna do RBL, get RBLDNSD and run them on your local servers. Bye, Raymond. From mailscanner at SMITS.CO.UK Thu Apr 1 10:19:07 2004 From: mailscanner at SMITS.CO.UK (MailScanner) Date: Thu Jan 12 21:24:12 2006 Subject: Logging recipient? Message-ID: <58696C94787F16468267F3509F115030077024@hermes.clumpton.homeip.net> To get a list of top ten spam magnets out of the Mailwatch database: select to_address, sum(isspam) as spam from maillog group by to_address order by spam desc limit 10 Bart... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Zanker Posted At: 01 April 2004 07:12 Posted To: MailScanner Conversation: Logging recipient? Subject: Re: Logging recipient? On 31 March 2004 17:30 -0600 Mike Kercher wrote: > You might suggest this to the developers of MailWatch as a feature > request. They already have quite a few nice reports. Just installing MailWatch should be enough. You can then write a script to extract and process all the spam entries from the database. Mike. From pete at eatathome.com.au Thu Apr 1 10:11:09 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:12 2006 Subject: MailScanner load testing advice In-Reply-To: <6.0.1.1.2.20040401092211.03f9d530@imap.ecs.soton.ac.uk> References: <406B7390.8090607@eatathome.com.au> <6.0.1.1.2.20040401092211.03f9d530@imap.ecs.soton.ac.uk> Message-ID: <406BDCAD.6020808@eatathome.com.au> Julian Field wrote: > At 02:42 01/04/2004, you wrote: > >> My colleague has written a small PHP script that will send a bunch of >> messages to my mailscanner machine. I was going to try and see how many >> i can send it before it starts complaining (eg 1000s, 10000s 1000000s >> etc) since my mailscanner machine and other test machine are both on the >> same lan. >> >> I have used the details from this test - but i wonder how stressful it >> is on MailScanner recieving the same email over and over ? as long as it >> triggers spam ruiles then its providing some stress? >> http://hyvatti.iki.fi/~jaakko/spam/unkillable.txt > > > Ideally you want to send different mail, a real life sample of your > mail traffic is best. I keep a little archive of 500,000 recent > messages for doing this. I have blatted all the sender and recipient > addresses to "anonymous" in the envelope data so that it can't leak > out. All the mail servers on my site have "anonymous" aliased to > "/dev/null" so every other mail server here will throw it away (my > test leaked out once and I learnt the hard way!). > > I then set up the MTA on the test server to send all the mail to a > separate named server which runs a little "smtpsinkd" script I wrote > which implements just enough SMTP to fool a mail server into thinking > it is talking to a real MTA. It throws away all data sent to it. > > So the tests involve 3 machines: > 1) SMTP mail generator > 2) test server you are interested in > 3) SMTP sink > > If you want the smtpsinkd script, I have attached it to this message. > Thanks so much for your input - I suppose i have a months worth of spam i could repeatedly send at the new server, as we store all spam for 30 days. From a copy of the quarantine directory, what would you do to send all the mail? does any one know if something like a perl script could scour the dirs and send it? re addressing it as it goes, so its all aimed at the one address as you describe? Or even just mailling it all again - i can make the mailscanner machine send all outbound mail to the machine running smtpsinkd ? Or is your 'SMTP' mail generator available for use by the public (me?)? I have the machines to do all this, but not the skills to write all the tools - maybe i could point 3 or more machines at my scanner all pumping it with spam - see if we can find a stress point - i would really like to know what the max this machine will handle - appreciate any further help i can get. thanks again Julian Pete From mailscanner at ecs.soton.ac.uk Thu Apr 1 10:15:33 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:12 2006 Subject: ANNOUNCE: Stable 4.29.7 released Message-ID: <6.0.1.1.2.20040401101051.06b85dd8@imap.ecs.soton.ac.uk> I have just released stable 4.29.7. The highlights are: - More robust MIME decoding, should catch postmaster bounces a lot better when they include the entire message with broken MIME headers. - tags in the first place? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, April 26, 2004 11:14 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Allowing this Blocked Content through At 16:14 26/04/2004, you wrote: >Hello all, > > > >I need to allow a newsletter email through to just a couple of customers. >Right now when they get the email it says blocked content and attaches >the following .txt file. > > > >The content filters found this: > > MailScanner: Found a script in HTML message Is this line not clear enough? It found a script in the HTML message. If you think I can word the statement more clearly, please suggest a better wording. If you look in your MailScanner.conf file you will find a setting "Allow Script Tags". >I thought that this was IEFrames before so I allowed frames to these >customers but that didn't help. What rule is blocking this now? > > > > >Thanks in advance, > > > >Dan > > > >-- >Dan Spray, Director of Internet Operations dan@conpoint.com > Connecting Point Norfolk, >NE < >http://www.conpoint.com/> Voice - 402.844.2308 Fax - 402.371.4515 > >"The porcupine with the sharpest quills gets stuck on a tree more often." > >-- > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon Apr 26 19:02:15 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:50 2006 Subject: troubleshooting mailscanner? In-Reply-To: References: Message-ID: <408D4EA7.7030509@ucgbook.com> Chris Connell wrote: > Our email gateway was bombarded with spam etc last night. So now I have 40k > mails or so in the mailscanner queue. When I start mailscanner it is just > sitting there doing nothing ie > > Apr 26 11:41:12 ns1 MailScanner[277]: MailScanner E-Mail Virus Scanner > version 4.29.7 starting... > Apr 26 11:41:12 ns1 MailScanner[277]: Using Custom Function file > /opt/MailScanner/lib/MailScanner/CustomFunctions/MyExample.pm > Apr 26 11:41:13 ns1 MailScanner[277]: Using locktype = flock > > > Before it was processing the messages 30 at a time but has just stopped now. > I have a feeling there is a certain mail in the queue which is stopping it > from processing. Any ideas please? My platform is sun ultra5 solaris9. 40k messages on a Ultra 5 sounds like a heavy load. Maybe you have a problem to stat the incoming directory. Try moving all files from the directory, start up MS and then move the files in like a 1000 a time or so. You must move them in pairs of course (qf and df). -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From danslists at conpoint.com Mon Apr 26 19:10:20 2004 From: danslists at conpoint.com (Dan Spray) Date: Thu Jan 12 21:24:50 2006 Subject: Allowing this Blocked Content through In-Reply-To: Message-ID: <200404261314140.SM01212@Dan> Don't know...it is the newsletter from huskers.com that is trying to go through. I just need to allow this through, I explained to them what was happening but they said they didn't care they just wanted it. Dan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby Sent: Monday, April 26, 2004 12:18 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Allowing this Blocked Content through Why do the newsletters have tags in the first place? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, April 26, 2004 11:14 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Allowing this Blocked Content through At 16:14 26/04/2004, you wrote: >Hello all, > > > >I need to allow a newsletter email through to just a couple of customers. >Right now when they get the email it says blocked content and attaches >the following .txt file. > > > >The content filters found this: > > MailScanner: Found a script in HTML message Is this line not clear enough? It found a script in the HTML message. If you think I can word the statement more clearly, please suggest a better wording. If you look in your MailScanner.conf file you will find a setting "Allow Script Tags". >I thought that this was IEFrames before so I allowed frames to these >customers but that didn't help. What rule is blocking this now? > > > > >Thanks in advance, > > > >Dan > > > >-- >Dan Spray, Director of Internet Operations dan@conpoint.com > Connecting Point Norfolk, >NE < >http://www.conpoint.com/> Voice - 402.844.2308 Fax - 402.371.4515 > >"The porcupine with the sharpest quills gets stuck on a tree more often." > >-- > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at BARENDSE.TO Mon Apr 26 19:23:00 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:24:50 2006 Subject: ANNOUNCE: Unstable MailScanner 4.30.2 released In-Reply-To: Message-ID: Just out of interest, I am planning to start using Gentoo next to some RedHat servers (RedHat will eventually be phased out). What directory / file structure are you using in your mixed environment? I noticed that the installpath for 'other' linux os'es is /opt/MailScanner whereas for RedHat this is split up in binary stuff somewhere and the config files in /etc/MailScanner A lot of the add on packages / scripts are written for RedHat structure and I therefore would like to follow that instead of manually editing the files each time. On Mon, 26 Apr 2004, David Lee wrote: > On Sun, 25 Apr 2004, Julian Field wrote: > > > And feel free to send me reminders of > > feature requests I said I would do and have forgotten again. > > OK! Around Feb 11-13th (a couple of weeks before I met you at the > Bournemouth UKUUG event) I sent you an outline for generalising > "install.sh" to other environments, so that they, too, could have the > option of using "install.sh". > > (At our site, we have a mixture of Solaris and Redhat. Installing new MS > releases, including perl module dependencies, on Redhat via "install.sh" > is beautifully smooth, but on Solaris is a much less easy.) > > Could you dig out those emails, and glance over the outline idea and the > (incomplete) demonstration version, please? If it is generally OK, then > I'd be most happy to continue working that demo. up towards completion. > > Many thanks. > > -- > > : David Lee I.T. Service : > : Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at CARLO65.DE Mon Apr 26 19:29:07 2004 From: mailscanner at CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:24:50 2006 Subject: Allowing this Blocked Content through In-Reply-To: <20040426101831.SM01212@Dan> References: <20040426101831.SM01212@Dan> Message-ID: <408D54F3.2050103@carlo65.de> Hi Dan, Dan Spray schrieb: > I need to allow a newsletter email through to just a couple of customers. > Right now when they get the email it says blocked content and attaches the > following .txt file. > > The content filters found this: > > MailScanner: Found a script in HTML message > > I thought that this was IEFrames before so I allowed frames to these > customers but that didn't help. What rule is blocking this now? find the line Allow Script Tags in MailScanner.conf and set it to Allow Script Tags = /etc/MailScanner/rules/script.rules Your script.rules should be: From: *@domain.com yes Fromto default no Regards, Roland -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon Apr 26 19:40:28 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:50 2006 Subject: ANNOUNCE: Unstable MailScanner 4.30.2 released In-Reply-To: <6.0.1.1.2.20040425163705.045d5ce8@imap.ecs.soton.ac.uk> Message-ID: <408D2D6C.29087.33428171@localhost> El 25 Apr 2004 a las 16:39, Julian Field escribi?: > I have just released version 4.30.2. > > This is a pre-release for the stable version of 4.30. Should anything major > need changing, please contact me. And feel free to send me reminders of > feature requests I said I would do and have forgotten again. > Well.. you're back again... I'll resend'em individually, since they were somehow unrelated to one another :-) -- Mariano Absatz El Baby ---------------------------------------------------------- "Redmond - Microsoft corp. announced this weekend that they will be re-organizing into four functionally distinct divisions: Lying, Cheating, Stealing, and Crashing. Wall Street analysts agree that this change will better enable MSFT to achieve its strategic goals." -- Unknown -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon Apr 26 19:45:56 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:50 2006 Subject: Debugging RBL's In-Reply-To: References: Message-ID: <408D58E4.7000905@ucgbook.com> Gareth Campling wrote: > Think this has been asked before but unsure, what's the best way to > debug RBL checking, as I have one server > That seems to be ignoring rbl's from MailScanner (they also run on > spamassasin which is working and scoring them) > > But would like MailScanner to use them so I can turn off spamassasins > checking, if I run MailScanner in debug mode it > Does not error and passes DNS checks > > So any light u can shed on this would be superb. Is that server not your first MTA? MailScanners RBL checks only checks the server it received the mail from but SA checks all the received headers. Maybe that's why it works in SA but not in MS. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon Apr 26 19:56:15 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:50 2006 Subject: (Fwd) custom functions in reports/xx/languages.conf Message-ID: <408D311F.29723.3350F48D@localhost> Hi, in order to know what happens, I usually set (in languages.conf): SpamAssassin = SpamAssassin-2.63 So the header shows me SA version... now, the problem I have is that I not always remember to update this when I update SpamAssassin... Can I do the following: SpamAssassin = &SAVersionString And put (in lib/CustomFunctions) a small routine like this: sub SAVersionString { return "SpamAssassin-" . "$Mail::SpamAssassin::VERSION"; } do I have to put the InitSAVersionString & EndSAVersionString? TIA. -- Mariano Absatz El Baby ---------------------------------------------------------- Better to understand a little than to misunderstand a lot. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon Apr 26 19:56:14 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:50 2006 Subject: (Fwd) SpamAssassinSiteRulesDir Message-ID: <408D311E.1691.3350F324@localhost> For what I can see, the setting: SpamAssassinSiteRulesDir in MailScanner.conf has no effect at all... shouldn't it be taken off? (at least from the default MailScanner.conf file) -- Mariano Absatz El Baby ---------------------------------------------------------- All wiyht. Rho sritched mg kegtops awound? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon Apr 26 19:56:14 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:50 2006 Subject: (Fwd) run MailScanner in foreground (non-debugging) Message-ID: <408D311E.4594.3350F02B@localhost> Hi Julian, it'd be nice to be able to give MailScanner an option to run in the foreground so it can be controlled by something like daemontools supervise (see http://cr.yp.to/daemontools.html http://cr.yp.to/daemontools/supervise.html and http://cr.yp.to/daemontools/svc.html ). I also know of high availability clustering software that also requires that managed daemons run in the foreground. I think it should be a matter of not calling ForkDaemon() if this option is given (but somehow setting "$SIG{'CHLD'} = \&Reaper;", anyway)... so the 'parent MailScanner' is the original one (and not is child) and the children are directly forked by it... Not closing stdout/stderr also allows us to call something to capture any output from the process and log it somehow (see http://cr.yp.to/daemontools/multilog.html ). This would help capturing some errors that, up to now I had to chase manually inserting Log calls. What do U think? Regards. -- Mariano Absatz El Baby ---------------------------------------------------------- Room Service? Send up a larger room. -- Groucho Marx -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon Apr 26 19:56:15 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:50 2006 Subject: (Fwd) custom functions in reports/xx/languages.conf Message-ID: <408D311F.18903.3350F5F5@localhost> Hi, in order to know what happens, I usually set (in languages.conf): SpamAssassin = SpamAssassin-2.63 So the header shows me SA version... now, the problem I have is that I not always remember to update this when I update SpamAssassin... Can I do the following: SpamAssassin = &SAVersionString And put (in lib/CustomFunctions) a small routine like this: sub SAVersionString { return "SpamAssassin-" . "Mail::SpamAssassin::VERSION"; } do I have to put the InitSAVersionString & EndSAVersionString? TIA. -- Mariano Absatz El Baby ---------------------------------------------------------- If I held you any closer I would be on the other side of you. -- Groucho Marx -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon Apr 26 19:56:14 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:50 2006 Subject: (Fwd) virus scanning with virus delivery Message-ID: <408D311E.4343.3350F1BC@localhost> Hi Julian, I know this sounds awfully strange, but I have the following request (please, don't ask why): I need to do virus scanning and logging but NOT removing. That is, the message must be checked for viruses and vulnerabilities, which will be logged and marked in the X-MailScanner: header, but the message must pass thru intact (that is, with all viruses and vulnerabilities in it). Do you think that would be possible? Or maybe an easy hack? (I can take pointers and do it by myself... I don't think _this_ could be a popular request :-) Would immediately returning from MailScanner::Message::Clean() would do this without breaking anything? that is, except for the recipient's computer :-P That is, within Message.pm: sub Clean { my $this = shift; # DON'T CLEAN ANY MESSAGE!!! return; # Get out if nothing to do #print STDERR "Have we got anything to do?\n"; return unless ($this->{allreports} && %{$this->{allreports}}) || ($this->{entityreports} && %{$this->{entityreports}}); #print STDERR "Yes we have\n"; ... } TIA -- Mariano Absatz El Baby ---------------------------------------------------------- Bus error -- passengers dumped. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From whiplash at PLANETFURRY.COM Mon Apr 26 20:01:03 2004 From: whiplash at PLANETFURRY.COM (Ricky Boone) Date: Thu Jan 12 21:24:50 2006 Subject: Forcing message body as attachment Message-ID: <1083006062.22666.28.camel@whiplash.planetfurry.com> Quick question. I've gone through the MailScanner FAQ's and several websites, and I can't seem to find an answer. How do I set up MailScanner to force HTML formatted message bodies as attachments, and can it be setup as a ruleset? I have an application that just doesn't like HTML formatted messages, but it is okay if they are attachments. I found the "Non Spam Actions" setting in /etc/MailScanner.conf, but it didn't have "attachment" as an option. Is this the way I should go, or should I try something else? I'm running the latest MailScanner on Fedora Core 1. Thanks in advance for any help anyone may be able to provide. :) -- Ricky Boone Planetfurry.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkbowman at neo.rr.com Mon Apr 26 20:15:09 2004 From: mkbowman at neo.rr.com (Matthew K Bowman) Date: Thu Jan 12 21:24:50 2006 Subject: encrypted messages not scanned within zip files? References: <408D311F.29723.3350F48D@localhost> Message-ID: <000801c42bc2$cd948910$2567a8c0@mkbowman> Hi, Do I need to ugrade or is my conf wrong? MailScanner 4-28.5/RH9 MailScanner settings # Should encrypted messages be blocked? # This is useful if you are wary about your users sending encrypted # messages to your competition. # This can be a ruleset so you can block encrypted message to certain domains. Block Encrypted Messages = no # Should unencrypted messages be blocked? # This could be used to ensure all your users send messages outside your # company encrypted to avoid snooping of mail to your business partners. # This can be a ruleset so you can just check mail to certain users/domains. Block Unencrypted Messages = no # Should archives which contain any password-protected files be allowed? # Leaving this set to "no" is a good way of protecting against all the # protected zip files used by viruses at the moment. # This can also be the filename of a ruleset. Allow Password-Protected Archives = no Ruleset: filename.rules.rules:FromOrTo: mydomain.com /etc/MailScanner/allow.everything filetype.rules.rules:FromOrTo: mydomain.com /etc/MailScanner/allow.all.filetypes.conf Maillog: Apr 26 14:25:19 bart MailScanner[2390]: /var/spool/MailScanner/incoming/2390/i3Q IP7iL004799/aaaa17195.zip->835_00166___dra_395ba237.001.tif Not scanned (encryp ted) Apr 26 14:25:19 bart MailScanner[2390]: Saved infected "aaaa17195.zip" to /var/s pool/MailScanner/quarantine/20040426/i3QIP7iL004799 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cparker at SWATGEAR.COM Mon Apr 26 20:24:33 2004 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:24:50 2006 Subject: individual user bayes Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE4479B0@ati-ex-01.ati.local> hi. i'm using an old version of mailscanner (4.20-3) and i'm wondering if in any of the new version or upcoming versions there will be individual user bayes. i'd imagine that a company wide bayes would be better than none at all, but i think an individual user bayes would be even better. is this something that is possible? thanks, chris. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From maillists at CONACTIVE.COM Mon Apr 26 20:31:36 2004 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:24:50 2006 Subject: Logs vs. headers In-Reply-To: References: <1082853622.3075.6.camel@athlon.kblan.com> <408B1607.8070607@ucgbook.com> <1082867568.3438.19.camel@athlon.kblan.com> <1082868213.3467.4.camel@athlon.kblan.com> <408D14F2.8060709@USherbrooke.ca> <6.0.1.1.2.20040426160058.040d3a80@imap.ecs.soton.ac.uk> Message-ID: David Lee wrote on Mon, 26 Apr 2004 16:50:53 +0100: > But it is nevertheless unusual, isn't it? Might it be unusual enough to > warrant MS at least issuing a friendly warning-like (non-fatal) advisory > diagnostic of some sort? That the email administrator might wish to > consider avoiding the "." in such MS-inserted headers? > That's what it says in the comments of MailScanner.conf ... Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkettler at EVI-INC.COM Mon Apr 26 20:42:14 2004 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:24:50 2006 Subject: encrypted messages not scanned within zip files? In-Reply-To: <000801c42bc2$cd948910$2567a8c0@mkbowman> References: <408D311F.29723.3350F48D@localhost> <000801c42bc2$cd948910$2567a8c0@mkbowman> Message-ID: <6.0.0.22.0.20040426153922.0295b9f8@192.168.50.2> At 03:15 PM 4/26/2004, Matthew K Bowman wrote: >Hi, > >Do I need to ugrade or is my conf wrong? It depends, what part of the result is unexpected to you? 1) encrypted files inside zip archives will always be unscanned, because they are encrypted. MS cannot do a brute-force password search in a reasonable time in order to facilitate decryption, and scanning an encrypted file is pointless. 2) since you have "Allow Password-Protected Archives = no" all encrypted zip archives will be quarantined. If you want to let encrypted files through. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon Apr 26 20:43:00 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:50 2006 Subject: encrypted messages not scanned within zip files? In-Reply-To: <000801c42bc2$cd948910$2567a8c0@mkbowman> References: <408D311F.29723.3350F48D@localhost> <000801c42bc2$cd948910$2567a8c0@mkbowman> Message-ID: <408D6644.7080109@ucgbook.com> Matthew K Bowman wrote: > Do I need to ugrade or is my conf wrong? > > Allow Password-Protected Archives = no > > IP7iL004799/aaaa17195.zip->835_00166___dra_395ba237.001.tif Not scanned > (encryp > ted) > Apr 26 14:25:19 bart MailScanner[2390]: Saved infected "aaaa17195.zip" to > /var/s > pool/MailScanner/quarantine/20040426/i3QIP7iL004799 If you want password-protected zips to pass, just set it to yes. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon Apr 26 20:45:13 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:50 2006 Subject: Logs vs. headers In-Reply-To: References: <1082853622.3075.6.camel@athlon.kblan.com> <408B1607.8070607@ucgbook.com> <1082867568.3438.19.camel@athlon.kblan.com> <1082868213.3467.4.camel@athlon.kblan.com> <408D14F2.8060709@USherbrooke.ca> <6.0.1.1.2.20040426160058.040d3a80@imap.ecs.soton.ac.uk> Message-ID: <408D66C9.2080501@ucgbook.com> Kai Schaetzl wrote: >>But it is nevertheless unusual, isn't it? Might it be unusual enough to >>warrant MS at least issuing a friendly warning-like (non-fatal) advisory >>diagnostic of some sort? That the email administrator might wish to >>consider avoiding the "." in such MS-inserted headers? > > That's what it says in the comments of MailScanner.conf ... I'm also surprised that this isn't enough: # RULE: It must not contain any spaces! # Note: Some Symantec scanners complain (incorrectly) about "." # ***** characters appearing in the names of headers. %org-name% = yoursite How much needs to be checked by code because some can't (won't) read the very good instructions in the config files? -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at TC3NET.COM Mon Apr 26 21:08:54 2004 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:24:50 2006 Subject: MailScanner Logging In-Reply-To: <408D66C9.2080501@ucgbook.com> References: <1082853622.3075.6.camel@athlon.kblan.com> <408B1607.8070607@ucgbook.com> <1082867568.3438.19.camel@athlon.kblan.com> <1082868213.3467.4.camel@athlon.kblan.com> <408D14F2.8060709@USherbrooke.ca> <6.0.1.1.2.20040426160058.040d3a80@imap.ecs.soton.ac.uk> <408D66C9.2080501@ucgbook.com> Message-ID: <1083010133.23575.13.camel@mike-new2.tc3net.com> What is the best way to turn off the normal MailScanner logging? I'm working on my own logging module backend, I no longer wish MailScanner to log to syslog. I've looked at MailScanner.conf I'm wondering about setting Syslog Facility = none, also at Log.pm I see the option $LogType |= 'syslog' and it appears I could put none (or something not matching syslog or stderr in there to get it not to log), but I'd rather not mess with that core perl module. Regards MIKE -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkbowman at neo.rr.com Mon Apr 26 21:12:32 2004 From: mkbowman at neo.rr.com (Matthew K Bowman) Date: Thu Jan 12 21:24:50 2006 Subject: encrypted messages not scanned within zip files? References: <408D311F.29723.3350F48D@localhost> <000801c42bc2$cd948910$2567a8c0@mkbowman> <408D6644.7080109@ucgbook.com> Message-ID: <000b01c42bca$cf07ce80$2567a8c0@mkbowman> Time for another ruleset.. Thanks Matthew ----- Original Message ----- From: "Peter Bonivart" To: Sent: Monday, April 26, 2004 3:43 PM Subject: Re: encrypted messages not scanned within zip files? > Matthew K Bowman wrote: > > Do I need to ugrade or is my conf wrong? > > > > Allow Password-Protected Archives = no > > > > IP7iL004799/aaaa17195.zip->835_00166___dra_395ba237.001.tif Not scanned > > (encryp > > ted) > > Apr 26 14:25:19 bart MailScanner[2390]: Saved infected "aaaa17195.zip" to > > /var/s > > pool/MailScanner/quarantine/20040426/i3QIP7iL004799 > > If you want password-protected zips to pass, just set it to yes. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Denis.Beauchemin at USHERBROOKE.CA Mon Apr 26 21:29:09 2004 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:24:50 2006 Subject: Logs vs. headers In-Reply-To: <408D66C9.2080501@ucgbook.com> References: <1082853622.3075.6.camel@athlon.kblan.com> <408B1607.8070607@ucgbook.com> <1082867568.3438.19.camel@athlon.kblan.com> <1082868213.3467.4.camel@athlon.kblan.com> <408D14F2.8060709@USherbrooke.ca> <6.0.1.1.2.20040426160058.040d3a80@imap.ecs.soton.ac.uk> <408D66C9.2080501@ucgbook.com> Message-ID: <408D7115.1090008@USherbrooke.ca> Peter Bonivart wrote: > Kai Schaetzl wrote: > >>> But it is nevertheless unusual, isn't it? Might it be unusual >>> enough to >>> warrant MS at least issuing a friendly warning-like (non-fatal) >>> advisory >>> diagnostic of some sort? That the email administrator might wish to >>> consider avoiding the "." in such MS-inserted headers? >> >> >> That's what it says in the comments of MailScanner.conf ... > > > I'm also surprised that this isn't enough: > > # RULE: It must not contain any spaces! > # Note: Some Symantec scanners complain (incorrectly) about "." > # ***** characters appearing in the names of headers. > %org-name% = yoursite > > How much needs to be checked by code because some can't (won't) read the > very good instructions in the config files? Peter, You won't see the new comments if you upgrade your config with upgrade_MailScanner_conf and you already use %org-name% = yoursite. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Mon Apr 26 21:51:38 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:50 2006 Subject: High Load Message-ID: <200404261949.i3QJnPRB016010@avwall.bladeware.com> I'm seeing a HUGE load on my system and I can't figure out why. 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait 0.0% idle Mem: 1022796k av, 915824k used, 106972k free, 0k shrd, 43448k buff 522344k actv, 197376k in_d, 127288k in_c Swap: 2048276k av, 31672k used, 2016604k free 441600k cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 MailScanner 15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 0 cucipop 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 0 syslogd 3195 named 25 0 6608 6412 1348 S 0.3 0.6 0:20 0 named 7400 root 15 0 1008 1008 688 R 0.3 0.0 0:04 0 top 15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 0 cucipop 15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 0 sendmail 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 0 kjournald 13900 root 20 0 592 592 476 S 0.1 0.0 0:00 0 cucipop 15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 0 sendmail 15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 0 sendmail 1 root 17 0 156 128 100 S 0.0 0.0 0:05 0 init 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd 3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd_CPU0 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kswapd 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kscand/DMA 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 kscand/Normal 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 kscand/HighMem 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 mdrecoveryd 73 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 khubd 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald 3045 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 eth0 3099 root 23 0 52 4 0 S 0.0 0.0 0:00 0 klogd 3209 root 15 0 288 64 48 S 0.0 0.0 0:00 0 sshd 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 0 xinetd 3228 root 15 0 888 600 516 S 0.0 0.0 0:00 0 bash 3229 root 15 0 932 644 560 S 0.0 0.0 0:00 0 bash 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 safe_mysqld 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 0 mysqld 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 0 proftpd 3447 root 15 0 5080 1412 884 S 0.0 0.1 0:10 0 httpd 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 milter-sender 3491 root 15 0 436 436 364 S 0.0 0.0 0:00 0 crond 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 0 poprelayd This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to be MS and cucipop. My load is getting pushed up to 19+ and sendmail stops accepting connections at that point. Anyone else having any similar issues? Pointers gladly accepted! Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Mon Apr 26 21:59:22 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:24:50 2006 Subject: High Load Message-ID: <08146035CA49D6119A36009027AC822A0549E5DE@CITY-EXCH-NTS> Are you on 4.28-? I was seeing large loads until I went to 4.29-7. HTH... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 >-----Original Message----- >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >Sent: Monday, April 26, 2004 12:52 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: High Load > > >I'm seeing a HUGE load on my system and I can't figure out why. > > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% >iowait 0.0% idle >Mem: 1022796k av, 915824k used, 106972k free, 0k >shrd, 43448k >buff > 522344k actv, 197376k in_d, 127288k in_c >Swap: 2048276k av, 31672k used, 2016604k free > 441600k >cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME >CPU COMMAND > 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >MailScanner >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 > 0 cucipop > > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 > 0 syslogd > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 0:20 0 named > 7400 root 15 0 1008 1008 688 R 0.3 0.0 0:04 0 top >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 > 0 cucipop > >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 > 0 sendmail > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 > 0 kjournald >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 > 0 cucipop >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 > 0 sendmail >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 > 0 sendmail > 1 root 17 0 156 128 100 S 0.0 0.0 0:05 0 init > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 > 0 keventd > 3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd > 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 >ksoftirqd_CPU0 > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 > 0 bdflush > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 > 0 kswapd > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 > 0 kscand/DMA > 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 >kscand/Normal > 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 >kscand/HighMem > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 > 0 kupdated > 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 >mdrecoveryd > 73 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 khubd > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 > 0 kjournald > 3045 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 eth0 > 3099 root 23 0 52 4 0 S 0.0 0.0 0:00 0 klogd > 3209 root 15 0 288 64 48 S 0.0 0.0 0:00 0 sshd > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 > 0 xinetd > 3228 root 15 0 888 600 516 S 0.0 0.0 0:00 0 bash > 3229 root 15 0 932 644 560 S 0.0 0.0 0:00 0 bash > 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 >safe_mysqld > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 > 0 mysqld > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 > 0 proftpd > 3447 root 15 0 5080 1412 884 S 0.0 0.1 0:10 0 httpd > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 >milter-sender > 3491 root 15 0 436 436 364 S 0.0 0.0 0:00 0 crond > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 > 0 poprelayd > >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to be MS and >cucipop. My load is getting pushed up to 19+ and sendmail >stops accepting >connections at that point. Anyone else having any similar >issues? Pointers >gladly accepted! > >Mike > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Mon Apr 26 22:01:44 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <08146035CA49D6119A36009027AC822A0549E5DE@CITY-EXCH-NTS> Message-ID: <200404261959.i3QJxTRB018113@avwall.bladeware.com> I am 4.29.3-1 > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > Sent: Monday, April 26, 2004 3:59 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > Are you on 4.28-? I was seeing large loads until I went to 4.29-7. > > HTH... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Administrator, Mail > Administrator > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > >-----Original Message----- > >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > >Sent: Monday, April 26, 2004 12:52 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: High Load > > > > > >I'm seeing a HUGE load on my system and I can't figure out why. > > > > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 > >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% > >iowait 0.0% idle > >Mem: 1022796k av, 915824k used, 106972k free, 0k > >shrd, 43448k > >buff > > 522344k actv, 197376k in_d, 127288k in_c > >Swap: 2048276k av, 31672k used, 2016604k free > > 441600k > >cached > > > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME > >CPU COMMAND > > 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 > >MailScanner > >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 > > 0 cucipop > > > > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 > > 0 syslogd > > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 > 0:20 0 named > > 7400 root 15 0 1008 1008 688 R 0.3 0.0 0:04 0 top > >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 > > 0 cucipop > > > >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 > > 0 sendmail > > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 > > 0 kjournald > >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 > > 0 cucipop > >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 > > 0 sendmail > >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 > > 0 sendmail > > 1 root 17 0 156 128 100 S 0.0 0.0 > 0:05 0 init > > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > 0 keventd > > 3 root 15 0 0 0 0 SW 0.0 0.0 > 0:00 0 kapmd > > 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 > >ksoftirqd_CPU0 > > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 > > 0 bdflush > > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > 0 kswapd > > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > 0 kscand/DMA > > 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 > >kscand/Normal > > 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 > >kscand/HighMem > > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > 0 kupdated > > 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 > >mdrecoveryd > > 73 root 25 0 0 0 0 SW 0.0 0.0 > 0:00 0 khubd > > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 > > 0 kjournald > > 3045 root 15 0 0 0 0 SW 0.0 0.0 > 0:00 0 eth0 > > 3099 root 23 0 52 4 0 S 0.0 0.0 > 0:00 0 klogd > > 3209 root 15 0 288 64 48 S 0.0 0.0 > 0:00 0 sshd > > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 > > 0 xinetd > > 3228 root 15 0 888 600 516 S 0.0 0.0 > 0:00 0 bash > > 3229 root 15 0 932 644 560 S 0.0 0.0 > 0:00 0 bash > > 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 > >safe_mysqld > > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 > > 0 mysqld > > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 > > 0 proftpd > > 3447 root 15 0 5080 1412 884 S 0.0 0.1 > 0:10 0 httpd > > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 > >milter-sender > > 3491 root 15 0 436 436 364 S 0.0 0.0 > 0:00 0 crond > > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 > > 0 poprelayd > > > >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to > be MS and > >cucipop. My load is getting pushed up to 19+ and sendmail stops > >accepting connections at that point. Anyone else having any similar > >issues? Pointers gladly accepted! > > > >Mike > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >For further info about MailScanner, please see the Most Asked > >Questions at http://www.mailscanner.biz/maq/ and the archives > >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Mon Apr 26 22:05:16 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:24:50 2006 Subject: High Load Message-ID: <08146035CA49D6119A36009027AC822A0549E5DF@CITY-EXCH-NTS> I think I skipped that one. Feel like upgrading to the newest stable? Not sure when the performance issue was wrestled to the ground... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 >-----Original Message----- >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >Sent: Monday, April 26, 2004 1:02 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: High Load > > >I am 4.29.3-1 > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller >> Sent: Monday, April 26, 2004 3:59 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: High Load >> >> Are you on 4.28-? I was seeing large loads until I went to 4.29-7. >> >> HTH... >> >> ...Kevin >> -- >> Kevin Miller Registered Linux User No: 307357 >> CBJ MIS Dept. Network Systems Administrator, Mail >> Administrator >> 155 South Seward Street ph: (907) 586-0242 >> Juneau, Alaska 99801 fax: (907 586-4500 >> >> >> >-----Original Message----- >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >> >Sent: Monday, April 26, 2004 12:52 PM >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >Subject: High Load >> > >> > >> >I'm seeing a HUGE load on my system and I can't figure out why. >> > >> > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 >> >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >> >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% >> >iowait 0.0% idle >> >Mem: 1022796k av, 915824k used, 106972k free, 0k >> >shrd, 43448k >> >buff >> > 522344k actv, 197376k in_d, 127288k in_c >> >Swap: 2048276k av, 31672k used, 2016604k free >> > 441600k >> >cached >> > >> > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME >> >CPU COMMAND >> > 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >> >MailScanner >> >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 >> > 0 cucipop >> > >> > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 >> > 0 syslogd >> > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 >> 0:20 0 named >> > 7400 root 15 0 1008 1008 688 R 0.3 0.0 >0:04 0 top >> >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 >> > 0 cucipop >> > >> >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 >> > 0 sendmail >> > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 >> > 0 kjournald >> >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 >> > 0 cucipop >> >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 >> > 0 sendmail >> >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 >> > 0 sendmail >> > 1 root 17 0 156 128 100 S 0.0 0.0 >> 0:05 0 init >> > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> > 0 keventd >> > 3 root 15 0 0 0 0 SW 0.0 0.0 >> 0:00 0 kapmd >> > 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 >> >ksoftirqd_CPU0 >> > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 >> > 0 bdflush >> > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> > 0 kswapd >> > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> > 0 kscand/DMA >> > 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 >> >kscand/Normal >> > 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 >> >kscand/HighMem >> > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> > 0 kupdated >> > 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 >> >mdrecoveryd >> > 73 root 25 0 0 0 0 SW 0.0 0.0 >> 0:00 0 khubd >> > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 >> > 0 kjournald >> > 3045 root 15 0 0 0 0 SW 0.0 0.0 >> 0:00 0 eth0 >> > 3099 root 23 0 52 4 0 S 0.0 0.0 >> 0:00 0 klogd >> > 3209 root 15 0 288 64 48 S 0.0 0.0 >> 0:00 0 sshd >> > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 >> > 0 xinetd >> > 3228 root 15 0 888 600 516 S 0.0 0.0 >> 0:00 0 bash >> > 3229 root 15 0 932 644 560 S 0.0 0.0 >> 0:00 0 bash >> > 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 >> >safe_mysqld >> > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 >> > 0 mysqld >> > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 >> > 0 proftpd >> > 3447 root 15 0 5080 1412 884 S 0.0 0.1 >> 0:10 0 httpd >> > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 >> >milter-sender >> > 3491 root 15 0 436 436 364 S 0.0 0.0 >> 0:00 0 crond >> > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 >> > 0 poprelayd >> > >> >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to >> be MS and >> >cucipop. My load is getting pushed up to 19+ and sendmail stops >> >accepting connections at that point. Anyone else having any similar >> >issues? Pointers gladly accepted! >> > >> >Mike >> > >> >-------------------------- MailScanner list ---------------------- >> >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> >For further info about MailScanner, please see the Most Asked >> >Questions at http://www.mailscanner.biz/maq/ and the archives >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html >> > >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> For further info about MailScanner, please see the Most Asked >> Questions at http://www.mailscanner.biz/maq/ and the archives >> at http://www.jiscmail.ac.uk/lists/mailscanner.html >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Mon Apr 26 23:17:45 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <08146035CA49D6119A36009027AC822A0549E5DF@CITY-EXCH-NTS> Message-ID: <200404262115.i3QLFW0D030358@avwall.bladeware.com> Welp...I just upgraded to the latest stable and load is at 22 now! Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > Sent: Monday, April 26, 2004 4:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > I think I skipped that one. Feel like upgrading to the > newest stable? Not sure when the performance issue was > wrestled to the ground... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Administrator, Mail > Administrator > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > >-----Original Message----- > >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > >Sent: Monday, April 26, 2004 1:02 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: High Load > > > > > >I am 4.29.3-1 > > > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > >> Sent: Monday, April 26, 2004 3:59 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: High Load > >> > >> Are you on 4.28-? I was seeing large loads until I went to 4.29-7. > >> > >> HTH... > >> > >> ...Kevin > >> -- > >> Kevin Miller Registered Linux User No: 307357 > >> CBJ MIS Dept. Network Systems Administrator, Mail > >> Administrator > >> 155 South Seward Street ph: (907) 586-0242 > >> Juneau, Alaska 99801 fax: (907 586-4500 > >> > >> > >> >-----Original Message----- > >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > >> >Sent: Monday, April 26, 2004 12:52 PM > >> >To: MAILSCANNER@JISCMAIL.AC.UK > >> >Subject: High Load > >> > > >> > > >> >I'm seeing a HUGE load on my system and I can't figure out why. > >> > > >> > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 > >> >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > >> >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% > >> >iowait 0.0% idle > >> >Mem: 1022796k av, 915824k used, 106972k free, 0k > >> >shrd, 43448k > >> >buff > >> > 522344k actv, 197376k in_d, 127288k in_c > >> >Swap: 2048276k av, 31672k used, 2016604k free > >> > 441600k > >> >cached > >> > > >> > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME > >> >CPU COMMAND > >> > 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 > >> >MailScanner > >> >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 > >> > 0 cucipop > >> > > >> > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 > >> > 0 syslogd > >> > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 > >> 0:20 0 named > >> > 7400 root 15 0 1008 1008 688 R 0.3 0.0 > >0:04 0 top > >> >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 > >> > 0 cucipop > >> > > >> >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 > >> > 0 sendmail > >> > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 > >> > 0 kjournald > >> >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 > >> > 0 cucipop > >> >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 > >> > 0 sendmail > >> >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 > >> > 0 sendmail > >> > 1 root 17 0 156 128 100 S 0.0 0.0 > >> 0:05 0 init > >> > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 > >> > 0 keventd > >> > 3 root 15 0 0 0 0 SW 0.0 0.0 > >> 0:00 0 kapmd > >> > 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 > >> >ksoftirqd_CPU0 > >> > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 > >> > 0 bdflush > >> > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 > >> > 0 kswapd > >> > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 > >> > 0 kscand/DMA > >> > 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 > >> >kscand/Normal > >> > 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 > >> >kscand/HighMem > >> > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 > >> > 0 kupdated > >> > 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 > >> >mdrecoveryd > >> > 73 root 25 0 0 0 0 SW 0.0 0.0 > >> 0:00 0 khubd > >> > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 > >> > 0 kjournald > >> > 3045 root 15 0 0 0 0 SW 0.0 0.0 > >> 0:00 0 eth0 > >> > 3099 root 23 0 52 4 0 S 0.0 0.0 > >> 0:00 0 klogd > >> > 3209 root 15 0 288 64 48 S 0.0 0.0 > >> 0:00 0 sshd > >> > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 > >> > 0 xinetd > >> > 3228 root 15 0 888 600 516 S 0.0 0.0 > >> 0:00 0 bash > >> > 3229 root 15 0 932 644 560 S 0.0 0.0 > >> 0:00 0 bash > >> > 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 > >> >safe_mysqld > >> > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 > >> > 0 mysqld > >> > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 > >> > 0 proftpd > >> > 3447 root 15 0 5080 1412 884 S 0.0 0.1 > >> 0:10 0 httpd > >> > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 > >> >milter-sender > >> > 3491 root 15 0 436 436 364 S 0.0 0.0 > >> 0:00 0 crond > >> > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 > >> > 0 poprelayd > >> > > >> >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to > >> be MS and > >> >cucipop. My load is getting pushed up to 19+ and sendmail stops > >> >accepting connections at that point. Anyone else having > any similar > >> >issues? Pointers gladly accepted! > >> > > >> >Mike > >> > > >> >-------------------------- MailScanner list ---------------------- > >> >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >> >For further info about MailScanner, please see the Most Asked > >> >Questions at http://www.mailscanner.biz/maq/ and > the archives > >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html > >> > > >> > >> -------------------------- MailScanner list ---------------------- > >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >> For further info about MailScanner, please see the Most Asked > >> Questions at http://www.mailscanner.biz/maq/ and > the archives > >> at http://www.jiscmail.ac.uk/lists/mailscanner.html > >> > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >For further info about MailScanner, please see the Most Asked > >Questions at http://www.mailscanner.biz/maq/ and the archives > >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Mon Apr 26 23:19:39 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:24:50 2006 Subject: High Load Message-ID: <08146035CA49D6119A36009027AC822A0549E5E1@CITY-EXCH-NTS> Cool - that's progress... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 >-----Original Message----- >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >Sent: Monday, April 26, 2004 2:18 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: High Load > > >Welp...I just upgraded to the latest stable and load is at 22 now! > >Mike > > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller >> Sent: Monday, April 26, 2004 4:05 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: High Load >> >> I think I skipped that one. Feel like upgrading to the >> newest stable? Not sure when the performance issue was >> wrestled to the ground... >> >> ...Kevin >> -- >> Kevin Miller Registered Linux User No: 307357 >> CBJ MIS Dept. Network Systems Administrator, Mail >> Administrator >> 155 South Seward Street ph: (907) 586-0242 >> Juneau, Alaska 99801 fax: (907 586-4500 >> >> >> >-----Original Message----- >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >> >Sent: Monday, April 26, 2004 1:02 PM >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >Subject: Re: High Load >> > >> > >> >I am 4.29.3-1 >> > >> >> -----Original Message----- >> >> From: MailScanner mailing list >> >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller >> >> Sent: Monday, April 26, 2004 3:59 PM >> >> To: MAILSCANNER@JISCMAIL.AC.UK >> >> Subject: Re: High Load >> >> >> >> Are you on 4.28-? I was seeing large loads until I went >to 4.29-7. >> >> >> >> HTH... >> >> >> >> ...Kevin >> >> -- >> >> Kevin Miller Registered Linux User No: 307357 >> >> CBJ MIS Dept. Network Systems Administrator, Mail >> >> Administrator >> >> 155 South Seward Street ph: (907) 586-0242 >> >> Juneau, Alaska 99801 fax: (907 586-4500 >> >> >> >> >> >> >-----Original Message----- >> >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >> >> >Sent: Monday, April 26, 2004 12:52 PM >> >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >> >Subject: High Load >> >> > >> >> > >> >> >I'm seeing a HUGE load on my system and I can't figure out why. >> >> > >> >> > 14:47:00 up 46 min, 3 users, load average: 13.43, >14.25, 10.73 >> >> >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >> >> >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% >> >> >iowait 0.0% idle >> >> >Mem: 1022796k av, 915824k used, 106972k free, 0k >> >> >shrd, 43448k >> >> >buff >> >> > 522344k actv, 197376k in_d, 127288k in_c >> >> >Swap: 2048276k av, 31672k used, 2016604k free >> >> > 441600k >> >> >cached >> >> > >> >> > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME >> >> >CPU COMMAND >> >> > 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >> >> >MailScanner >> >> >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 >> >> > 0 cucipop >> >> > >> >> > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 >> >> > 0 syslogd >> >> > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 >> >> 0:20 0 named >> >> > 7400 root 15 0 1008 1008 688 R 0.3 0.0 >> >0:04 0 top >> >> >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 >> >> > 0 cucipop >> >> > >> >> >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 >> >> > 0 sendmail >> >> > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 >> >> > 0 kjournald >> >> >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 >> >> > 0 cucipop >> >> >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 >> >> > 0 sendmail >> >> >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 >> >> > 0 sendmail >> >> > 1 root 17 0 156 128 100 S 0.0 0.0 >> >> 0:05 0 init >> >> > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> >> > 0 keventd >> >> > 3 root 15 0 0 0 0 SW 0.0 0.0 >> >> 0:00 0 kapmd >> >> > 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 >> >> >ksoftirqd_CPU0 >> >> > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 >> >> > 0 bdflush >> >> > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> >> > 0 kswapd >> >> > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> >> > 0 kscand/DMA >> >> > 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 >> >> >kscand/Normal >> >> > 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 >> >> >kscand/HighMem >> >> > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 >> >> > 0 kupdated >> >> > 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 >> >> >mdrecoveryd >> >> > 73 root 25 0 0 0 0 SW 0.0 0.0 >> >> 0:00 0 khubd >> >> > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 >> >> > 0 kjournald >> >> > 3045 root 15 0 0 0 0 SW 0.0 0.0 >> >> 0:00 0 eth0 >> >> > 3099 root 23 0 52 4 0 S 0.0 0.0 >> >> 0:00 0 klogd >> >> > 3209 root 15 0 288 64 48 S 0.0 0.0 >> >> 0:00 0 sshd >> >> > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 >> >> > 0 xinetd >> >> > 3228 root 15 0 888 600 516 S 0.0 0.0 >> >> 0:00 0 bash >> >> > 3229 root 15 0 932 644 560 S 0.0 0.0 >> >> 0:00 0 bash >> >> > 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 >> >> >safe_mysqld >> >> > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 >> >> > 0 mysqld >> >> > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 >> >> > 0 proftpd >> >> > 3447 root 15 0 5080 1412 884 S 0.0 0.1 >> >> 0:10 0 httpd >> >> > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 >> >> >milter-sender >> >> > 3491 root 15 0 436 436 364 S 0.0 0.0 >> >> 0:00 0 crond >> >> > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 >> >> > 0 poprelayd >> >> > >> >> >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to >> >> be MS and >> >> >cucipop. My load is getting pushed up to 19+ and sendmail stops >> >> >accepting connections at that point. Anyone else having >> any similar >> >> >issues? Pointers gladly accepted! >> >> > >> >> >Mike >> >> > >> >> >-------------------------- MailScanner list >---------------------- >> >> >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> >> >For further info about MailScanner, please see the Most Asked >> >> >Questions at http://www.mailscanner.biz/maq/ and >> the archives >> >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > >> >> >> >> -------------------------- MailScanner list ---------------------- >> >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> >> For further info about MailScanner, please see the Most Asked >> >> Questions at http://www.mailscanner.biz/maq/ and >> the archives >> >> at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >> > >> >-------------------------- MailScanner list ---------------------- >> >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> >For further info about MailScanner, please see the Most Asked >> >Questions at http://www.mailscanner.biz/maq/ and the archives >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html >> > >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> For further info about MailScanner, please see the Most Asked >> Questions at http://www.mailscanner.biz/maq/ and the archives >> at http://www.jiscmail.ac.uk/lists/mailscanner.html >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From danielk at AVALONPUB.COM Mon Apr 26 23:23:07 2004 From: danielk at AVALONPUB.COM (Daniel Kleinsinger) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <200404262115.i3QLFW0D030358@avwall.bladeware.com> References: <200404262115.i3QLFW0D030358@avwall.bladeware.com> Message-ID: <408D8BCB.3010601@avalonpub.com> Have you tried Debug Mode? Debug = yes Debug SpamAssassin = yes and see what it logs. Check the archives for more detailed Debug instructions. Stopping MailScanner makes the load go down immediately? Daniel Mike Kercher wrote: > Welp...I just upgraded to the latest stable and load is at 22 now! > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > > Sent: Monday, April 26, 2004 4:05 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: High Load > > > > I think I skipped that one. Feel like upgrading to the > > newest stable? Not sure when the performance issue was > > wrestled to the ground... > > > > ...Kevin > > -- > > Kevin Miller Registered Linux User No: 307357 > > CBJ MIS Dept. Network Systems Administrator, Mail > > Administrator > > 155 South Seward Street ph: (907) 586-0242 > > Juneau, Alaska 99801 fax: (907 586-4500 > > > > > > >-----Original Message----- > > >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > >Sent: Monday, April 26, 2004 1:02 PM > > >To: MAILSCANNER@JISCMAIL.AC.UK > > >Subject: Re: High Load > > > > > > > > >I am 4.29.3-1 > > > > > >> -----Original Message----- > > >> From: MailScanner mailing list > > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > > >> Sent: Monday, April 26, 2004 3:59 PM > > >> To: MAILSCANNER@JISCMAIL.AC.UK > > >> Subject: Re: High Load > > >> > > >> Are you on 4.28-? I was seeing large loads until I went to 4.29-7. > > >> > > >> HTH... > > >> > > >> ...Kevin > > >> -- > > >> Kevin Miller Registered Linux User No: 307357 > > >> CBJ MIS Dept. Network Systems Administrator, Mail > > >> Administrator > > >> 155 South Seward Street ph: (907) 586-0242 > > >> Juneau, Alaska 99801 fax: (907 586-4500 > > >> > > >> > > >> >-----Original Message----- > > >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > >> >Sent: Monday, April 26, 2004 12:52 PM > > >> >To: MAILSCANNER@JISCMAIL.AC.UK > > >> >Subject: High Load > > >> > > > >> > > > >> >I'm seeing a HUGE load on my system and I can't figure out why. > > >> > > > >> > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 > > >> >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > > >> >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% > > >> >iowait 0.0% idle > > >> >Mem: 1022796k av, 915824k used, 106972k free, 0k > > >> >shrd, 43448k > > >> >buff > > >> > 522344k actv, 197376k in_d, 127288k in_c > > >> >Swap: 2048276k av, 31672k used, 2016604k free > > >> > 441600k > > >> >cached > > >> > > > >> > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME > > >> >CPU COMMAND > > >> > 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 > > >> >MailScanner > > >> >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 > > >> > 0 cucipop > > >> > > > >> > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 > > >> > 0 syslogd > > >> > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 > > >> 0:20 0 named > > >> > 7400 root 15 0 1008 1008 688 R 0.3 0.0 > > >0:04 0 top > > >> >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 > > >> > 0 cucipop > > >> > > > >> >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 > > >> > 0 sendmail > > >> > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 > > >> > 0 kjournald > > >> >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 > > >> > 0 cucipop > > >> >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 > > >> > 0 sendmail > > >> >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 > > >> > 0 sendmail > > >> > 1 root 17 0 156 128 100 S 0.0 0.0 > > >> 0:05 0 init > > >> > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > >> > 0 keventd > > >> > 3 root 15 0 0 0 0 SW 0.0 0.0 > > >> 0:00 0 kapmd > > >> > 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 > > >> >ksoftirqd_CPU0 > > >> > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 > > >> > 0 bdflush > > >> > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > >> > 0 kswapd > > >> > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > >> > 0 kscand/DMA > > >> > 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 > > >> >kscand/Normal > > >> > 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 > > >> >kscand/HighMem > > >> > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > >> > 0 kupdated > > >> > 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 > > >> >mdrecoveryd > > >> > 73 root 25 0 0 0 0 SW 0.0 0.0 > > >> 0:00 0 khubd > > >> > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 > > >> > 0 kjournald > > >> > 3045 root 15 0 0 0 0 SW 0.0 0.0 > > >> 0:00 0 eth0 > > >> > 3099 root 23 0 52 4 0 S 0.0 0.0 > > >> 0:00 0 klogd > > >> > 3209 root 15 0 288 64 48 S 0.0 0.0 > > >> 0:00 0 sshd > > >> > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 > > >> > 0 xinetd > > >> > 3228 root 15 0 888 600 516 S 0.0 0.0 > > >> 0:00 0 bash > > >> > 3229 root 15 0 932 644 560 S 0.0 0.0 > > >> 0:00 0 bash > > >> > 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 > > >> >safe_mysqld > > >> > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 > > >> > 0 mysqld > > >> > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 > > >> > 0 proftpd > > >> > 3447 root 15 0 5080 1412 884 S 0.0 0.1 > > >> 0:10 0 httpd > > >> > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 > > >> >milter-sender > > >> > 3491 root 15 0 436 436 364 S 0.0 0.0 > > >> 0:00 0 crond > > >> > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 > > >> > 0 poprelayd > > >> > > > >> >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to > > >> be MS and > > >> >cucipop. My load is getting pushed up to 19+ and sendmail stops > > >> >accepting connections at that point. Anyone else having > > any similar > > >> >issues? Pointers gladly accepted! > > >> > > > >> >Mike > > >> > > > >> >-------------------------- MailScanner list ---------------------- > > >> >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > >> >For further info about MailScanner, please see the Most Asked > > >> >Questions at http://www.mailscanner.biz/maq/ and > > the archives > > >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > >> > > > >> > > >> -------------------------- MailScanner list ---------------------- > > >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > >> For further info about MailScanner, please see the Most Asked > > >> Questions at http://www.mailscanner.biz/maq/ and > > the archives > > >> at http://www.jiscmail.ac.uk/lists/mailscanner.html > > >> > > > > > >-------------------------- MailScanner list ---------------------- > > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > >For further info about MailScanner, please see the Most Asked > > >Questions at http://www.mailscanner.biz/maq/ and the archives > > >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > For further info about MailScanner, please see the Most Asked > > Questions at http://www.mailscanner.biz/maq/ and the archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From William.Burns at AEROFLEX.COM Mon Apr 26 23:49:47 2004 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <200404262115.i3QLFW0D030358@avwall.bladeware.com> References: <200404262115.i3QLFW0D030358@avwall.bladeware.com> Message-ID: <408D920B.7070502@aeroflex.com> Mike: Did you follow the thread called "Major Load please help"? Aside from that it was on a large Sun machine, it sounds like your problem description. I don't recall what the resolution was, or even IF a solution made it back to the list. -Bill Mike Kercher wrote: >Welp...I just upgraded to the latest stable and load is at 22 now! > >Mike > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Tue Apr 27 00:04:20 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:50 2006 Subject: Really dumb question In-Reply-To: <200404261537.i3QFbVHL031406@monitor.blacknight.ie> References: <200404261537.i3QFbVHL031406@monitor.blacknight.ie> Message-ID: <408D9574.40605@eatathome.com.au> :) Am glad it works for you. Glad i could help some one on the list Pete >Pete > >I added the ruleset as suggested and it works a treat :) > >/me goes to mail thousands of people > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >http://www.blacknight.ie/ >Tel. +353 59 9137101 > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Pete >Sent: 26 April 2004 12:52 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] Really dumb question > >Michele Neylon :: Blacknight Solutions wrote: > > > >>Ok. This is a really really dumb question, but I need to ask it. >> >>I want mails from a particular email address to not be scanned at all. >>I've whitelisted it in SA - it works, but it still scans it. >>And I also added the following to my local.virus.rules : >>From: something@thedomain.com no >> >>Maybe I'm missing something, but I really do not want these mails to be >>scanned as they put an extra load on the server which I would prefer to >>avoid. >> >>Mr Michele Neylon >>Blacknight Internet Solutions Ltd >>http://www.blacknight.ie/ >>Tel. +353 59 9137101 >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >> >> >> >> >> >You should create a ruleset for your Spam Checks. > >eg Spam Checks = %rules-dir%/spam.check.rules > >in side spam.check.rules have something like >From: *@domain1.com no >FromTo: Default yes > >Read heaps of examples in the archives >http://www.jiscmail.ac.uk/cgi-bin/wa.exe?S1=mailscanner&D=0&T=0&H=0&O=T&F=&S >= >make sure i have this correct > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Tue Apr 27 00:01:18 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <408D920B.7070502@aeroflex.com> Message-ID: <200404262159.i3QLx20C003462@avwall.bladeware.com> I did follow that thread to some extent. I don't know that a resolution was ever reached. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of William Burns > Sent: Monday, April 26, 2004 5:50 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > Mike: > > Did you follow the thread called "Major Load please help"? > Aside from that it was on a large Sun machine, it sounds like > your problem description. > I don't recall what the resolution was, or even IF a solution > made it back to the list. > > -Bill > > > Mike Kercher wrote: > > >Welp...I just upgraded to the latest stable and load is at 22 now! > > > >Mike > > > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Tue Apr 27 00:12:26 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <200404261949.i3QJnPRB016010@avwall.bladeware.com> References: <200404261949.i3QJnPRB016010@avwall.bladeware.com> Message-ID: <408D975A.7060707@eatathome.com.au> Mike Kercher wrote: >I'm seeing a HUGE load on my system and I can't figure out why. > > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait 0.0% idle >Mem: 1022796k av, 915824k used, 106972k free, 0k shrd, 43448k >buff > 522344k actv, 197376k in_d, 127288k in_c >Swap: 2048276k av, 31672k used, 2016604k free 441600k >cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND > 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >MailScanner >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 0 cucipop > > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 0 syslogd > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 0:20 0 named > 7400 root 15 0 1008 1008 688 R 0.3 0.0 0:04 0 top >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 0 cucipop > >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 0 sendmail > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 0 kjournald >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 0 cucipop >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 0 sendmail >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 0 sendmail > 1 root 17 0 156 128 100 S 0.0 0.0 0:05 0 init > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd > 3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd > 4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 >ksoftirqd_CPU0 > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kswapd > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kscand/DMA > 7 root 16 0 0 0 0 SW 0.0 0.0 0:03 0 >kscand/Normal > 8 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 >kscand/HighMem > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated > 11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 >mdrecoveryd > 73 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 khubd > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald > 3045 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 eth0 > 3099 root 23 0 52 4 0 S 0.0 0.0 0:00 0 klogd > 3209 root 15 0 288 64 48 S 0.0 0.0 0:00 0 sshd > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 0 xinetd > 3228 root 15 0 888 600 516 S 0.0 0.0 0:00 0 bash > 3229 root 15 0 932 644 560 S 0.0 0.0 0:00 0 bash > 3313 root 25 0 160 4 0 S 0.0 0.0 0:00 0 >safe_mysqld > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 0 mysqld > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 0 proftpd > 3447 root 15 0 5080 1412 884 S 0.0 0.1 0:10 0 httpd > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 0:02 0 >milter-sender > 3491 root 15 0 436 436 364 S 0.0 0.0 0:00 0 crond > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 0 poprelayd > >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to be MS and >cucipop. My load is getting pushed up to 19+ and sendmail stops accepting >connections at that point. Anyone else having any similar issues? Pointers >gladly accepted! > >Mike > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > Why does your machine use swap when you have plenty of ram free ? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Tue Apr 27 00:14:58 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:24:50 2006 Subject: High Load Message-ID: <08146035CA49D6119A36009027AC822A0549E5E3@CITY-EXCH-NTS> Whoops - never mind. Was thinking cpu usage instead of load... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 >-----Original Message----- >From: Kevin Miller >Sent: Monday, April 26, 2004 2:20 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: High Load > > >Cool - that's progress... > >...Kevin >-- >Kevin Miller Registered Linux User No: 307357 >CBJ MIS Dept. Network Systems Administrator, Mail >Administrator >155 South Seward Street ph: (907) 586-0242 >Juneau, Alaska 99801 fax: (907 586-4500 > > >>-----Original Message----- >>From: Mike Kercher [mailto:mike@CAMAROSS.NET] >>Sent: Monday, April 26, 2004 2:18 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: High Load >> >> >>Welp...I just upgraded to the latest stable and load is at 22 now! >> >>Mike >> >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller >>> Sent: Monday, April 26, 2004 4:05 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: High Load >>> >>> I think I skipped that one. Feel like upgrading to the >>> newest stable? Not sure when the performance issue was >>> wrestled to the ground... >>> >>> ...Kevin >>> -- >>> Kevin Miller Registered Linux User No: 307357 >>> CBJ MIS Dept. Network Systems Administrator, Mail >>> Administrator >>> 155 South Seward Street ph: (907) 586-0242 >>> Juneau, Alaska 99801 fax: (907 586-4500 >>> >>> >>> >-----Original Message----- >>> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >>> >Sent: Monday, April 26, 2004 1:02 PM >>> >To: MAILSCANNER@JISCMAIL.AC.UK >>> >Subject: Re: High Load >>> > >>> > >>> >I am 4.29.3-1 >>> > >>> >> -----Original Message----- >>> >> From: MailScanner mailing list >>> >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller >>> >> Sent: Monday, April 26, 2004 3:59 PM >>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>> >> Subject: Re: High Load >>> >> >>> >> Are you on 4.28-? I was seeing large loads until I went >>to 4.29-7. >>> >> >>> >> HTH... >>> >> >>> >> ...Kevin >>> >> -- >>> >> Kevin Miller Registered Linux User No: 307357 >>> >> CBJ MIS Dept. Network Systems Administrator, Mail >>> >> Administrator >>> >> 155 South Seward Street ph: (907) 586-0242 >>> >> Juneau, Alaska 99801 fax: (907 586-4500 >>> >> >>> >> >>> >> >-----Original Message----- >>> >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] >>> >> >Sent: Monday, April 26, 2004 12:52 PM >>> >> >To: MAILSCANNER@JISCMAIL.AC.UK >>> >> >Subject: High Load >>> >> > >>> >> > >>> >> >I'm seeing a HUGE load on my system and I can't figure out why. >>> >> > >>> >> > 14:47:00 up 46 min, 3 users, load average: 13.43, >>14.25, 10.73 >>> >> >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >>> >> >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% >>> >> >iowait 0.0% idle >>> >> >Mem: 1022796k av, 915824k used, 106972k free, 0k >>> >> >shrd, 43448k >>> >> >buff >>> >> > 522344k actv, 197376k in_d, 127288k in_c >>> >> >Swap: 2048276k av, 31672k used, 2016604k free >>> >> > 441600k >>> >> >cached >>> >> > >>> >> > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME >>> >> >CPU COMMAND >>> >> > 9837 root 15 0 14808 952 820 S 68.5 0.0 > 3:25 0 >>> >> >MailScanner >>> >> >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 >>> >> > 0 cucipop >>> >> > >>> >> > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 >>> >> > 0 syslogd >>> >> > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 >>> >> 0:20 0 named >>> >> > 7400 root 15 0 1008 1008 688 R 0.3 0.0 >>> >0:04 0 top >>> >> >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 >>> >> > 0 cucipop >>> >> > >>> >> >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 >>> >> > 0 sendmail >>> >> > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 >>> >> > 0 kjournald >>> >> >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 >>> >> > 0 cucipop >>> >> >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 >>> >> > 0 sendmail >>> >> >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 >>> >> > 0 sendmail >>> >> > 1 root 17 0 156 128 100 S 0.0 0.0 >>> >> 0:05 0 init >>> >> > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>> >> > 0 keventd >>> >> > 3 root 15 0 0 0 0 SW 0.0 0.0 >>> >> 0:00 0 kapmd >>> >> > 4 root 34 19 0 0 0 SWN 0.0 0.0 > 0:00 0 >>> >> >ksoftirqd_CPU0 >>> >> > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 >>> >> > 0 bdflush >>> >> > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>> >> > 0 kswapd >>> >> > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>> >> > 0 kscand/DMA >>> >> > 7 root 16 0 0 0 0 SW 0.0 0.0 > 0:03 0 >>> >> >kscand/Normal >>> >> > 8 root 15 0 0 0 0 SW 0.0 0.0 > 0:02 0 >>> >> >kscand/HighMem >>> >> > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>> >> > 0 kupdated >>> >> > 11 root 25 0 0 0 0 SW 0.0 0.0 > 0:00 0 >>> >> >mdrecoveryd >>> >> > 73 root 25 0 0 0 0 SW 0.0 0.0 >>> >> 0:00 0 khubd >>> >> > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 >>> >> > 0 kjournald >>> >> > 3045 root 15 0 0 0 0 SW 0.0 0.0 >>> >> 0:00 0 eth0 >>> >> > 3099 root 23 0 52 4 0 S 0.0 0.0 >>> >> 0:00 0 klogd >>> >> > 3209 root 15 0 288 64 48 S 0.0 0.0 >>> >> 0:00 0 sshd >>> >> > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 >>> >> > 0 xinetd >>> >> > 3228 root 15 0 888 600 516 S 0.0 0.0 >>> >> 0:00 0 bash >>> >> > 3229 root 15 0 932 644 560 S 0.0 0.0 >>> >> 0:00 0 bash >>> >> > 3313 root 25 0 160 4 0 S 0.0 0.0 > 0:00 0 >>> >> >safe_mysqld >>> >> > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 >>> >> > 0 mysqld >>> >> > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 >>> >> > 0 proftpd >>> >> > 3447 root 15 0 5080 1412 884 S 0.0 0.1 >>> >> 0:10 0 httpd >>> >> > 3472 smmsp 15 0 1412 1380 772 S 0.0 0.1 > 0:02 0 >>> >> >milter-sender >>> >> > 3491 root 15 0 436 436 364 S 0.0 0.0 >>> >> 0:00 0 crond >>> >> > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 >>> >> > 0 poprelayd >>> >> > >>> >> >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to >>> >> be MS and >>> >> >cucipop. My load is getting pushed up to 19+ and sendmail stops >>> >> >accepting connections at that point. Anyone else having >>> any similar >>> >> >issues? Pointers gladly accepted! >>> >> > >>> >> >Mike >>> >> > >>> >> >-------------------------- MailScanner list >>---------------------- >>> >> >To leave, send leave mailscanner to >jiscmail@jiscmail.ac.uk >>> >> >For further info about MailScanner, please see the Most Asked >>> >> >Questions at http://www.mailscanner.biz/maq/ and >>> the archives >>> >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >> > >>> >> >>> >> -------------------------- MailScanner list >---------------------- >>> >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>> >> For further info about MailScanner, please see the Most Asked >>> >> Questions at http://www.mailscanner.biz/maq/ and >>> the archives >>> >> at http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >> >>> > >>> >-------------------------- MailScanner list ---------------------- >>> >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>> >For further info about MailScanner, please see the Most Asked >>> >Questions at http://www.mailscanner.biz/maq/ and >the archives >>> >at http://www.jiscmail.ac.uk/lists/mailscanner.html >>> > >>> >>> -------------------------- MailScanner list ---------------------- >>> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>> For further info about MailScanner, please see the Most Asked >>> Questions at http://www.mailscanner.biz/maq/ and the archives >>> at http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Tue Apr 27 00:02:42 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <408D8BCB.3010601@avalonpub.com> Message-ID: <200404262200.i3QM0P0C003656@avwall.bladeware.com> I ended up turning Spam Checks off for some of the domains that I'd rather not even be hosting. Maybe this will be the spur they needed to move along :) After doing so, load is back down below 1.00 After upgrading to the latest stable, it did reach over 100 and my box was crawling!!! Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Daniel Kleinsinger > Sent: Monday, April 26, 2004 5:23 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > Have you tried Debug Mode? > Debug = yes > Debug SpamAssassin = yes > and see what it logs. Check the archives for more detailed > Debug instructions. > > Stopping MailScanner makes the load go down immediately? > > Daniel > > Mike Kercher wrote: > > > Welp...I just upgraded to the latest stable and load is at 22 now! > > > > Mike > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > > > Sent: Monday, April 26, 2004 4:05 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: High Load > > > > > > I think I skipped that one. Feel like upgrading to the newest > > > stable? Not sure when the performance issue was wrestled to the > > > ground... > > > > > > ...Kevin > > > -- > > > Kevin Miller Registered Linux User No: 307357 > > > CBJ MIS Dept. Network Systems Administrator, Mail > > > Administrator > > > 155 South Seward Street ph: (907) 586-0242 > > > Juneau, Alaska 99801 fax: (907 586-4500 > > > > > > > > > >-----Original Message----- > > > >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > >Sent: Monday, April 26, 2004 1:02 PM > > > >To: MAILSCANNER@JISCMAIL.AC.UK > > > >Subject: Re: High Load > > > > > > > > > > > >I am 4.29.3-1 > > > > > > > >> -----Original Message----- > > > >> From: MailScanner mailing list > > > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > > > >> Sent: Monday, April 26, 2004 3:59 PM > > > >> To: MAILSCANNER@JISCMAIL.AC.UK > > > >> Subject: Re: High Load > > > >> > > > >> Are you on 4.28-? I was seeing large loads until I > went to 4.29-7. > > > >> > > > >> HTH... > > > >> > > > >> ...Kevin > > > >> -- > > > >> Kevin Miller Registered Linux User No: 307357 > > > >> CBJ MIS Dept. Network Systems Administrator, Mail > > > >> Administrator > > > >> 155 South Seward Street ph: (907) 586-0242 > > > >> Juneau, Alaska 99801 fax: (907 586-4500 > > > >> > > > >> > > > >> >-----Original Message----- > > > >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > >> >Sent: Monday, April 26, 2004 12:52 PM > > > >> >To: MAILSCANNER@JISCMAIL.AC.UK > > > >> >Subject: High Load > > > >> > > > > >> > > > > >> >I'm seeing a HUGE load on my system and I can't > figure out why. > > > >> > > > > >> > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, > > > >> >10.73 > > > >> >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > > > >> >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% > > > >> >iowait 0.0% idle > > > >> >Mem: 1022796k av, 915824k used, 106972k free, 0k > > > >> >shrd, 43448k > > > >> >buff > > > >> > 522344k actv, 197376k in_d, 127288k in_c > > > >> >Swap: 2048276k av, 31672k used, 2016604k free > > > >> > 441600k > > > >> >cached > > > >> > > > > >> > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME > > > >> >CPU COMMAND > > > >> > 9837 root 15 0 14808 952 820 S 68.5 > 0.0 3:25 0 > > > >> >MailScanner > > > >> >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 > > > >> > 0 cucipop > > > >> > > > > >> > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 > > > >> > 0 syslogd > > > >> > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 > > > >> 0:20 0 named > > > >> > 7400 root 15 0 1008 1008 688 R 0.3 0.0 > > > >0:04 0 top > > > >> >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 > > > >> > 0 cucipop > > > >> > > > > >> >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 > > > >> > 0 sendmail > > > >> > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 > > > >> > 0 kjournald > > > >> >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 > > > >> > 0 cucipop > > > >> >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 > > > >> > 0 sendmail > > > >> >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 > > > >> > 0 sendmail > > > >> > 1 root 17 0 156 128 100 S 0.0 0.0 > > > >> 0:05 0 init > > > >> > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 keventd > > > >> > 3 root 15 0 0 0 0 SW 0.0 0.0 > > > >> 0:00 0 kapmd > > > >> > 4 root 34 19 0 0 0 SWN 0.0 > 0.0 0:00 0 > > > >> >ksoftirqd_CPU0 > > > >> > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 bdflush > > > >> > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kswapd > > > >> > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kscand/DMA > > > >> > 7 root 16 0 0 0 0 SW 0.0 > 0.0 0:03 0 > > > >> >kscand/Normal > > > >> > 8 root 15 0 0 0 0 SW 0.0 > 0.0 0:02 0 > > > >> >kscand/HighMem > > > >> > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kupdated > > > >> > 11 root 25 0 0 0 0 SW 0.0 > 0.0 0:00 0 > > > >> >mdrecoveryd > > > >> > 73 root 25 0 0 0 0 SW 0.0 0.0 > > > >> 0:00 0 khubd > > > >> > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kjournald > > > >> > 3045 root 15 0 0 0 0 SW 0.0 0.0 > > > >> 0:00 0 eth0 > > > >> > 3099 root 23 0 52 4 0 S 0.0 0.0 > > > >> 0:00 0 klogd > > > >> > 3209 root 15 0 288 64 48 S 0.0 0.0 > > > >> 0:00 0 sshd > > > >> > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 > > > >> > 0 xinetd > > > >> > 3228 root 15 0 888 600 516 S 0.0 0.0 > > > >> 0:00 0 bash > > > >> > 3229 root 15 0 932 644 560 S 0.0 0.0 > > > >> 0:00 0 bash > > > >> > 3313 root 25 0 160 4 0 S 0.0 > 0.0 0:00 0 > > > >> >safe_mysqld > > > >> > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 > > > >> > 0 mysqld > > > >> > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 > > > >> > 0 proftpd > > > >> > 3447 root 15 0 5080 1412 884 S 0.0 0.1 > > > >> 0:10 0 httpd > > > >> > 3472 smmsp 15 0 1412 1380 772 S 0.0 > 0.1 0:02 0 > > > >> >milter-sender > > > >> > 3491 root 15 0 436 436 364 S 0.0 0.0 > > > >> 0:00 0 crond > > > >> > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 > > > >> > 0 poprelayd > > > >> > > > > >> >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to > > > >> be MS and > > > >> >cucipop. My load is getting pushed up to 19+ and > sendmail stops > > > >> >accepting connections at that point. Anyone else having > > > any similar > > > >> >issues? Pointers gladly accepted! > > > >> > > > > >> >Mike > > > >> > > > > >> >-------------------------- MailScanner list > ---------------------- > > > >> >To leave, send leave mailscanner to > jiscmail@jiscmail.ac.uk > > > >> >For further info about MailScanner, please see the Most Asked > > > >> >Questions at http://www.mailscanner.biz/maq/ and > > > the archives > > > >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > >> > > > > >> > > > >> -------------------------- MailScanner list > ---------------------- > > > >> To leave, send leave mailscanner to > jiscmail@jiscmail.ac.uk > > > >> For further info about MailScanner, please see the Most Asked > > > >> Questions at http://www.mailscanner.biz/maq/ and > > > the archives > > > >> at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > >> > > > > > > > >-------------------------- MailScanner list > ---------------------- > > > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > > >For further info about MailScanner, please see the Most Asked > > > >Questions at http://www.mailscanner.biz/maq/ and > the archives > > > >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > > > > > -------------------------- MailScanner list ---------------------- > > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > > For further info about MailScanner, please see the Most Asked > > > Questions at http://www.mailscanner.biz/maq/ and > the archives > > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > For further info about MailScanner, please see the Most Asked > > Questions at http://www.mailscanner.biz/maq/ and the archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Tue Apr 27 00:50:04 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <200404262200.i3QM0P0C003656@avwall.bladeware.com> References: <200404262200.i3QM0P0C003656@avwall.bladeware.com> Message-ID: <408DA02C.1090702@eatathome.com.au> Mike Kercher wrote: >I ended up turning Spam Checks off for some of the domains that I'd rather >not even be hosting. Maybe this will be the spur they needed to move along >:) > >After doing so, load is back down below 1.00 After upgrading to the latest >stable, it did reach over 100 and my box was crawling!!! > >Mike > > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Daniel Kleinsinger >>Sent: Monday, April 26, 2004 5:23 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: High Load >> >>Have you tried Debug Mode? >>Debug = yes >>Debug SpamAssassin = yes >>and see what it logs. Check the archives for more detailed >>Debug instructions. >> >>Stopping MailScanner makes the load go down immediately? >> >>Daniel >> >>Mike Kercher wrote: >> >> >> >>>Welp...I just upgraded to the latest stable and load is at 22 now! >>> >>>Mike >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller >>>>Sent: Monday, April 26, 2004 4:05 PM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: High Load >>>> >>>>I think I skipped that one. Feel like upgrading to the newest >>>>stable? Not sure when the performance issue was wrestled to the >>>>ground... >>>> >>>>...Kevin >>>>-- >>>>Kevin Miller Registered Linux User No: 307357 >>>>CBJ MIS Dept. Network Systems Administrator, Mail >>>>Administrator >>>>155 South Seward Street ph: (907) 586-0242 >>>>Juneau, Alaska 99801 fax: (907 586-4500 >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: Mike Kercher [mailto:mike@CAMAROSS.NET] >>>>>Sent: Monday, April 26, 2004 1:02 PM >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: High Load >>>>> >>>>> >>>>>I am 4.29.3-1 >>>>> >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: MailScanner mailing list >>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller >>>>>>Sent: Monday, April 26, 2004 3:59 PM >>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>Subject: Re: High Load >>>>>> >>>>>>Are you on 4.28-? I was seeing large loads until I >>>>>> >>>>>> >>went to 4.29-7. >> >> >>>>>>HTH... >>>>>> >>>>>>...Kevin >>>>>>-- >>>>>>Kevin Miller Registered Linux User No: 307357 >>>>>>CBJ MIS Dept. Network Systems Administrator, Mail >>>>>>Administrator >>>>>>155 South Seward Street ph: (907) 586-0242 >>>>>>Juneau, Alaska 99801 fax: (907 586-4500 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>-----Original Message----- >>>>>>>From: Mike Kercher [mailto:mike@CAMAROSS.NET] >>>>>>>Sent: Monday, April 26, 2004 12:52 PM >>>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>Subject: High Load >>>>>>> >>>>>>> >>>>>>>I'm seeing a HUGE load on my system and I can't >>>>>>> >>>>>>> >>figure out why. >> >> >>>>>>>14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, >>>>>>>10.73 >>>>>>>102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >>>>>>>CPU states: 75.6% user 24.3% system 0.0% nice 0.0% >>>>>>>iowait 0.0% idle >>>>>>>Mem: 1022796k av, 915824k used, 106972k free, 0k >>>>>>>shrd, 43448k >>>>>>>buff >>>>>>> 522344k actv, 197376k in_d, 127288k in_c >>>>>>>Swap: 2048276k av, 31672k used, 2016604k free >>>>>>> 441600k >>>>>>>cached >>>>>>> >>>>>>> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME >>>>>>>CPU COMMAND >>>>>>>9837 root 15 0 14808 952 820 S 68.5 >>>>>>> >>>>>>> >>0.0 3:25 0 >> >> >>>>>>>MailScanner >>>>>>>15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 >>>>>>>0 cucipop >>>>>>> >>>>>>>3095 root 15 0 236 204 156 R 0.3 0.0 0:01 >>>>>>>0 syslogd >>>>>>>3195 named 25 0 6608 6412 1348 S 0.3 0.6 >>>>>>> >>>>>>> >>>>>>0:20 0 named >>>>>> >>>>>> >>>>>>>7400 root 15 0 1008 1008 688 R 0.3 0.0 >>>>>>> >>>>>>> >>>>>0:04 0 top >>>>> >>>>> >>>>>>>15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 >>>>>>>0 cucipop >>>>>>> >>>>>>>15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 >>>>>>>0 sendmail >>>>>>> 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 >>>>>>>0 kjournald >>>>>>>13900 root 20 0 592 592 476 S 0.1 0.0 0:00 >>>>>>>0 cucipop >>>>>>>15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 >>>>>>>0 sendmail >>>>>>>15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 >>>>>>>0 sendmail >>>>>>> 1 root 17 0 156 128 100 S 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:05 0 init >>>>>> >>>>>> >>>>>>> 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>>>>>>0 keventd >>>>>>> 3 root 15 0 0 0 0 SW 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 kapmd >>>>>> >>>>>> >>>>>>> 4 root 34 19 0 0 0 SWN 0.0 >>>>>>> >>>>>>> >>0.0 0:00 0 >> >> >>>>>>>ksoftirqd_CPU0 >>>>>>> 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 >>>>>>>0 bdflush >>>>>>> 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>>>>>>0 kswapd >>>>>>> 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>>>>>>0 kscand/DMA >>>>>>> 7 root 16 0 0 0 0 SW 0.0 >>>>>>> >>>>>>> >>0.0 0:03 0 >> >> >>>>>>>kscand/Normal >>>>>>> 8 root 15 0 0 0 0 SW 0.0 >>>>>>> >>>>>>> >>0.0 0:02 0 >> >> >>>>>>>kscand/HighMem >>>>>>> 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 >>>>>>>0 kupdated >>>>>>> 11 root 25 0 0 0 0 SW 0.0 >>>>>>> >>>>>>> >>0.0 0:00 0 >> >> >>>>>>>mdrecoveryd >>>>>>> 73 root 25 0 0 0 0 SW 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 khubd >>>>>> >>>>>> >>>>>>>2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 >>>>>>>0 kjournald >>>>>>>3045 root 15 0 0 0 0 SW 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 eth0 >>>>>> >>>>>> >>>>>>>3099 root 23 0 52 4 0 S 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 klogd >>>>>> >>>>>> >>>>>>>3209 root 15 0 288 64 48 S 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 sshd >>>>>> >>>>>> >>>>>>>3223 root 15 0 448 304 296 S 0.0 0.0 0:00 >>>>>>>0 xinetd >>>>>>>3228 root 15 0 888 600 516 S 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 bash >>>>>> >>>>>> >>>>>>>3229 root 15 0 932 644 560 S 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 bash >>>>>> >>>>>> >>>>>>>3313 root 25 0 160 4 0 S 0.0 >>>>>>> >>>>>>> >>0.0 0:00 0 >> >> >>>>>>>safe_mysqld >>>>>>>3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 >>>>>>>0 mysqld >>>>>>>3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 >>>>>>>0 proftpd >>>>>>>3447 root 15 0 5080 1412 884 S 0.0 0.1 >>>>>>> >>>>>>> >>>>>>0:10 0 httpd >>>>>> >>>>>> >>>>>>>3472 smmsp 15 0 1412 1380 772 S 0.0 >>>>>>> >>>>>>> >>0.1 0:02 0 >> >> >>>>>>>milter-sender >>>>>>>3491 root 15 0 436 436 364 S 0.0 0.0 >>>>>>> >>>>>>> >>>>>>0:00 0 crond >>>>>> >>>>>> >>>>>>>3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 >>>>>>>0 poprelayd >>>>>>> >>>>>>>This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to >>>>>>> >>>>>>> >>>>>>be MS and >>>>>> >>>>>> >>>>>>>cucipop. My load is getting pushed up to 19+ and >>>>>>> >>>>>>> >>sendmail stops >> >> >>>>>>>accepting connections at that point. Anyone else having >>>>>>> >>>>>>> >>>>any similar >>>> >>>> >>>>>>>issues? Pointers gladly accepted! >>>>>>> >>>>>>>Mike >>>>>>> >>>>>>>-------------------------- MailScanner list >>>>>>> >>>>>>> >>---------------------- >> >> >>>>>>>To leave, send leave mailscanner to >>>>>>> >>>>>>> >>jiscmail@jiscmail.ac.uk >> >> >>>>>>>For further info about MailScanner, please see the Most Asked >>>>>>>Questions at http://www.mailscanner.biz/maq/ and >>>>>>> >>>>>>> >>>>the archives >>>> >>>> >>>>>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>>>>>> >>>>>>> >>>>>>> >>>>>>-------------------------- MailScanner list >>>>>> >>>>>> >>---------------------- >> >> >>>>>>To leave, send leave mailscanner to >>>>>> >>>>>> >>jiscmail@jiscmail.ac.uk >> >> >>>>>>For further info about MailScanner, please see the Most Asked >>>>>>Questions at http://www.mailscanner.biz/maq/ and >>>>>> >>>>>> >>>>the archives >>>> >>>> >>>>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>>>>> >>>>>> >>>>>> >>>>>-------------------------- MailScanner list >>>>> >>>>> >>---------------------- >> >> >>>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>>For further info about MailScanner, please see the Most Asked >>>>>Questions at http://www.mailscanner.biz/maq/ and >>>>> >>>>> >>the archives >> >> >>>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>>>> >>>>> >>>>> >>>>-------------------------- MailScanner list ---------------------- >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>For further info about MailScanner, please see the Most Asked >>>>Questions at http://www.mailscanner.biz/maq/ and >>>> >>>> >>the archives >> >> >>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>>> >>>> >>>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>For further info about MailScanner, please see the Most Asked >>>Questions at http://www.mailscanner.biz/maq/ and the archives >>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >>> >>> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > Wass that load just while the box caufght up with the amil queued while offline for an upgrade? How did it go once it had all evened out? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Apr 27 01:05:19 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <200404262200.i3QM0P0C003656@avwall.bladeware.com> Message-ID: <200404270000.i3R00SYC014190@monitor.blacknight.ie> When we had a serious load issue we found that upgrading everything possible made a difference. Even some of the Perl modules in use might have made a difference. We're now tweaking it all bit by bit to reduce load where possible. There are a couple of handy tips in the MAQ that might help if you haven't looked there already Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: 27 April 2004 00:03 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] High Load I ended up turning Spam Checks off for some of the domains that I'd rather not even be hosting. Maybe this will be the spur they needed to move along :) After doing so, load is back down below 1.00 After upgrading to the latest stable, it did reach over 100 and my box was crawling!!! Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Daniel Kleinsinger > Sent: Monday, April 26, 2004 5:23 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > Have you tried Debug Mode? > Debug = yes > Debug SpamAssassin = yes > and see what it logs. Check the archives for more detailed > Debug instructions. > > Stopping MailScanner makes the load go down immediately? > > Daniel > > Mike Kercher wrote: > > > Welp...I just upgraded to the latest stable and load is at 22 now! > > > > Mike > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > > > Sent: Monday, April 26, 2004 4:05 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: High Load > > > > > > I think I skipped that one. Feel like upgrading to the newest > > > stable? Not sure when the performance issue was wrestled to the > > > ground... > > > > > > ...Kevin > > > -- > > > Kevin Miller Registered Linux User No: 307357 > > > CBJ MIS Dept. Network Systems Administrator, Mail > > > Administrator > > > 155 South Seward Street ph: (907) 586-0242 > > > Juneau, Alaska 99801 fax: (907 586-4500 > > > > > > > > > >-----Original Message----- > > > >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > >Sent: Monday, April 26, 2004 1:02 PM > > > >To: MAILSCANNER@JISCMAIL.AC.UK > > > >Subject: Re: High Load > > > > > > > > > > > >I am 4.29.3-1 > > > > > > > >> -----Original Message----- > > > >> From: MailScanner mailing list > > > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller > > > >> Sent: Monday, April 26, 2004 3:59 PM > > > >> To: MAILSCANNER@JISCMAIL.AC.UK > > > >> Subject: Re: High Load > > > >> > > > >> Are you on 4.28-? I was seeing large loads until I > went to 4.29-7. > > > >> > > > >> HTH... > > > >> > > > >> ...Kevin > > > >> -- > > > >> Kevin Miller Registered Linux User No: 307357 > > > >> CBJ MIS Dept. Network Systems Administrator, Mail > > > >> Administrator > > > >> 155 South Seward Street ph: (907) 586-0242 > > > >> Juneau, Alaska 99801 fax: (907 586-4500 > > > >> > > > >> > > > >> >-----Original Message----- > > > >> >From: Mike Kercher [mailto:mike@CAMAROSS.NET] > > > >> >Sent: Monday, April 26, 2004 12:52 PM > > > >> >To: MAILSCANNER@JISCMAIL.AC.UK > > > >> >Subject: High Load > > > >> > > > > >> > > > > >> >I'm seeing a HUGE load on my system and I can't > figure out why. > > > >> > > > > >> > 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, > > > >> >10.73 > > > >> >102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > > > >> >CPU states: 75.6% user 24.3% system 0.0% nice 0.0% > > > >> >iowait 0.0% idle > > > >> >Mem: 1022796k av, 915824k used, 106972k free, 0k > > > >> >shrd, 43448k > > > >> >buff > > > >> > 522344k actv, 197376k in_d, 127288k in_c > > > >> >Swap: 2048276k av, 31672k used, 2016604k free > > > >> > 441600k > > > >> >cached > > > >> > > > > >> > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME > > > >> >CPU COMMAND > > > >> > 9837 root 15 0 14808 952 820 S 68.5 > 0.0 3:25 0 > > > >> >MailScanner > > > >> >15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 > > > >> > 0 cucipop > > > >> > > > > >> > 3095 root 15 0 236 204 156 R 0.3 0.0 0:01 > > > >> > 0 syslogd > > > >> > 3195 named 25 0 6608 6412 1348 S 0.3 0.6 > > > >> 0:20 0 named > > > >> > 7400 root 15 0 1008 1008 688 R 0.3 0.0 > > > >0:04 0 top > > > >> >15533 c.wilson 21 0 0 0 0 Z 0.3 0.0 0:00 > > > >> > 0 cucipop > > > >> > > > > >> >15538 root 20 0 2708 2404 1868 R 0.3 0.2 0:00 > > > >> > 0 sendmail > > > >> > 15 root 15 0 0 0 0 SW 0.1 0.0 0:01 > > > >> > 0 kjournald > > > >> >13900 root 20 0 592 592 476 S 0.1 0.0 0:00 > > > >> > 0 cucipop > > > >> >15495 root 17 0 3124 3000 2004 R 0.1 0.2 0:00 > > > >> > 0 sendmail > > > >> >15513 root 20 0 3160 3156 2264 D 0.1 0.3 0:00 > > > >> > 0 sendmail > > > >> > 1 root 17 0 156 128 100 S 0.0 0.0 > > > >> 0:05 0 init > > > >> > 2 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 keventd > > > >> > 3 root 15 0 0 0 0 SW 0.0 0.0 > > > >> 0:00 0 kapmd > > > >> > 4 root 34 19 0 0 0 SWN 0.0 > 0.0 0:00 0 > > > >> >ksoftirqd_CPU0 > > > >> > 9 root 25 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 bdflush > > > >> > 5 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kswapd > > > >> > 6 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kscand/DMA > > > >> > 7 root 16 0 0 0 0 SW 0.0 > 0.0 0:03 0 > > > >> >kscand/Normal > > > >> > 8 root 15 0 0 0 0 SW 0.0 > 0.0 0:02 0 > > > >> >kscand/HighMem > > > >> > 10 root 15 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kupdated > > > >> > 11 root 25 0 0 0 0 SW 0.0 > 0.0 0:00 0 > > > >> >mdrecoveryd > > > >> > 73 root 25 0 0 0 0 SW 0.0 0.0 > > > >> 0:00 0 khubd > > > >> > 2808 root 19 0 0 0 0 SW 0.0 0.0 0:00 > > > >> > 0 kjournald > > > >> > 3045 root 15 0 0 0 0 SW 0.0 0.0 > > > >> 0:00 0 eth0 > > > >> > 3099 root 23 0 52 4 0 S 0.0 0.0 > > > >> 0:00 0 klogd > > > >> > 3209 root 15 0 288 64 48 S 0.0 0.0 > > > >> 0:00 0 sshd > > > >> > 3223 root 15 0 448 304 296 S 0.0 0.0 0:00 > > > >> > 0 xinetd > > > >> > 3228 root 15 0 888 600 516 S 0.0 0.0 > > > >> 0:00 0 bash > > > >> > 3229 root 15 0 932 644 560 S 0.0 0.0 > > > >> 0:00 0 bash > > > >> > 3313 root 25 0 160 4 0 S 0.0 > 0.0 0:00 0 > > > >> >safe_mysqld > > > >> > 3344 mysql 16 0 2564 2200 1220 S 0.0 0.2 0:19 > > > >> > 0 mysqld > > > >> > 3406 nobody 15 0 568 124 68 S 0.0 0.0 0:00 > > > >> > 0 proftpd > > > >> > 3447 root 15 0 5080 1412 884 S 0.0 0.1 > > > >> 0:10 0 httpd > > > >> > 3472 smmsp 15 0 1412 1380 772 S 0.0 > 0.1 0:02 0 > > > >> >milter-sender > > > >> > 3491 root 15 0 436 436 364 S 0.0 0.0 > > > >> 0:00 0 crond > > > >> > 3508 root 15 0 3136 3116 968 S 0.0 0.3 0:00 > > > >> > 0 poprelayd > > > >> > > > > >> >This is a P4 2.0Ghz with a gig of RAM. My CPU hogs seem to > > > >> be MS and > > > >> >cucipop. My load is getting pushed up to 19+ and > sendmail stops > > > >> >accepting connections at that point. Anyone else having > > > any similar > > > >> >issues? Pointers gladly accepted! > > > >> > > > > >> >Mike > > > >> > > > > >> >-------------------------- MailScanner list > ---------------------- > > > >> >To leave, send leave mailscanner to > jiscmail@jiscmail.ac.uk > > > >> >For further info about MailScanner, please see the Most Asked > > > >> >Questions at http://www.mailscanner.biz/maq/ and > > > the archives > > > >> >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > >> > > > > >> > > > >> -------------------------- MailScanner list > ---------------------- > > > >> To leave, send leave mailscanner to > jiscmail@jiscmail.ac.uk > > > >> For further info about MailScanner, please see the Most Asked > > > >> Questions at http://www.mailscanner.biz/maq/ and > > > the archives > > > >> at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > >> > > > > > > > >-------------------------- MailScanner list > ---------------------- > > > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > > >For further info about MailScanner, please see the Most Asked > > > >Questions at http://www.mailscanner.biz/maq/ and > the archives > > > >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > > > > > -------------------------- MailScanner list ---------------------- > > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > > For further info about MailScanner, please see the Most Asked > > > Questions at http://www.mailscanner.biz/maq/ and > the archives > > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > For further info about MailScanner, please see the Most Asked > > Questions at http://www.mailscanner.biz/maq/ and the archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Apr 27 06:18:00 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:24:50 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200404270518.i3R5I0dD032048@seer.ecs.soton.ac.uk> New Guestbook-Entry from Ada Tenenbaum in online casino one of the popluar games is baccarat or bacarat http://best-baccarat-online.5bestonlinecasinos.com ,

is very simple games,

From david.pollard at MERIDIANINFO.COM Tue Apr 27 06:19:18 2004 From: david.pollard at MERIDIANINFO.COM (David Pollard) Date: Thu Jan 12 21:24:50 2006 Subject: Attachments with denied extensions aren't being blocked Message-ID: Hi There, I am having problems with denying file attachments of specified types getting past my MailScanner. They are getting blocked further down the track but I would like my front line of defence to catch them. I first noticed this when the Netsky virus was getting through (.pif) but following some testing I realised that ALL files with denied attachments aren't being blocked. I tried .bat, .pif and .exe and they all got blocked by Outlook and not my MailScanner. I checked my filename.rules.conf file and it looks good. Just in case I had something wrong with the file I typed the .pif line again but that didn't help. I check my MailScanner.conf file and it seems to specify the filename.rules.conf file correctly. I have made very few changes to these files from the defaults. I'm (almost) sure this used to work and I haven't touched the configuration for ages. I also notice that no new viruses have been added to my quarantine area for about a month and a half. My workstation antivirus software has been blocking NETSKY variants lately. On Red Hat Linux Version 9 I'm running MailScanner version MailScanner E-Mail Virus Scanner version 4.25-13 starting... I have added the -r flag to Syslog as specified in the doco and restarted the syslog daemon but a ps still looks like this. root 4561 1 0 13:02 ? 00:00:00 syslogd -m 0 I'm not sure of the correct syntax to add this? SYSLOGD_OPTIONS="-r -m 0" The above message is the only MailScanner message I see in my logs. Any ideas on what could be going on here? I'll attach my config files or send them directly if that are likely to be of any use. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/99ab34d3/attachment.html From mike at CAMAROSS.NET Tue Apr 27 06:36:25 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:50 2006 Subject: Attachments with denied extensions aren't being blocked In-Reply-To: Message-ID: <200404270434.i3R4Y8iN004414@avwall.bladeware.com> Is it possible that you have sendmail running in addition to MailScanner? Which AV product are you using and which version? Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Pollard Sent: Tuesday, April 27, 2004 12:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Attachments with denied extensions aren't being blocked Hi There, I am having problems with denying file attachments of specified types getting past my MailScanner. They are getting blocked further down the track but I would like my front line of defence to catch them. I first noticed this when the Netsky virus was getting through (.pif) but following some testing I realised that ALL files with denied attachments aren't being blocked. I tried .bat, .pif and .exe and they all got blocked by Outlook and not my MailScanner. I checked my filename.rules.conf file and it looks good. Just in case I had something wrong with the file I typed the .pif line again but that didn't help. I check my MailScanner.conf file and it seems to specify the filename.rules.conf file correctly. I have made very few changes to these files from the defaults. I'm (almost) sure this used to work and I haven't touched the configuration for ages. I also notice that no new viruses have been added to my quarantine area for about a month and a half. My workstation antivirus software has been blocking NETSKY variants lately. On Red Hat Linux Version 9 I'm running MailScanner version MailScanner E-Mail Virus Scanner version 4.25-13 starting... I have added the -r flag to Syslog as specified in the doco and restarted the syslog daemon but a ps still looks like this. root 4561 1 0 13:02 ? 00:00:00 syslogd -m 0 I'm not sure of the correct syntax to add this? SYSLOGD_OPTIONS="-r -m 0" The above message is the only MailScanner message I see in my logs. Any ideas on what could be going on here? I'll attach my config files or send them directly if that are likely to be of any use. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From test at NEXTMILL.NET Tue Apr 27 06:12:32 2004 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:24:50 2006 Subject: spam autolearn=not issue Message-ID: I found that all my high scoring spam is doing autolearn=spam, but my ham is getting autolearn=not! spam autolearn=not -4.90 BAYES_00 Bayesian spam probability is 0 to 1% This message scored -4.90 but still has autolearn=not instead of autolearn=ham. Where do I set it to autolearn=ham for say anything smaller than 0 score wise? MailScanner 4.29.7-1 using SpamAssassin 2.61 and Bayesian Filtering turned on. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david.pollard at MERIDIANINFO.COM Tue Apr 27 07:05:22 2004 From: david.pollard at MERIDIANINFO.COM (David Pollard) Date: Thu Jan 12 21:24:50 2006 Subject: Attachments with denied extensions aren't being blocked Message-ID: Thanks Mike for the speedy reply. I'm running f-prot antivirus. The following is its version information. F-PROT ANTIVIRUS Program version: 4.4.1 Engine version: 3.14.11 VIRUS SIGNATURE FILES SIGN.DEF created 26 April 2004 SIGN2.DEF created 26 April 2004 MACRO.DEF created 21 April 2004 I think my problem just went away. I rebooted. I hate using the big hammer because you never get to know the cause of the problem. I tried sending an email from an external user that contained the eicar test virus. It at first failed to be detected. Then I rebooted and now it is detected fine and so are the executable attachments. I thought that sendmail and MailScanner worked togeather? Here is the output of a couple of ps commands showing 3 running processes for each. [root@linuxprod log]# ps -ef | grep sendmail root 1784 1 0 15:32 ? 00:00:00 [sendmail] smmsp 1789 1 0 15:32 ? 00:00:00 [sendmail] root 1795 1 0 15:32 ? 00:00:00 [sendmail] [root@linuxprod log]# ps -ef | grep MailScanner root 1813 1 0 15:32 ? 00:00:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 1814 1813 0 15:32 ? 00:00:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 1846 1813 0 15:32 ? 00:00:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf Regards, David -----Original Message----- From: Mike Kercher [mailto:mike@CAMAROSS.NET] Sent: Tuesday, 27 April 2004 3:36 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Attachments with denied extensions aren't being blocked Is it possible that you have sendmail running in addition to MailScanner? Which AV product are you using and which version? Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Tue Apr 27 07:15:26 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:50 2006 Subject: Attachments with denied extensions aren't being blocked In-Reply-To: Message-ID: <200404270513.i3R5D8iN006791@avwall.bladeware.com> The thing to keep in mind is that the MailScanner initscript starts your sendmail processes. Glad the BFH solved your problem! Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Pollard > Sent: Tuesday, April 27, 2004 1:05 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Attachments with denied extensions aren't being blocked > > Thanks Mike for the speedy reply. > > I'm running f-prot antivirus. The following is its version > information. > > F-PROT ANTIVIRUS > Program version: 4.4.1 > Engine version: 3.14.11 > > VIRUS SIGNATURE FILES > SIGN.DEF created 26 April 2004 > SIGN2.DEF created 26 April 2004 > MACRO.DEF created 21 April 2004 > > I think my problem just went away. I rebooted. > I hate using the big hammer because you never get to know the > cause of the problem. I tried sending an email from an > external user that contained the eicar test virus. It at > first failed to be detected. > Then I rebooted and now it is detected fine and so are the > executable attachments. > > I thought that sendmail and MailScanner worked togeather? > Here is the output of a couple of ps commands showing 3 > running processes for each. > > [root@linuxprod log]# ps -ef | grep sendmail > root 1784 1 0 15:32 ? 00:00:00 [sendmail] > smmsp 1789 1 0 15:32 ? 00:00:00 [sendmail] > root 1795 1 0 15:32 ? 00:00:00 [sendmail] > > [root@linuxprod log]# ps -ef | grep MailScanner > root 1813 1 0 15:32 ? 00:00:00 /usr/bin/perl > -I/usr/lib/MailScanner /usr/sbin/MailScanner > /etc/MailScanner/MailScanner.conf > root 1814 1813 0 15:32 ? 00:00:01 /usr/bin/perl > -I/usr/lib/MailScanner /usr/sbin/MailScanner > /etc/MailScanner/MailScanner.conf > root 1846 1813 0 15:32 ? 00:00:01 /usr/bin/perl > -I/usr/lib/MailScanner /usr/sbin/MailScanner > /etc/MailScanner/MailScanner.conf > > Regards, > > > David > > -----Original Message----- > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > Sent: Tuesday, 27 April 2004 3:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Attachments with denied extensions aren't being blocked > > Is it possible that you have sendmail running in addition to > MailScanner? > Which AV product are you using and which version? > > Mike > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james_gray at OCS.COM Tue Apr 27 07:19:54 2004 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:24:50 2006 Subject: High Load In-Reply-To: <408D975A.7060707@eatathome.com.au> References: <200404261949.i3QJnPRB016010@avwall.bladeware.com> <408D975A.7060707@eatathome.com.au> Message-ID: <408DFB8A.5070704@ocs.com> Pete wrote: > Mike Kercher wrote: > > >>I'm seeing a HUGE load on my system and I can't figure out why. >> >>14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 >>102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >>CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait 0.0% idle >>Mem: 1022796k av, 915824k used, 106972k free, 0k shrd, 43448k >>buff >> 522344k actv, 197376k in_d, 127288k in_c >>Swap: 2048276k av, 31672k used, 2016604k free 441600k >>cached >> >> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND >>9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >>MailScanner >>15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 0 cucipop >> **SNIPPED** > Why does your machine use swap when you have plenty of ram free ? I've often seen my *nix boxen swap stuff out to increase cache/buffer for stuff that is loaded but very rarely used (like lpd). I remember doing some exercises with this on Solaris when I did my Sun CSE course (the idea was performance tuning a server with very high I/O and low application memory requirements - think BIG ftp/mail server). Never touched it since then but is is possible to skew the memory management to "prefer" buffer/cache in certain circumstances. Cheers, James -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Tue Apr 27 09:08:48 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <408DFB8A.5070704@ocs.com> References: <200404261949.i3QJnPRB016010@avwall.bladeware.com> <408D975A.7060707@eatathome.com.au> <408DFB8A.5070704@ocs.com> Message-ID: <408E1510.30500@solid-state-logic.com> Have you got the bigevil.cf loaded in SA? I found this a major hog.. Also do the debug stuff mentioned previously. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 James Gray wrote: > Pete wrote: > >> Mike Kercher wrote: >> >> >>> I'm seeing a HUGE load on my system and I can't figure out why. >>> >>> 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 >>> 102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >>> CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait >>> 0.0% idle >>> Mem: 1022796k av, 915824k used, 106972k free, 0k shrd, 43448k >>> buff >>> 522344k actv, 197376k in_d, 127288k in_c >>> Swap: 2048276k av, 31672k used, 2016604k free 441600k >>> cached >>> >>> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND >>> 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >>> MailScanner >>> 15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 0 >>> cucipop >>> > > > **SNIPPED** > >> Why does your machine use swap when you have plenty of ram free ? > > > I've often seen my *nix boxen swap stuff out to increase cache/buffer > for stuff that is loaded but very rarely used (like lpd). I remember > doing some exercises with this on Solaris when I did my Sun CSE course > (the idea was performance tuning a server with very high I/O and low > application memory requirements - think BIG ftp/mail server). Never > touched it since then but is is possible to skew the memory management > to "prefer" buffer/cache in certain circumstances. > > Cheers, > > James > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From m at WHERES.CO.UK Tue Apr 27 09:59:02 2004 From: m at WHERES.CO.UK (Matthew Baker) Date: Thu Jan 12 21:24:51 2006 Subject: spam autolearn=not issue In-Reply-To: References: Message-ID: <408E20D6.7060401@wheres.co.uk> man Mail::SpamAssassin::Conf bayes_auto_learn_threshold_nonspam n.nn (default: 0.1) The score threshold below which a mail has to score, to be fed into SpamAssassin's learning systems automatically as a non-spam message. what's nspam and nham say from the out put of: sa-learn --dump -p /etc/MailScanner/spam.assassin.prefs.conf |head It looks as if it's learning it as not spam rather than not learning. Brian Lewis wrote: > I found that all my high scoring spam is doing autolearn=spam, but my ham > is getting autolearn=not! > > spam autolearn=not > -4.90 BAYES_00 Bayesian spam probability is 0 to 1% > > > This message scored -4.90 but still has autolearn=not instead of > autolearn=ham. Where do I set it to autolearn=ham for say anything smaller > than 0 score wise? > > MailScanner 4.29.7-1 using SpamAssassin 2.61 and Bayesian Filtering turned > on. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Apr 27 10:18:09 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:51 2006 Subject: spam autolearn=not issue In-Reply-To: Message-ID: <200404270913.i3R9DGYC031366@monitor.blacknight.ie> Brian I don't see the problem. If you get autolearn=not, then SA surely learns that it is ham, even if it doesn't call it ham. Or am I missing something??? Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Lewis Sent: 27 April 2004 06:13 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] spam autolearn=not issue I found that all my high scoring spam is doing autolearn=spam, but my ham is getting autolearn=not! spam autolearn=not -4.90 BAYES_00 Bayesian spam probability is 0 to 1% This message scored -4.90 but still has autolearn=not instead of autolearn=ham. Where do I set it to autolearn=ham for say anything smaller than 0 score wise? MailScanner 4.29.7-1 using SpamAssassin 2.61 and Bayesian Filtering turned on. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue Apr 27 10:54:44 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <408E1510.30500@solid-state-logic.com> Message-ID: Hi! > Have you got the bigevil.cf loaded in SA? I found this a major hog.. > > Also do the debug stuff mentioned previously. You might consider moving BigEvil to SURBL (http://www.surbl.org) :) Saves a lot of RAM _and_ CPU in your configs. The regexp stuff is gone... Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gareth at GRIFFIN.COM Tue Apr 27 10:54:32 2004 From: gareth at GRIFFIN.COM (Gareth Campling) Date: Thu Jan 12 21:24:51 2006 Subject: Debugging RBL's Message-ID: >Is that server not your first MTA? MailScanners RBL checks only checks the server it received the mail from but SA checks all the received headers. Maybe >that's why it works in SA but not in MS. Nope it's is the first MTA, can't seem to find a pattern to it. -- Gareth Campling Network Operations Engineer Griffin Internet -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From moacyrs at AKADNYX.COM.BR Tue Apr 27 13:44:49 2004 From: moacyrs at AKADNYX.COM.BR (Moacyr Leite da Silva) Date: Thu Jan 12 21:24:51 2006 Subject: Spam List - DNS querys Message-ID: <00be01c42c55$6d66c330$fd00a8c0@moacyr> Hi there, I was make some tunning on server and saw that have a huge of dns querys for spam blacklists like sorbs spamhaus rfc-ignorant blitzed spamcop.net But I have enable spam blacklists only for ORDB-RBL and SBL+XBL Why these dns querys are being issued?! Thanks Moacyr Leite da Silva www.akadnyx.com.br RH 9.0 MailScanner-4.29.7-1 clamavmodule SpamAssassin 2.63 MailScanner.conf # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) spam.lists.conf is default from ./install.sh #tethereal -i any port 53 114.218643 200.207.50.175 -> 200.204.0.10 DNS Standard query A 179.3.176.200.dnsbl.sorbs.net 114.268473 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 179.3.176.200.sbl.spamhaus.org 114.268548 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 139.55.154.200.sbl.spamhaus.org 114.268613 200.207.50.175 -> 200.204.0.10 DNS Standard query A terra.com.br.dsn.rfc-ignorant.org 114.268678 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 179.3.176.200.ipwhois.rfc-ignorant.org 114.295279 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 139.55.154.200.ipwhois.rfc-ignorant.org 114.295354 200.207.50.175 -> 200.204.0.10 DNS Standard query A 179.3.176.200.opm.blitzed.org 114.295418 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 179.3.176.200.list.dsbl.org 114.295481 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 139.55.154.200.list.dsbl.org 114.295544 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 226.55.154.200.bl.spamcop.net 114.627050 200.204.0.10 -> 200.207.50.175 DNS Standard query response, No such name 114.628281 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 114.743826 200.204.0.10 -> 200.207.50.175 DNS Standard query response, No such name 114.744691 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 115.359766 200.204.0.10 -> 200.207.50.175 DNS Standard query response, No such name 115.361002 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 116.092019 200.204.0.138 -> 200.207.50.175 DNS Standard query response, No such name 116.093466 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 116.278545 200.207.50.175 -> 63.251.174.107 DNS Standard query TXT 139.55.154.200.sbl.spamhaus.org 116.278662 200.207.50.175 -> 128.194.254.4 DNS Standard query A terra.com.br.dsn.rfc-ignorant.org 116.278747 200.207.50.175 -> 128.194.254.4 DNS Standard query TXT 179.3.176.200.ipwhois.rfc-ignorant.org 116.308330 200.207.50.175 -> 128.194.254.4 DNS Standard query TXT 139.55.154.200.ipwhois.rfc-ignorant.org 116.308435 200.207.50.175 -> 66.98.161.17 DNS Standard query TXT 179.3.176.200.list.dsbl.org 116.308513 200.207.50.175 -> 66.98.161.17 DNS Standard query TXT 139.55.154.200.list.dsbl.org -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/66465ddf/attachment.html From mailscanner at BARENDSE.TO Tue Apr 27 14:03:04 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:24:51 2006 Subject: Delivery Status Notifications - how to stop them? Message-ID: The question has been raised a long time ago on the list but the problem remains when using M$ Exchange. I use MailScanner as a mail relay before Exchange but there is one *EXTRENELY annoying feature of Exchange/Outlook that cannot be disabled : Deliver Status Notifications. The problem is that Outlook or Exchange (not sure which of the both) are happily reporting back who has (not) read which message and when and I want to keep this information inside our organization! I manages to solve part of the problem using some custom sendmail rules but this doesn't catch all of them. What I tried so far: - define(`confPRIVACY_FLAGS', `noreceipts')dnl in my sendmail.mc This does not help because it is not sendmail that is sending the DSN's but Exchange. - disabling this crap in M$ Exchange, this only gets rid of 'succesfully delivered to' but not read/unread receipts - sendmail rules. This is what I have in my sendmail.mc: LOCAL_RULESETS F{DiscardSubs} /etc/mail/discardsubs.txt HSubject: $>Check_Subject SCheck_Subject R$* $={DiscardSubs} $* $#discard This is the contents of discardsubs.txt: read: not.read: gelezen: niet.gelezen: le?do: no.le?do: lida: lidas: lido: This works for DSN's in normal ISO format but it does not work for e-mails differently encoded. I archived all outgoing e-mail. This is how such a header looks in pine in normal view: Subject: Not read: {Spam?} Solicitud de And this is what the header looks like in full header mode: Subject: =?iso-8859-1?Q?Not_read=3A_=7BSpam=3F=7D_Solicitud_de?= And this is what the header looks like in the df/qf pair: H??Subject: =?iso-8859-1?Q?Read=3A_Angaben_f=FCr_ I have tried many combinations of blocking this stuff but the problem seems to be in the different encoding. Even if I try scanning for only one single word in the subject line (yes, dangerous, I know) it still does not block them! Using SpamAssassing rules is not an option, I do not want to risk dropping any outgoing mail and don't want to scan outgoing messages either. I never managed to get the MCP up and running properly with MailScanner. Does any body know how to trap subjects in different ISO encoding using sendmail rules or another possible solution to this problem? It's very annoying (embarassing!!) to have people call and ask you why you deleted their mail unread while really you do not want to reply. Maybe we can make this a feature request for MailScanner? This is what the body of a DSN looks like: Your message To: xxxx Subject: xxxxx Sent: Wed, 1 Oct 2003 20:11:55 +0200 was deleted without being read on Thu, 15 Apr 2004 13:52:43 +0200 Thanks a 1,000,000 for any suggestions / solutions!! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Apr 27 13:53:28 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:51 2006 Subject: Spam List - DNS querys In-Reply-To: <00be01c42c55$6d66c330$fd00a8c0@moacyr> Message-ID: <200404271248.i3RCmZYC020040@monitor.blacknight.ie> If you have Spam assassin installed you will find that it is making the queries. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 _____ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Moacyr Leite da Silva Sent: 27 April 2004 13:45 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Spam List - DNS querys Hi there, I was make some tunning on server and saw that have a huge of dns querys for spam blacklists like sorbs spamhaus rfc-ignorant blitzed spamcop.net But I have enable spam blacklists only for ORDB-RBL and SBL+XBL Why these dns querys are being issued?! Thanks Moacyr Leite da Silva www.akadnyx.com.br RH 9.0 MailScanner-4.29.7-1 clamavmodule SpamAssassin 2.63 MailScanner.conf # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) spam.lists.conf is default from ./install.sh #tethereal -i any port 53 114.218643 200.207.50.175 -> 200.204.0.10 DNS Standard query A 179.3.176.200.dnsbl.sorbs.net 114.268473 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 179.3.176.200.sbl.spamhaus.org 114.268548 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 139.55.154.200.sbl.spamhaus.org 114.268613 200.207.50.175 -> 200.204.0.10 DNS Standard query A terra.com.br.dsn.rfc-ignorant.org 114.268678 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 179.3.176.200.ipwhois.rfc-ignorant.org 114.295279 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 139.55.154.200.ipwhois.rfc-ignorant.org 114.295354 200.207.50.175 -> 200.204.0.10 DNS Standard query A 179.3.176.200.opm.blitzed.org 114.295418 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 179.3.176.200.list.dsbl.org 114.295481 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 139.55.154.200.list.dsbl.org 114.295544 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT 226.55.154.200.bl.spamcop.net 114.627050 200.204.0.10 -> 200.207.50.175 DNS Standard query response, No such name 114.628281 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 114.743826 200.204.0.10 -> 200.207.50.175 DNS Standard query response, No such name 114.744691 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 115.359766 200.204.0.10 -> 200.207.50.175 DNS Standard query response, No such name 115.361002 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 116.092019 200.204.0.138 -> 200.207.50.175 DNS Standard query response, No such name 116.093466 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No such name 116.278545 200.207.50.175 -> 63.251.174.107 DNS Standard query TXT 139.55.154.200.sbl.spamhaus.org 116.278662 200.207.50.175 -> 128.194.254.4 DNS Standard query A terra.com.br.dsn.rfc-ignorant.org 116.278747 200.207.50.175 -> 128.194.254.4 DNS Standard query TXT 179.3.176.200.ipwhois.rfc-ignorant.org 116.308330 200.207.50.175 -> 128.194.254.4 DNS Standard query TXT 139.55.154.200.ipwhois.rfc-ignorant.org 116.308435 200.207.50.175 -> 66.98.161.17 DNS Standard query TXT 179.3.176.200.list.dsbl.org 116.308513 200.207.50.175 -> 66.98.161.17 DNS Standard query TXT 139.55.154.200.list.dsbl.org -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/fa58eb7a/attachment.html From drew at THEMARSHALLS.CO.UK Tue Apr 27 13:54:22 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:24:51 2006 Subject: Spam List - DNS querys In-Reply-To: <00be01c42c55$6d66c330$fd00a8c0@moacyr> References: <00be01c42c55$6d66c330$fd00a8c0@moacyr> Message-ID: <52112.194.70.180.170.1083070462.squirrel@net.themarshalls.co.uk> Moacyr Leite da Silva said: > Hi there, > > I was make some tunning on server and saw that have a huge of dns querys > for spam blacklists like sorbs spamhaus rfc-ignorant blitzed spamcop.net > But I have enable spam blacklists only for ORDB-RBL and SBL+XBL > > Why these dns querys are being issued?! > > Thanks > Moacyr Leite da Silva > www.akadnyx.com.br > > > RH 9.0 > MailScanner-4.29.7-1 > clamavmodule > SpamAssassin 2.63 > > > MailScanner.conf > # This is the list of spam blacklists (RBLs) which you are using. > # See the "Spam List Definitions" file for more information about what > # you can put here. > # This can also be the filename of a ruleset. > Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) > > spam.lists.conf is default from ./install.sh This is for MailScanner only. The queries are being made by SpamAssassin. You need to decide which of the two you want to do the RBL query. MailScanner only looks up the last hop and will mark mail accordingly. SpamAssassin looks up all hops and will add to the spam score (Which is useful if you want to use the more agressive lists) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Tue Apr 27 13:55:59 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <408E1510.30500@solid-state-logic.com> Message-ID: <200404271255.i3RCtxL4010106@avwall.bladeware.com> excellent pointer! I *did* have bigevil.cf loaded. After rm'ing it and reloading MS, my load is down below 1.00 again. I'll be keeping an eye on it today. Thanks a LOT! I woke up to an unresponsive server this morning :/ Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Tuesday, April 27, 2004 3:09 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > Have you got the bigevil.cf loaded in SA? I found this a major hog.. > > Also do the debug stuff mentioned previously. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > James Gray wrote: > > Pete wrote: > > > >> Mike Kercher wrote: > >> > >> > >>> I'm seeing a HUGE load on my system and I can't figure out why. > >>> > >>> 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 > >>> 102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > >>> CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait > >>> 0.0% idle > >>> Mem: 1022796k av, 915824k used, 106972k free, 0k > shrd, 43448k > >>> buff > >>> 522344k actv, 197376k in_d, 127288k in_c > >>> Swap: 2048276k av, 31672k used, 2016604k free > 441600k > >>> cached > >>> > >>> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM > TIME CPU COMMAND > >>> 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 > >>> MailScanner > >>> 15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 0 > >>> cucipop > >>> > > > > > > **SNIPPED** > > > >> Why does your machine use swap when you have plenty of ram free ? > > > > > > I've often seen my *nix boxen swap stuff out to increase > cache/buffer > > for stuff that is loaded but very rarely used (like lpd). > I remember > > doing some exercises with this on Solaris when I did my Sun > CSE course > > (the idea was performance tuning a server with very high > I/O and low > > application memory requirements - think BIG ftp/mail > server). Never > > touched it since then but is is possible to skew the memory > management > > to "prefer" buffer/cache in certain circumstances. > > > > Cheers, > > > > James > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > For further info about MailScanner, please see the Most Asked > > Questions at http://www.mailscanner.biz/maq/ and the archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue Apr 27 14:02:41 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <200404271255.i3RCtxL4010106@avwall.bladeware.com> Message-ID: Hi! > excellent pointer! I *did* have bigevil.cf loaded. After rm'ing it and > reloading MS, my load is down below 1.00 again. I'll be keeping an eye on > it today. Thanks a LOT! I woke up to an unresponsive server this morning > :/ > > Have you got the bigevil.cf loaded in SA? I found this a major hog.. BigEvil is available as SURBL, this doesnt consume much and is just another DNS lookup.... Might be the solution for you to keep using it. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue Apr 27 13:54:46 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:51 2006 Subject: Spam List - DNS querys In-Reply-To: <00be01c42c55$6d66c330$fd00a8c0@moacyr> References: <00be01c42c55$6d66c330$fd00a8c0@moacyr> Message-ID: Moacyr Leite da Silva wrote: > Hi there, > > I was make some tunning on server and saw that have a huge of dns querys > for spam blacklists like sorbs spamhaus rfc-ignorant blitzed spamcop.net > But I have enable spam blacklists only for ORDB-RBL and SBL+XBL > > Why these dns querys are being issued?! Probably in SpamAssassin. > > Thanks > Moacyr Leite da Silva > www.akadnyx.com.br > > > RH 9.0 > MailScanner-4.29.7-1 > clamavmodule > SpamAssassin 2.63 > > > MailScanner.conf > # This is the list of spam blacklists (RBLs) which you are using. > # See the "Spam List Definitions" file for more information about what > # you can put here. > # This can also be the filename of a ruleset. > Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) > > spam.lists.conf is default from ./install.sh > > #tethereal -i any port 53 > 114.218643 200.207.50.175 -> 200.204.0.10 DNS Standard query A > 179.3.176.200.dnsbl.sorbs.net > 114.268473 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT > 179.3.176.200.sbl.spamhaus.org > 114.268548 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT > 139.55.154.200.sbl.spamhaus.org > 114.268613 200.207.50.175 -> 200.204.0.10 DNS Standard query A > terra.com.br.dsn.rfc-ignorant.org > 114.268678 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT > 179.3.176.200.ipwhois.rfc-ignorant.org > 114.295279 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT > 139.55.154.200.ipwhois.rfc-ignorant.org > 114.295354 200.207.50.175 -> 200.204.0.10 DNS Standard query A > 179.3.176.200.opm.blitzed.org > 114.295418 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT > 179.3.176.200.list.dsbl.org > 114.295481 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT > 139.55.154.200.list.dsbl.org > 114.295544 200.207.50.175 -> 200.204.0.10 DNS Standard query TXT > 226.55.154.200.bl.spamcop.net > 114.627050 200.204.0.10 -> 200.207.50.175 DNS Standard query response, > No such name > 114.628281 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No > such name > 114.743826 200.204.0.10 -> 200.207.50.175 DNS Standard query response, > No such name > 114.744691 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No > such name > 115.359766 200.204.0.10 -> 200.207.50.175 DNS Standard query response, > No such name > 115.361002 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No > such name > 116.092019 200.204.0.138 -> 200.207.50.175 DNS Standard query response, > No such name > 116.093466 127.0.0.1 -> 127.0.0.1 DNS Standard query response, No > such name > 116.278545 200.207.50.175 -> 63.251.174.107 DNS Standard query TXT > 139.55.154.200.sbl.spamhaus.org > 116.278662 200.207.50.175 -> 128.194.254.4 DNS Standard query A > terra.com.br.dsn.rfc-ignorant.org > 116.278747 200.207.50.175 -> 128.194.254.4 DNS Standard query TXT > 179.3.176.200.ipwhois.rfc-ignorant.org > 116.308330 200.207.50.175 -> 128.194.254.4 DNS Standard query TXT > 139.55.154.200.ipwhois.rfc-ignorant.org > 116.308435 200.207.50.175 -> 66.98.161.17 DNS Standard query TXT > 179.3.176.200.list.dsbl.org > 116.308513 200.207.50.175 -> 66.98.161.17 DNS Standard query TXT > 139.55.154.200.list.dsbl.org > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further > info about MailScanner, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jase at SENSIS.COM Tue Apr 27 14:15:28 2004 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:24:51 2006 Subject: spam autolearn=not issue Message-ID: Are you sure that you're not seeing "autolearn=not spam"? That's what I see when non-spams are being auto learned. Jason Brian Lewis wrote: > I found that all my high scoring spam is doing autolearn=spam, but my > ham is getting autolearn=not! > > spam autolearn=not > -4.90 BAYES_00 Bayesian spam probability is 0 to 1% > > > This message scored -4.90 but still has autolearn=not instead of > autolearn=ham. Where do I set it to autolearn=ham for say anything > smaller than 0 score wise? > > MailScanner 4.29.7-1 using SpamAssassin 2.61 and Bayesian Filtering > turned on. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Denis.Beauchemin at USHERBROOKE.CA Tue Apr 27 14:18:39 2004 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: References: Message-ID: <408E5DAF.6080703@USherbrooke.ca> Raymond Dijkxhoorn wrote: >Hi! > > > >>excellent pointer! I *did* have bigevil.cf loaded. After rm'ing it and >>reloading MS, my load is down below 1.00 again. I'll be keeping an eye on >>it today. Thanks a LOT! I woke up to an unresponsive server this morning >>:/ >> >> > > > >>>Have you got the bigevil.cf loaded in SA? I found this a major hog.. >>> >>> > >BigEvil is available as SURBL, this doesnt consume much and is just >another DNS lookup.... Might be the solution for you to keep using it. > > > I've just looked into it and was wondering if the following installation would be OK: 1- download and install Mail-SpamAssassin-SpamCopURI-0.14 2- copy rules/spamcop_uri.cf /etc/mail/spamassassin/ 3- edit /etc/mail/spamassassin/spamcop_uri.cf to comment out SPAMCOP_URI_RBL (if I don't want to use SpamCop) and to add BE_URI_RBL and WS_URI_RBL 4- remove /etc/mail/spamassassin/bigevil.cf Anything else to do? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Tue Apr 27 14:21:34 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <200404271255.i3RCtxL4010106@avwall.bladeware.com> References: <200404271255.i3RCtxL4010106@avwall.bladeware.com> Message-ID: Hi, I've been using bigevil.cf for a while (2.12M until this morning, 2.12P now), with no load problems. My setup: Sun V1280 (4 cpus), Solaris 9, MS 4.29.7, razor, SA 2.63, perl 5.8.3 built as sun4-solaris-thread-multi. My typical load is in the range of 2-3. Jeff Earickson Colby College On Tue, 27 Apr 2004, Mike Kercher wrote: > Date: Tue, 27 Apr 2004 07:55:59 -0500 > From: Mike Kercher > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > excellent pointer! I *did* have bigevil.cf loaded. After rm'ing it and > reloading MS, my load is down below 1.00 again. I'll be keeping an eye on > it today. Thanks a LOT! I woke up to an unresponsive server this morning > :/ > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > > Sent: Tuesday, April 27, 2004 3:09 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: High Load > > > > Have you got the bigevil.cf loaded in SA? I found this a major hog.. > > > > Also do the debug stuff mentioned previously. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > James Gray wrote: > > > Pete wrote: > > > > > >> Mike Kercher wrote: > > >> > > >> > > >>> I'm seeing a HUGE load on my system and I can't figure out why. > > >>> > > >>> 14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 > > >>> 102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > > >>> CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait > > >>> 0.0% idle > > >>> Mem: 1022796k av, 915824k used, 106972k free, 0k > > shrd, 43448k > > >>> buff > > >>> 522344k actv, 197376k in_d, 127288k in_c > > >>> Swap: 2048276k av, 31672k used, 2016604k free > > 441600k > > >>> cached > > >>> > > >>> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM > > TIME CPU COMMAND > > >>> 9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 > > >>> MailScanner > > >>> 15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 0 > > >>> cucipop > > >>> > > > > > > > > > **SNIPPED** > > > > > >> Why does your machine use swap when you have plenty of ram free ? > > > > > > > > > I've often seen my *nix boxen swap stuff out to increase > > cache/buffer > > > for stuff that is loaded but very rarely used (like lpd). > > I remember > > > doing some exercises with this on Solaris when I did my Sun > > CSE course > > > (the idea was performance tuning a server with very high > > I/O and low > > > application memory requirements - think BIG ftp/mail > > server). Never > > > touched it since then but is is possible to skew the memory > > management > > > to "prefer" buffer/cache in certain circumstances. > > > > > > Cheers, > > > > > > James > > > > > > -------------------------- MailScanner list ---------------------- > > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > > For further info about MailScanner, please see the Most Asked > > > Questions at http://www.mailscanner.biz/maq/ and the archives > > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > For further info about MailScanner, please see the Most Asked > > Questions at http://www.mailscanner.biz/maq/ and the archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jburzenski at AMERICANHM.COM Tue Apr 27 14:30:35 2004 From: jburzenski at AMERICANHM.COM (Jason Burzenski) Date: Thu Jan 12 21:24:51 2006 Subject: Filename.rules.conf - CLSID false positive Message-ID: <9BDD6D4AD0795C46974D7D46C17883B80A748D80@ahm_exchange2.americanhm.com> Has anyone else encountered any false positives with this filename rule? # Deny filenames ending with CLSID's deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type I have a vendor who sends PDF files that look like: 138139_{8B5AC3AF-BE17-4A06-BB98-790FA5C00C9B}.pdf I researched the CLSID vulnerability and it seems that it is only effective when tagged at the end of the filename, after the extension. I am considering revising this regex to something like: \{[a-hA-H0-9-]{25,}\}$ Does anyone see any danger in this change? Thanks Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/64217892/attachment.html From martinh at SOLID-STATE-LOGIC.COM Tue Apr 27 14:29:43 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <408E5DAF.6080703@USherbrooke.ca> References: <408E5DAF.6080703@USherbrooke.ca> Message-ID: <408E6047.9070201@solid-state-logic.com> Denis do a lint check.. make sure /etc/mail/spamassassin/spamcop_uri.cf is readable by the MailScanner user.. restart MailScanner -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Denis Beauchemin wrote: > Raymond Dijkxhoorn wrote: > >> Hi! >> >> >> >>> excellent pointer! I *did* have bigevil.cf loaded. After rm'ing it and >>> reloading MS, my load is down below 1.00 again. I'll be keeping an >>> eye on >>> it today. Thanks a LOT! I woke up to an unresponsive server this >>> morning >>> :/ >>> >> >> >> >> >>>> Have you got the bigevil.cf loaded in SA? I found this a major hog.. >>>> >> >> >> BigEvil is available as SURBL, this doesnt consume much and is just >> another DNS lookup.... Might be the solution for you to keep using it. >> >> >> > I've just looked into it and was wondering if the following installation > would be OK: > 1- download and install Mail-SpamAssassin-SpamCopURI-0.14 > 2- copy rules/spamcop_uri.cf /etc/mail/spamassassin/ > 3- edit /etc/mail/spamassassin/spamcop_uri.cf to comment out > SPAMCOP_URI_RBL (if I don't want to use SpamCop) and to add BE_URI_RBL > and WS_URI_RBL > 4- remove /etc/mail/spamassassin/bigevil.cf > > Anything else to do? > > Thanks! > > Denis > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Tue Apr 27 14:30:42 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: References: <200404271255.i3RCtxL4010106@avwall.bladeware.com> Message-ID: <408E6082.4050305@solid-state-logic.com> Jeff seems to affect the smaller machines (like mine) quite badly.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > Hi, > I've been using bigevil.cf for a while (2.12M until this morning, > 2.12P now), with no load problems. My setup: Sun V1280 (4 cpus), Solaris 9, > MS 4.29.7, razor, SA 2.63, perl 5.8.3 built as sun4-solaris-thread-multi. > My typical load is in the range of 2-3. > > Jeff Earickson > Colby College > > On Tue, 27 Apr 2004, Mike Kercher wrote: > > >>Date: Tue, 27 Apr 2004 07:55:59 -0500 >>From: Mike Kercher >>Reply-To: MailScanner mailing list >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: High Load >> >>excellent pointer! I *did* have bigevil.cf loaded. After rm'ing it and >>reloading MS, my load is down below 1.00 again. I'll be keeping an eye on >>it today. Thanks a LOT! I woke up to an unresponsive server this morning >>:/ >> >>Mike >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>>Sent: Tuesday, April 27, 2004 3:09 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: High Load >>> >>>Have you got the bigevil.cf loaded in SA? I found this a major hog.. >>> >>>Also do the debug stuff mentioned previously. >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>James Gray wrote: >>> >>>>Pete wrote: >>>> >>>> >>>>>Mike Kercher wrote: >>>>> >>>>> >>>>> >>>>>>I'm seeing a HUGE load on my system and I can't figure out why. >>>>>> >>>>>>14:47:00 up 46 min, 3 users, load average: 13.43, 14.25, 10.73 >>>>>>102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >>>>>>CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait >>>>>>0.0% idle >>>>>>Mem: 1022796k av, 915824k used, 106972k free, 0k >>> >>>shrd, 43448k >>> >>>>>>buff >>>>>> 522344k actv, 197376k in_d, 127288k in_c >>>>>>Swap: 2048276k av, 31672k used, 2016604k free >>> >>> 441600k >>> >>>>>>cached >>>>>> >>>>>>PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM >>> >>>TIME CPU COMMAND >>> >>>>>>9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >>>>>>MailScanner >>>>>>15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 0:00 0 >>>>>>cucipop >>>>>> >>>> >>>> >>>>**SNIPPED** >>>> >>>> >>>>>Why does your machine use swap when you have plenty of ram free ? >>>> >>>> >>>>I've often seen my *nix boxen swap stuff out to increase >>> >>>cache/buffer >>> >>>>for stuff that is loaded but very rarely used (like lpd). >>> >>>I remember >>> >>>>doing some exercises with this on Solaris when I did my Sun >>> >>>CSE course >>> >>>>(the idea was performance tuning a server with very high >>> >>>I/O and low >>> >>>>application memory requirements - think BIG ftp/mail >>> >>>server). Never >>> >>>>touched it since then but is is possible to skew the memory >>> >>>management >>> >>>>to "prefer" buffer/cache in certain circumstances. >>>> >>>>Cheers, >>>> >>>>James >>>> >>>>-------------------------- MailScanner list ---------------------- >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>For further info about MailScanner, please see the Most Asked >>>>Questions at http://www.mailscanner.biz/maq/ and the archives >>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >>>********************************************************************** >>> >>>This email and any files transmitted with it are confidential >>>and intended solely for the use of the individual or entity >>>to whom they are addressed. If you have received this email >>>in error please notify the system manager. >>> >>>This footnote confirms that this email message has been swept >>>for the presence of computer viruses and is believed to be clean. >>> >>>********************************************************************** >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>For further info about MailScanner, please see the Most Asked >>>Questions at http://www.mailscanner.biz/maq/ and the archives >>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at BARENDSE.TO Tue Apr 27 14:43:12 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:24:51 2006 Subject: MCP questions Message-ID: Following my question earlier on the list about DSN's I will try to sort out MCP. Two questions however, is there a way to make MCP silent, i.e. not notifying the sender nor the recipient that content was blocked? Furthermore is it correct that mail archiving is processed *before* mcp? I am using the mail archive feature to see what gets blocked or not just want to make sure that things arriving in my mail archive do not necessarily make it to the final recipient. Thanks!! Remco -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From test at NEXTMILL.NET Tue Apr 27 14:57:59 2004 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:24:51 2006 Subject: spam autolearn=not issue Message-ID: Thanks guys! Sorry, Mailwatch (which is logging everything for me) only logs it as 'autolearn=not', so I interpreted that as almost a NO. Appreciate the response. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jens at JSCONSULT.DK Tue Apr 27 14:34:13 2004 From: jens at JSCONSULT.DK (Jens W. Skov - JS Consult) Date: Thu Jan 12 21:24:51 2006 Subject: learning Message-ID: Hi In your experience, that is the best way to do learning on a gateway with many users? Sould I set up a mailbox, that they can submit spam-samples to or use mailwatch? - Jens W. Skov - JS Consult - Phone: 45884077 / 23254077 - E-Mail: jens@jsconsult.dk - Web: http://www.jsconsult.dk http://jnet.dk - NEW ADDRESS FROM JULY 02: R?veh?jparken 58, 2800 Lyngby -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Denis.Beauchemin at USHERBROOKE.CA Tue Apr 27 14:38:21 2004 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:24:51 2006 Subject: OT: I/O bound? Message-ID: <408E624D.7030902@USherbrooke.ca> Hi, One of my servers (Xeon 2.4, 1.5GB, 73GB 10K rpm U160 disk) running MS 4.29.7-1 + SA 2.63 + sendmail 8.12.10-1 on a RHEL 3 AS (all patches applied) seems to be suffering from high disk access: # iostat -dk 5|awk '/^Device/&&p!=1{print;p=1}/^dev/{print}' Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn dev8-0 160.89 132.67 685.66 10411181 53804828 dev8-0 224.34 14.91 941.23 68 4292 dev8-0 246.06 16.28 1056.49 64 4152 dev8-0 190.12 14.46 827.95 60 3436 dev8-0 133.94 11.76 602.71 52 2664 dev8-0 160.34 7.68 720.68 36 3380 dev8-0 156.07 25.24 672.82 104 2772 dev8-0 138.39 6.25 777.68 28 3484 dev8-0 295.57 13.99 1234.50 60 5296 dev8-0 132.68 4.36 574.29 20 2636 dev8-0 74.00 8.39 344.65 40 1644 dev8-0 94.46 8.87 414.19 40 1868 dev8-0 231.74 143.07 824.18 568 3272 dev8-0 176.82 10.91 761.82 48 3352 dev8-0 136.15 3.76 609.39 16 2596 dev8-0 207.82 9.78 880.20 40 3600 dev8-0 171.86 143.28 614.07 672 2880 dev8-0 122.09 2.79 534.88 12 2300 dev8-0 200.27 109.49 766.40 404 2828 It reads just a little bit but writes so much. I run a caching NS (bind, as supplied by RH) and use tmpfs for /var/spool/MailScanner/incoming. Anything I can do to make it go faster? Is there some program I can run to figure out which program does all this I/O? Here is the output of some commands: # free total used free shared buffers cached Mem: 1545056 1456104 88952 0 232744 881236 -/+ buffers/cache: 342124 1202932 Swap: 2048276 309720 1738556 # vmstat 5 procs memory swap io system cpu r b swpd free buff cache si so bi bo in cs us sy id wa 5 0 308612 35000 232736 885600 8 7 57 61 194 24 41 15 31 13 2 0 308608 74856 232736 885560 0 0 0 786 411 1587 67 24 0 9 0 0 308608 79408 232736 886624 0 0 13 1028 654 1886 34 17 16 34 2 0 308608 62488 232740 885744 0 0 6 441 454 3994 62 21 8 8 3 4 308608 53280 232740 885772 0 0 7 1161 456 1564 55 16 17 12 0 0 308608 66268 232752 885820 0 0 6 554 399 1643 44 24 14 18 3 2 308608 75588 232756 886092 0 0 3 550 419 1656 37 19 33 10 0 2 308556 50620 232784 886068 0 0 1 675 499 2065 40 15 21 25 1 0 308548 57600 232800 886264 0 0 1 269 269 1199 30 14 51 4 5 1 308548 49644 232836 886432 0 0 0 399 349 1864 42 15 34 9 2 0 308548 33224 232884 886832 0 0 3 562 378 1763 53 24 10 13 6 0 308548 59540 232896 886652 0 0 9 418 271 1260 59 18 13 10 1 0 308548 22212 232908 886852 1 0 4 606 384 2234 58 20 13 9 4 0 308544 56104 232660 887224 0 0 12 850 402 3748 35 20 25 21 2 0 308544 62052 232660 887496 0 0 2 710 372 1457 57 17 15 11 4 9 308500 71140 232676 887996 2 0 11 876 449 3826 65 33 0 2 # top 09:35:19 up 1 day, 1:22, 1 user, load average: 5.12, 4.80, 5.28 145 processes: 144 sleeping, 1 running, 0 zombie, 0 stopped CPU states: cpu user nice system irq softirq iowait idle total 23.7% 0.0% 10.6% 0.0% 0.0% 65.0% 0.4% cpu00 17.4% 0.0% 12.6% 0.0% 0.0% 68.9% 0.9% cpu01 30.0% 0.0% 8.7% 0.0% 0.0% 61.1% 0.0% Mem: 1545056k av, 1490064k used, 54992k free, 0k shrd, 232876k buff 1161456k actv, 265116k in_d, 7252k in_c Swap: 2048276k av, 308184k used, 1740092k free 897560k cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 23985 root 23 0 44736 31M 2348 S 17.0 2.0 0:00 1 MailScanner 23987 root 25 0 3348 3348 1920 S 3.4 0.2 0:00 1 pyzor 23814 root 23 0 4588 4588 1664 D 2.9 0.2 0:01 1 mailscanner-mrt 7 root 15 0 0 0 0 SW 2.4 0.0 12:22 1 kswapd 1726 named 25 0 26668 25M 1568 S 1.4 1.7 19:41 1 named 4093 root 20 0 44472 22M 2112 S 0.4 1.4 3:26 1 MailScanner 23980 root 21 0 42852 28M 2260 S 0.4 1.8 0:00 1 MailScanner Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Apr 27 14:44:53 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:51 2006 Subject: Filename.rules.conf - CLSID false positive In-Reply-To: <9BDD6D4AD0795C46974D7D46C17883B80A748D80@ahm_exchange2.ame ricanhm.com> References: <9BDD6D4AD0795C46974D7D46C17883B80A748D80@ahm_exchange2.americanhm.com> Message-ID: <6.0.1.1.2.20040427143929.03eb8e90@imap.ecs.soton.ac.uk> There is a Bugtraq article http://www.securityfocus.com/archive/1/351379 which explains how a CLSID in the middle of a filename can be used to force execution of a file that appears to be an MPEG. Windows gives the CLSID precedence over the file extension. Later articles in the thread argue that it is only dangerous, and not actually lethal, in the hands of users. Originally I matched the CLSID at the end of the filename, but changed it later because of this report. At 14:30 27/04/2004, you wrote: >Has anyone else encountered any false positives with this filename rule? > ># Deny filenames ending with CLSID's >deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real >type Files containing CLSID's are trying to >hide their real type > >I have a vendor who sends PDF files that look like: > > 138139_{8B5AC3AF-BE17-4A06-BB98-790FA5C00C9B}.pdf > >I researched the CLSID vulnerability and it seems that it is only >effective when tagged at the end of the filename, after the extension. I >am considering revising this regex to something like: > >\{[a-hA-H0-9-]{25,}\}$ > >Does anyone see any danger in this change? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue Apr 27 16:05:58 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <408E5DAF.6080703@USherbrooke.ca> Message-ID: Hi! > >BigEvil is available as SURBL, this doesnt consume much and is just > >another DNS lookup.... Might be the solution for you to keep using it. > I've just looked into it and was wondering if the following installation > would be OK: > 1- download and install Mail-SpamAssassin-SpamCopURI-0.14 > 2- copy rules/spamcop_uri.cf /etc/mail/spamassassin/ > 3- edit /etc/mail/spamassassin/spamcop_uri.cf to comment out > SPAMCOP_URI_RBL (if I don't want to use SpamCop) and to add BE_URI_RBL > and WS_URI_RBL > 4- remove /etc/mail/spamassassin/bigevil.cf > Anything else to do? Reload MailScanner :) Here's a somehow extended .cf to also enable the other SURBL lookups: [raymond@vmx01 spamassassin]$ more spamcop_uri.cf uri SPAMCOP_URI_RBL eval:check_spamcop_uri_rbl('sc.surbl.org','127.0.0.2') describe SPAMCOP_URI_RBL URI's domain appears in spamcop database at sc.surbl.org tflags SPAMCOP_URI_RBL net uri WS_URI_RBL eval:check_spamcop_uri_rbl('ws.surbl.org','127.0.0.2') describe WS_URI_RBL URI's domain appears in spamcop database at ws.surbl.org tflags WS_URI_RBL net uri BIGEVIL_URI_RBL eval:check_spamcop_uri_rbl('be.surbl.org','127.0.0.2') describe BIGEVIL_URI_RBL URI's domain appears in spamcop database at be.surbl.org tflags BIGEVIL_URI_RBL net score WS_URI_RBL 3.5 score SPAMCOP_URI_RBL 3.5 score BIGEVIL_URI_RBL 3.5 Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue Apr 27 16:07:23 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: Message-ID: Hi Jeff, > I've been using bigevil.cf for a while (2.12M until this morning, > 2.12P now), with no load problems. My setup: Sun V1280 (4 cpus), Solaris 9, > MS 4.29.7, razor, SA 2.63, perl 5.8.3 built as sun4-solaris-thread-multi. > My typical load is in the range of 2-3. The SURBL version is really much less CPU intensive, perhaps your box can take the load _low_ but on some point in time it might freak out. I personally always like to reduce load as much as possible. Then my boxes have more slack to do the real work. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Apr 27 19:07:11 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:51 2006 Subject: Ruleset query In-Reply-To: Message-ID: <200404271802.i3RI2IYC018408@monitor.blacknight.ie> Hi I've had a look but I can't seem to see anything for this one... To: user@domain.com From: somebody@anotherdomain.com Is fine for implementing rules based on sender --> receiver relationships. My query is this: To: user@domain.com From: somebody@anotherdomain.com Subject: somestring Basically mail from user1 to user2 with a very specific subject. Is there anyway to do this via rulesets? (Basically we want to block mail from user1 to user2 ONLY IF the subject is "somestring" - as an MTA or MUA is being really dumb and sending the same email every 60 seconds....) Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kdyke at KEYCOMPUTERCONSULTANTS.COM Tue Apr 27 19:02:13 2004 From: kdyke at KEYCOMPUTERCONSULTANTS.COM (Ken Dyke) Date: Thu Jan 12 21:24:51 2006 Subject: mailscanner and postfix Message-ID: <20040427180213.GE21598@hyper> Hi, Has anyone written a wrapper for receiving messages from postfix? That seems to be the missing piece to avoiding the ugliness of the set up described in "MailScanner Installation Guide - Postfix". -- I think, therefore, ken_i_m Chief Gadgeteer, Elegant Innovations Founder, Bozeman Linux Users Group (406) 581-0495 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Tue Apr 27 19:28:37 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:51 2006 Subject: couple quick questions on Mailscanner... Message-ID: <5.2.1.1.0.20040427112836.00a8c0f8@pop.courtesymortgage.com> Hello everyone. Just have a couple quick questions about my mailscanner server that is about to go live. First, specs: FreeBSD 4.9 Sendmail 8.12.10 MailScanner 4.27-7 clamav 0.70 SpamAssassin 2.63 Hardware: Dual PIII 1ghz 2gig RAM 2 16gig SCSI drives Quick shot of df -h: /dev/da1s1e 8.2G 3.3M 7.5G 0% /var /dev/da1s1f 8.5G 170K 7.8G 0% /var/spool procfs 4.0K 4.0K 0B 100% /proc mfs:28 252M 22K 232M 0% /var/spool/MailScanner/incoming First question is that I upgraded mailscanner from the ports using portupgrade. After a quick restart, I saw the following in my maillog: Apr 27 09:12:33 mailmg MailScanner[170]: MailScanner E-Mail Virus Scanner version 4.29.7 starting... Apr 27 09:12:33 mailmg MailScanner[170]: Could not read Custom Functions directory Second line is where im confused...have not seen that before. Im guessing, new change in 4.27-7? Second question. This server has two 1ghz CPU's in it. Is it safe to set the Max Children = 10 in Mailscanner.conf? Being as this box has 2 cpus, I thought this would be alright... Lastly, quick question on spamassassin: I cannot seem to recall on where to put custom .cf files for spamassassin to read? For instance, I have a few rules I downloaded from the spamassassin emporium site, that I would like to use, but I can't seem to recall on where to put them. I wanna say it would be in the following locatin: /usr/local/etc/Mailscanner/rules I could be wrong though. That is about it. Just wanted to clear up a few things before I go live. Thanks everyone! Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Apr 27 19:31:14 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:51 2006 Subject: Ruleset query In-Reply-To: <200404271802.i3RI2IYC018408@monitor.blacknight.ie> References: <200404271802.i3RI2IYC018408@monitor.blacknight.ie> Message-ID: <408EA6F2.7000702@ucgbook.com> Michele Neylon :: Blacknight Solutions wrote: > Basically mail from user1 to user2 with a very specific subject. Is there > anyway to do this via rulesets? > > (Basically we want to block mail from user1 to user2 ONLY IF the subject is > "somestring" - as an MTA or MUA is being really dumb and sending the same > email every 60 seconds....) Rulesets can't do it but a custom SA rule can and it sounds like you think of it as spam anyway. ;-) This might work (totally untested though, lint first and keep the low score!!!). If it does work, bump the score so it becomes high scoring spam. describe LOCAL_1 Description goes here header __LOCAL_1A From ~= /fromuser@domain\.com/i header __LOCAL_1B To ~= /touser@domain\.com/i header __LOCAL_1C Subject ~= /your subject goes here/i meta LOCAL_1 (__LOCAL_1A && __LOCAL_1B && __LOCAL_1C) score LOCAL_1 0.1 -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Tue Apr 27 20:47:20 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:51 2006 Subject: ZMailer - ROUTERDIRHASH Message-ID: <408E8E98.2306.38A62719@localhost> Hi people, we developed an optional add-in for ZMailer that high traffic people may be interested in. The original (current) MailScanner+ZMailer implementation only supports a single 'Incoming Queue Dir'... at least, ZMailer-wise. The point is that, when ZMailer uses directory hashes for the smtpserver (the process 'before' MailScanner), it must also use them for the router (the process 'after' MailScanner)... that is, there's a ZMailer setting (not used by default, but very recommended when you handle hundreds of messages a minute) that allows you to spread the queue directory in 26 subdirectories (named A thru Z)... but if you configure the smtpserver to use that structure, the router will look in the same structure, so you must spread MailScanner output queue files in the 26 directories. That is, if you say: Incoming Queue Dir = /var/spool/postoffice-incoming/router/? You should also say: Outgoing Queue Dir = /var/spool/postoffice/router/? But that last setting is completely invalid. You might just say: Outgoing Queue Dir = /var/spool/postoffice/router/a and you'd be using 26 dirs for input and only one for output, but at least one that is checked by the router... anyway, we developed a small set of functions that you can drop in the CustomFunctions directory and get it right. The setting (in MailScanner.conf) becomes: Outgoing Queue Dir = &ChooseZMOutQueueDir And you have to configure the directory glob within the ZMRouterDirHash.pm file (near the top), like: my @ZMOutQueueDirs=("/var/spool/postoffice/router/?"); The init function checks that the outgoing queue directories are in the same filesystem as the incoming ones, and it also verifies their existence... It will log errors but, if at least one of the entries exist and is in the correct file system, it will start and log the actual number of output queue directories to be used. We currently have this in production with MailScanner 4.29.7 and it works without a hitch. AFAIK, this should be MailScanner and ZMailer version agnostic (for old MailScanner versions, you can simply add the contents of the file to the CustomConfig.pm file). Julian, I copied your standard boilerplate and added a couple of lines for the actual guilty people behind this tiny module... if you'd like to add it to the distribution, do it as you please. Regards. -- Mariano Absatz El Baby ---------------------------------------------------------- bashian roulette: [ $(($RANDOM%6)) -eq 0 ] && rm -rf ~ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ZMRouterDirHash.pm Type: application/octet-stream Size: 5091 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/5d029d7d/ZMRouterDirHash.obj From mailscanner at LISTS.COM.AR Tue Apr 27 22:13:48 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:51 2006 Subject: Custom Config In-Reply-To: <1934.151.199.63.112.1083099970.squirrel@www.nwdhosting.com> References: <408EC9B5.7040605@ucgbook.com> Message-ID: <408EA2DC.10853.38F55362@localhost> Brian, shouldn't you be putting a my $dbh; before all your SACustomCheck within the same file? El 27 Apr 2004 a las 17:06, Webmaster escribi?: > That enables scanning for everyone. We host multiple domains, and I > wanted the admins of those domains to be able to disable scannng for their > domain only, the information being pulled from a database. I was able to > resolve the problem though, the logging routine was killing it. All is > working as expected now... If anyone wants to know: > > Virus Scanning = &SACustomCheck > Spam Checks = &SACustomCheck > > > > Here are the functions for CustomConfig.pm > > sub InitSACustomCheck { > return if defined $dbh; > > MailScanner::Log::InfoLog("Initializing database connection"); > > $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host", > $db_user, $db_pass, > {PrintError => 0}); > > if (!$dbh) { > MailScanner::Log::WarnLog("Unable to initialize database connection: > %s", $DBI::errstr); > return; > } > > MailScanner::Log::InfoLog("Finished initializing database connection"); > } > > sub EndSACustomCheck { > $dbh->disconnect if defined $dbh; > MailScanner::Log::InfoLog("Disconnected from the database"); > } > > sub SACustomCheck { > my($message) = @_; > > return unless $message; > > if(!$dbh->ping) { > undef $dbh; > MailScanner::Log::InfoLog("Database ping failure attempting to > re-connect"); > InitSACustomCheck(); > } > > return unless defined $dbh; > > foreach (@{$message->{to}}) { > ($to, $domain)=split("\@", $_); > push(@domains, "domain='$domain'"); > } > > $where=join(" OR ", @domains); > > my $sth = $dbh->prepare("SELECT value FROM custom_score WHERE > opt='checks' AND ($where)"); > $sth->execute(); > > # was there any options returned, if not, defauly yes > if ($sth->rows == 0){ > $checks=1; > }else{ > # if any domain is set to yes, it gets scanned > while (my $ref = $sth->fetchrow_hashref()) { > if ($ref->{'value'} eq "yes") { > $checks=1; > } > } > } > # otherwise, no > if ($checks != 1) { > $checks=0; > } > > return $checks; > > } > > > > Brian :) > > > > > Webmaster wrote: > >> I am trying to do a custom function so each domain we host can have > >> their > >> own options. I was able to get the "Required SpamAssassin Score" option > >> to work properly, I get the domain from the to address, get that domains > >> score from a database, and return it. I tried to do the same thing with > >> "Spam Checks", but it does not work, Ms seems to go into a loop. I > >> tried > >> the return value as 1 or 0 as the CostomCinfig.pm file said, even tried > >> returning "yes" or "no", but no luck. Any ideas? Some of our customers > >> have asked that we do not scan their mail at all (go figure, paranoid > >> people) > > > > Wouldn't this do that? > > > > # If you want to be able to switch scanning on/off for different users or > > # different domains, set this to the filename of a ruleset. > > # This can also be the filename of a ruleset. > > Virus Scanning = yes > > -- Mariano Absatz El Baby ---------------------------------------------------------- Those who cannot remember the past are doomed to buy Microsoft products. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Apr 27 19:39:03 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:51 2006 Subject: couple quick questions on Mailscanner... In-Reply-To: <5.2.1.1.0.20040427112836.00a8c0f8@pop.courtesymortgage.com> References: <5.2.1.1.0.20040427112836.00a8c0f8@pop.courtesymortgage.com> Message-ID: <408EA8C7.6010309@ucgbook.com> Jason Williams wrote: > Apr 27 09:12:33 mailmg MailScanner[170]: MailScanner E-Mail Virus Scanner > version 4.29.7 starting... > Apr 27 09:12:33 mailmg MailScanner[170]: Could not read Custom Functions > directory > > Second line is where im confused...have not seen that before. Im guessing, > new change in 4.27-7? The custom functions can be in their own directory now. Look for this line in MailScanner.conf and make sure that directory exists. Custom Functions Dir = /opt/MailScanner/lib/MailScanner/CustomFunctions > Second question. This server has two 1ghz CPU's in it. > Is it safe to set the Max Children = 10 in Mailscanner.conf? Being as > this box has 2 cpus, I thought this would be alright... You should be OK with that since you have plenty of memory. > Lastly, quick question on spamassassin: > > I cannot seem to recall on where to put custom .cf files for spamassassin > to read? For instance, I have a few rules I downloaded from the > spamassassin emporium site, that I would like to use, but I can't seem to > recall on where to put them. I have mine (BigEvil, Drugs) in /etc/mail/spamassassin/. They get picked up with no config changes. I have also created my own cf-file where I put custom rules and changes to SA that is not in spam.assassin.prefs.conf, makes it easier with upgrades. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robv at DISASTER.COM Tue Apr 27 19:48:35 2004 From: robv at DISASTER.COM (Vicchiullo, Rob) Date: Thu Jan 12 21:24:51 2006 Subject: Block filenames/filetypes Message-ID: <8BD06A60242B4341B8919A4AC958C1D0181B8C@busted.dandd.com> Is there anyway to have the filetype/filename rules reject the whole email outright instead of removing the attachment. I would like it just reject the whole email instead of removing the attachment. Rob -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Tue Apr 27 20:01:52 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:51 2006 Subject: how to create local dnsbl? Message-ID: Gang, I have googled and FAQ'ed everywhere I could think of for this one: I need to set up a DNSBL (actually a whitelist in my case) using BIND 9.2.3. Anybody have a how-to on how to do this? Like example config code for my bind files? Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Apr 27 20:05:00 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:51 2006 Subject: Ruleset query In-Reply-To: <408EA6F2.7000702@ucgbook.com> Message-ID: <200404271900.i3RJ06YC002227@monitor.blacknight.ie> Excellent! Thanks :) Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart Sent: 27 April 2004 19:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Ruleset query Michele Neylon :: Blacknight Solutions wrote: > Basically mail from user1 to user2 with a very specific subject. Is there > anyway to do this via rulesets? > > (Basically we want to block mail from user1 to user2 ONLY IF the subject is > "somestring" - as an MTA or MUA is being really dumb and sending the same > email every 60 seconds....) Rulesets can't do it but a custom SA rule can and it sounds like you think of it as spam anyway. ;-) This might work (totally untested though, lint first and keep the low score!!!). If it does work, bump the score so it becomes high scoring spam. describe LOCAL_1 Description goes here header __LOCAL_1A From ~= /fromuser@domain\.com/i header __LOCAL_1B To ~= /touser@domain\.com/i header __LOCAL_1C Subject ~= /your subject goes here/i meta LOCAL_1 (__LOCAL_1A && __LOCAL_1B && __LOCAL_1C) score LOCAL_1 0.1 -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rcooper at DWFORD.COM Tue Apr 27 20:11:50 2004 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:24:51 2006 Subject: how to create local dnsbl? In-Reply-To: Message-ID: look here : http://www.hansenonline.net/Networking/bind-spam.html > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jeff A. Earickson > Sent: Tuesday, April 27, 2004 2:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: how to create local dnsbl? > > > Gang, > I have googled and FAQ'ed everywhere I could think of > for this one: I need to set up a DNSBL (actually a whitelist > in my case) using BIND 9.2.3. Anybody have a how-to on how > to do this? Like example config code for my bind files? > > Jeff Earickson > Colby College > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From csm-lists at CSMA.BIZ Tue Apr 27 20:15:36 2004 From: csm-lists at CSMA.BIZ (Corey S. McFadden) Date: Thu Jan 12 21:24:51 2006 Subject: how to create local dnsbl? In-Reply-To: References: Message-ID: <6.0.0.22.0.20040427151009.0382a730@localhost> Jeff, Here's some example stuff. First, set up a zone in your named.conf: zone "bl.domain.com" { type master; file "/var/named/bl.zone"; }; I'll attach a sample zone file. If you know a little about BIND you'll be fine modifying it. The main thing is that you're going to need to reverse the IP addresses in the zone file to allow DNSBL-type queries. If you need additional help, e-mail me off-list. -Corey At 03:01 PM 4/27/2004, you wrote: >Gang, > I have googled and FAQ'ed everywhere I could think of >for this one: I need to set up a DNSBL (actually a whitelist >in my case) using BIND 9.2.3. Anybody have a how-to on how >to do this? Like example config code for my bind files? > >Jeff Earickson >Colby College > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > >********************************************* >This message has been scanned for viruses and >dangerous content, and is believed to be clean. -- Corey S. McFadden McFadden Associates, Technology Consultants c@csma.biz - main +1.215.689.4984 - www.csma.biz ********************************************* This message has been scanned for viruses and dangerous content, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- $TTL 300 @ IN SOA bl.domain.com. admin.domain.com. (1083092587 600 300 86400 300) IN NS bl.domain.com. IN NS dns-server1. $ORIGIN bl.domain.com. IN A 0.0.0.0 2.0.0.127 IN A 127.0.0.2 IN TXT "Test entry" 4.48.92.99 300 IN A 127.0.0.2 IN TXT "http://bl.csma.biz/cgi-bin/listing.cgi?ip=99.92.48.4" 86.101.96.99 300 IN A 127.0.0.2 IN TXT "http://bl.csma.biz/cgi-bin/listing.cgi?ip=99.96.101.86" 127.12.98.99 300 IN A 127.0.0.2 IN TXT "http://bl.csma.biz/cgi-bin/listing.cgi?ip=99.98.12.127" 195.246.98.99 300 IN A 127.0.0.2 IN TXT "http://bl.csma.biz/cgi-bin/listing.cgi?ip=99.98.246.195" 81.246.98.99 300 IN A 127.0.0.2 IN TXT "http://bl.csma.biz/cgi-bin/listing.cgi?ip=99.98.246.81" -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Tue Apr 27 20:14:25 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: <408E6082.4050305@solid-state-logic.com> Message-ID: <200404271914.i3RJEQa1004752@avwall.bladeware.com> I solved my problem in a roundabout way. I took out the RulesDeJour for one thing. I'll try adding them back later. I think the biggest kicker was to stop scanning (virus and content) for OUTGOING email. This brought my load down from 190 to 2.1 Not sure why the sudden increase in load, but at least the mail is flowing again! Thanks for the help folks! Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Tuesday, April 27, 2004 8:31 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Load > > Jeff > > seems to affect the smaller machines (like mine) quite badly.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jeff A. Earickson wrote: > > Hi, > > I've been using bigevil.cf for a while (2.12M until this > morning, > > 2.12P now), with no load problems. My setup: Sun V1280 (4 cpus), > > Solaris 9, MS 4.29.7, razor, SA 2.63, perl 5.8.3 built as > sun4-solaris-thread-multi. > > My typical load is in the range of 2-3. > > > > Jeff Earickson > > Colby College > > > > On Tue, 27 Apr 2004, Mike Kercher wrote: > > > > > >>Date: Tue, 27 Apr 2004 07:55:59 -0500 > >>From: Mike Kercher > >>Reply-To: MailScanner mailing list > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: High Load > >> > >>excellent pointer! I *did* have bigevil.cf loaded. After > rm'ing it > >>and reloading MS, my load is down below 1.00 again. I'll > be keeping > >>an eye on it today. Thanks a LOT! I woke up to an unresponsive > >>server this morning :/ > >> > >>Mike > >> > >> > >> > >>>-----Original Message----- > >>>From: MailScanner mailing list > >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > >>>Sent: Tuesday, April 27, 2004 3:09 AM > >>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>Subject: Re: High Load > >>> > >>>Have you got the bigevil.cf loaded in SA? I found this a > major hog.. > >>> > >>>Also do the debug stuff mentioned previously. > >>> > >>>-- > >>>Martin Hepworth > >>>Snr Systems Administrator > >>>Solid State Logic > >>>Tel: +44 (0)1865 842300 > >>> > >>> > >>>James Gray wrote: > >>> > >>>>Pete wrote: > >>>> > >>>> > >>>>>Mike Kercher wrote: > >>>>> > >>>>> > >>>>> > >>>>>>I'm seeing a HUGE load on my system and I can't figure out why. > >>>>>> > >>>>>>14:47:00 up 46 min, 3 users, load average: 13.43, > 14.25, 10.73 > >>>>>>102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped > >>>>>>CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait > >>>>>>0.0% idle > >>>>>>Mem: 1022796k av, 915824k used, 106972k free, 0k > >>> > >>>shrd, 43448k > >>> > >>>>>>buff > >>>>>> 522344k actv, 197376k in_d, 127288k in_c > >>>>>>Swap: 2048276k av, 31672k used, 2016604k free > >>> > >>> 441600k > >>> > >>>>>>cached > >>>>>> > >>>>>>PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM > >>> > >>>TIME CPU COMMAND > >>> > >>>>>>9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 > >>>>>>MailScanner > >>>>>>15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 > 0:00 0 > >>>>>>cucipop > >>>>>> > >>>> > >>>> > >>>>**SNIPPED** > >>>> > >>>> > >>>>>Why does your machine use swap when you have plenty of ram free ? > >>>> > >>>> > >>>>I've often seen my *nix boxen swap stuff out to increase > >>> > >>>cache/buffer > >>> > >>>>for stuff that is loaded but very rarely used (like lpd). > >>> > >>>I remember > >>> > >>>>doing some exercises with this on Solaris when I did my Sun > >>> > >>>CSE course > >>> > >>>>(the idea was performance tuning a server with very high > >>> > >>>I/O and low > >>> > >>>>application memory requirements - think BIG ftp/mail > >>> > >>>server). Never > >>> > >>>>touched it since then but is is possible to skew the memory > >>> > >>>management > >>> > >>>>to "prefer" buffer/cache in certain circumstances. > >>>> > >>>>Cheers, > >>>> > >>>>James > >>>> > >>>>-------------------------- MailScanner list ---------------------- > >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >>>>For further info about MailScanner, please see the Most Asked > >>>>Questions at http://www.mailscanner.biz/maq/ and > the archives > >>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html > >>> > >>>*********************************************************** > ********** > >>>* > >>> > >>>This email and any files transmitted with it are confidential and > >>>intended solely for the use of the individual or entity to > whom they > >>>are addressed. If you have received this email in error > please notify > >>>the system manager. > >>> > >>>This footnote confirms that this email message has been > swept for the > >>>presence of computer viruses and is believed to be clean. > >>> > >>>*********************************************************** > ********** > >>>* > >>> > >>>-------------------------- MailScanner list ---------------------- > >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >>>For further info about MailScanner, please see the Most Asked > >>>Questions at http://www.mailscanner.biz/maq/ and > the archives > >>>at http://www.jiscmail.ac.uk/lists/mailscanner.html > >>> > >> > >>-------------------------- MailScanner list ---------------------- > >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >>For further info about MailScanner, please see the Most Asked > >>Questions at http://www.mailscanner.biz/maq/ and the archives > >>at http://www.jiscmail.ac.uk/lists/mailscanner.html > >> > > > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > For further info about MailScanner, please see the Most Asked > > Questions at http://www.mailscanner.biz/maq/ and the archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Tue Apr 27 20:34:02 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:24:51 2006 Subject: mailscanner and postfix In-Reply-To: <20040427180213.GE21598@hyper> References: <20040427180213.GE21598@hyper> Message-ID: <408EB5AA.8040501@themarshalls.co.uk> Ken Dyke wrote: >Hi, > >Has anyone written a wrapper for receiving messages from postfix? >That seems to be the missing piece to avoiding the ugliness of the >set up described in "MailScanner Installation Guide - Postfix". >-- > > > Ken Sadly not. I agree Postfix has an excellent feature set for adding message 'filters' and plug ins but MailScanner, due to it's back ground and desire to be multi MTA doesn't currently support any other methods of queue file receipt. There are however alternatives to the 'ugliness of the set up' described in the installation guide. The method I use (And other like me) is what we have affectionately described as the 'Single Instance Postfix' setup. All this basically involves is writing a suitable REGEX matching your server's Received: header and dumping these matches to the hold queue. MailScanner then retrieves them from there and does it's bit, returning the now scanned mail to the 'Incoming' queue for Postfix to deliver like normal. Neater and equally effective. However, if some were to write a wrapper,I would be delighted to trial it for them :-) . Sadly I code like a Sys. Admin suffering RSA and coffee deprivation :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kdyke at KEYCOMPUTERCONSULTANTS.COM Tue Apr 27 21:16:55 2004 From: kdyke at KEYCOMPUTERCONSULTANTS.COM (Ken Dyke) Date: Thu Jan 12 21:24:51 2006 Subject: mailscanner and postfix In-Reply-To: <408EB5AA.8040501@themarshalls.co.uk> References: <20040427180213.GE21598@hyper> <408EB5AA.8040501@themarshalls.co.uk> Message-ID: <20040427201655.GJ21598@hyper> Thank you for replying. On Tue, Apr 27, 2004 at 08:34:02PM +0100, Drew Marshall (drew@THEMARSHALLS.CO.UK) wrote: > 'Single Instance Postfix' setup. All this basically involves is writing > a suitable REGEX matching your server's Received: header and dumping > these matches to the hold queue. MailScanner then retrieves them from > there and does it's bit, returning the now scanned mail to the > 'Incoming' queue for Postfix to deliver like normal. Neater and equally > effective. I may end up asking for more details about this. Please point out where I don't understand how mailscanner work. Postfix has a nice facility to pipe to filter (as you say). A simple daemon accepts messages on this pipe and places them into a queue (directory) where mailscanner picks them up. Mailscanner then hands(?) the processed messages back to the daemon which pipes them back to postfix. What am I missing? I need to have a clear enough picture to talk the coder into writing this (if feasible). > However, if some were to write a wrapper,I would be delighted to trial > it for them :-) . Sadly I code like a Sys. Admin suffering RSA and > coffee deprivation :-) RSA? -- I think, therefore, ken_i_m Chief Gadgeteer, Elegant Innovations Founder, Bozeman Linux Users Group (406) 581-0495 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From webmaster at NWDHOSTING.COM Tue Apr 27 21:33:07 2004 From: webmaster at NWDHOSTING.COM (Webmaster) Date: Thu Jan 12 21:24:51 2006 Subject: Custom Config Message-ID: <1667.151.199.63.112.1083097987.squirrel@www.nwdhosting.com> I am trying to do a custom function so each domain we host can have their own options. I was able to get the "Required SpamAssassin Score" option to work properly, I get the domain from the to address, get that domains score from a database, and return it. I tried to do the same thing with "Spam Checks", but it does not work, Ms seems to go into a loop. I tried the return value as 1 or 0 as the CostomCinfig.pm file said, even tried returning "yes" or "no", but no luck. Any ideas? Some of our customers have asked that we do not scan their mail at all (go figure, paranoid people) Brian -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shoval at SOFTOV.CO.IL Tue Apr 27 21:39:03 2004 From: shoval at SOFTOV.CO.IL (Shoval Tomer) Date: Thu Jan 12 21:24:51 2006 Subject: different character sets Message-ID: <588E0E742BFE0D4BB57874390270D8E68D6D91@stex00.softov.co.il> Hi. I'm not sure this is mailscanner related, as it could be sendmail or the OS in some way. Emails sent through MS that are HTML email's with a charset different then the default English one, Appear in outlook as if they're "Western European - ISO" encoded. If I open the message and change the encoding everything works fine. If I send the message through a different linux machine (running only sendmail, with no MS) it's also fine. Is mailscanner, in some way, changing, or setting, the default charset for the message? If you've come across this, and solved it in sendmail, or in the OS and not in mailscanner, please reply to me directly at my email address. This sole problem, is the ONLY reason I haven't deployed MS organization wide yet, so I really need to solve this. Thanks a million. Shoval -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Apr 27 21:59:33 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:51 2006 Subject: Custom Config In-Reply-To: <1667.151.199.63.112.1083097987.squirrel@www.nwdhosting.com> References: <1667.151.199.63.112.1083097987.squirrel@www.nwdhosting.com> Message-ID: <408EC9B5.7040605@ucgbook.com> Webmaster wrote: > I am trying to do a custom function so each domain we host can have their > own options. I was able to get the "Required SpamAssassin Score" option > to work properly, I get the domain from the to address, get that domains > score from a database, and return it. I tried to do the same thing with > "Spam Checks", but it does not work, Ms seems to go into a loop. I tried > the return value as 1 or 0 as the CostomCinfig.pm file said, even tried > returning "yes" or "no", but no luck. Any ideas? Some of our customers > have asked that we do not scan their mail at all (go figure, paranoid > people) Wouldn't this do that? # If you want to be able to switch scanning on/off for different users or # different domains, set this to the filename of a ruleset. # This can also be the filename of a ruleset. Virus Scanning = yes -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Apr 27 22:02:29 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:51 2006 Subject: different character sets In-Reply-To: <588E0E742BFE0D4BB57874390270D8E68D6D91@stex00.softov.co.il> References: <588E0E742BFE0D4BB57874390270D8E68D6D91@stex00.softov.co.il> Message-ID: <408ECA65.6080403@ucgbook.com> Shoval Tomer wrote: > If I send the message through a different linux machine (running only > sendmail, with no MS) it's also fine. MS shouldn't change that. Why don't you run Sendmail only on that machine to see what's going on? The other machine could be configured differently in some aspect. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From webmaster at NWDHOSTING.COM Tue Apr 27 22:06:10 2004 From: webmaster at NWDHOSTING.COM (Webmaster) Date: Thu Jan 12 21:24:51 2006 Subject: Custom Config In-Reply-To: <408EC9B5.7040605@ucgbook.com> References: <1667.151.199.63.112.1083097987.squirrel@www.nwdhosting.com> <408EC9B5.7040605@ucgbook.com> Message-ID: <1934.151.199.63.112.1083099970.squirrel@www.nwdhosting.com> That enables scanning for everyone. We host multiple domains, and I wanted the admins of those domains to be able to disable scannng for their domain only, the information being pulled from a database. I was able to resolve the problem though, the logging routine was killing it. All is working as expected now... If anyone wants to know: Virus Scanning = &SACustomCheck Spam Checks = &SACustomCheck Here are the functions for CustomConfig.pm sub InitSACustomCheck { return if defined $dbh; MailScanner::Log::InfoLog("Initializing database connection"); $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host", $db_user, $db_pass, {PrintError => 0}); if (!$dbh) { MailScanner::Log::WarnLog("Unable to initialize database connection: %s", $DBI::errstr); return; } MailScanner::Log::InfoLog("Finished initializing database connection"); } sub EndSACustomCheck { $dbh->disconnect if defined $dbh; MailScanner::Log::InfoLog("Disconnected from the database"); } sub SACustomCheck { my($message) = @_; return unless $message; if(!$dbh->ping) { undef $dbh; MailScanner::Log::InfoLog("Database ping failure attempting to re-connect"); InitSACustomCheck(); } return unless defined $dbh; foreach (@{$message->{to}}) { ($to, $domain)=split("\@", $_); push(@domains, "domain='$domain'"); } $where=join(" OR ", @domains); my $sth = $dbh->prepare("SELECT value FROM custom_score WHERE opt='checks' AND ($where)"); $sth->execute(); # was there any options returned, if not, defauly yes if ($sth->rows == 0){ $checks=1; }else{ # if any domain is set to yes, it gets scanned while (my $ref = $sth->fetchrow_hashref()) { if ($ref->{'value'} eq "yes") { $checks=1; } } } # otherwise, no if ($checks != 1) { $checks=0; } return $checks; } Brian :) > Webmaster wrote: >> I am trying to do a custom function so each domain we host can have >> their >> own options. I was able to get the "Required SpamAssassin Score" option >> to work properly, I get the domain from the to address, get that domains >> score from a database, and return it. I tried to do the same thing with >> "Spam Checks", but it does not work, Ms seems to go into a loop. I >> tried >> the return value as 1 or 0 as the CostomCinfig.pm file said, even tried >> returning "yes" or "no", but no luck. Any ideas? Some of our customers >> have asked that we do not scan their mail at all (go figure, paranoid >> people) > > Wouldn't this do that? > > # If you want to be able to switch scanning on/off for different users or > # different domains, set this to the filename of a ruleset. > # This can also be the filename of a ruleset. > Virus Scanning = yes > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Tue Apr 27 22:33:43 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:24:51 2006 Subject: mailscanner and postfix In-Reply-To: <20040427201655.GJ21598@hyper> References: <20040427180213.GE21598@hyper> <408EB5AA.8040501@themarshalls.co.uk> <20040427201655.GJ21598@hyper> Message-ID: <408ED1B7.7070309@themarshalls.co.uk> Ken Dyke wrote: >Thank you for replying. > >On Tue, Apr 27, 2004 at 08:34:02PM +0100, Drew Marshall (drew@THEMARSHALLS.CO.UK) wrote: > > >>'Single Instance Postfix' setup. All this basically involves is writing >>a suitable REGEX matching your server's Received: header and dumping >>these matches to the hold queue. MailScanner then retrieves them from >>there and does it's bit, returning the now scanned mail to the >>'Incoming' queue for Postfix to deliver like normal. Neater and equally >>effective. >> >> > >I may end up asking for more details about this. > > Not a problem. there is a thread in the list archive or have a look at http://www.themarshalls.co.uk/mailscanner-docs/postfix.htm >Please point out where I don't understand how mailscanner work. > >Postfix has a nice facility to pipe to filter (as you say). A simple >daemon accepts messages on this pipe and places them into a queue >(directory) where mailscanner picks them up. Mailscanner then hands(?) >the processed messages back to the daemon which pipes them back to >postfix. > >What am I missing? I need to have a clear enough picture to talk the >coder into writing this (if feasible). > > Nothing, that's about it. I wondered if the Amavis setup using the Perl Net Server module (I think that's what is used for the LMTP/SMTP connection) would work. I know someone mentioned on this list they had done something similar using Exim as the 'Filter'. They set up Exim in a minimalist form, binding to another port to use for SMTP, then used the Postfix filter to forward to Exim. MailScanner does it's job and then Exim returned it to Postfix to complete the process. Personally I like Postfix and don't want to play with Exim (And on the odd occasion I have, I have found it much harder to configure than Postfix) and if I wanted Exim, I would run Exim through out. The only things to consider are how does the wrapper look after the mail in the event of a system failure? MailScanner actually only scans a copy of the message (I believe?) so in the event of a power failure the original is just picked up again and is rescanned. After scanning the message is moved from one queue to another so MailScanner doesn't actually 'take control or ownership' of the message. This shouldn't be too large a problem and certainly not a show stopper. I would be interested to hear how you get on. > > >>However, if some were to write a wrapper,I would be delighted to trial >>it for them :-) . Sadly I code like a Sys. Admin suffering RSA and >>coffee deprivation :-) >> >> > >RSA? > > Sorry, Repetitive Strain Injury. All the health & safety rage here in the UK. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From webmaster at NWDHOSTING.COM Tue Apr 27 23:02:53 2004 From: webmaster at NWDHOSTING.COM (Webmaster) Date: Thu Jan 12 21:24:51 2006 Subject: Custom Config In-Reply-To: <408EA2DC.10853.38F55362@localhost> References: <408EC9B5.7040605@ucgbook.com> <408EA2DC.10853.38F55362@localhost> Message-ID: <2586.151.199.63.112.1083103373.squirrel@www.nwdhosting.com> Oops, lazyness... > Brian, > > shouldn't you be putting a > my $dbh; > before all your SACustomCheck within the same file? > > El 27 Apr 2004 a las 17:06, Webmaster escribi?: > >> That enables scanning for everyone. We host multiple domains, and I >> wanted the admins of those domains to be able to disable scannng for >> their >> domain only, the information being pulled from a database. I was able >> to >> resolve the problem though, the logging routine was killing it. All is >> working as expected now... If anyone wants to know: >> >> Virus Scanning = &SACustomCheck >> Spam Checks = &SACustomCheck >> >> >> >> Here are the functions for CustomConfig.pm >> >> sub InitSACustomCheck { >> return if defined $dbh; >> >> MailScanner::Log::InfoLog("Initializing database connection"); >> >> $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host", >> $db_user, $db_pass, >> {PrintError => 0}); >> >> if (!$dbh) { >> MailScanner::Log::WarnLog("Unable to initialize database connection: >> %s", $DBI::errstr); >> return; >> } >> >> MailScanner::Log::InfoLog("Finished initializing database connection"); >> } >> >> sub EndSACustomCheck { >> $dbh->disconnect if defined $dbh; >> MailScanner::Log::InfoLog("Disconnected from the database"); >> } >> >> sub SACustomCheck { >> my($message) = @_; >> >> return unless $message; >> >> if(!$dbh->ping) { >> undef $dbh; >> MailScanner::Log::InfoLog("Database ping failure attempting to >> re-connect"); >> InitSACustomCheck(); >> } >> >> return unless defined $dbh; >> >> foreach (@{$message->{to}}) { >> ($to, $domain)=split("\@", $_); >> push(@domains, "domain='$domain'"); >> } >> >> $where=join(" OR ", @domains); >> >> my $sth = $dbh->prepare("SELECT value FROM custom_score WHERE >> opt='checks' AND ($where)"); >> $sth->execute(); >> >> # was there any options returned, if not, defauly yes >> if ($sth->rows == 0){ >> $checks=1; >> }else{ >> # if any domain is set to yes, it gets scanned >> while (my $ref = $sth->fetchrow_hashref()) { >> if ($ref->{'value'} eq "yes") { >> $checks=1; >> } >> } >> } >> # otherwise, no >> if ($checks != 1) { >> $checks=0; >> } >> >> return $checks; >> >> } >> >> >> >> Brian :) >> >> >> >> > Webmaster wrote: >> >> I am trying to do a custom function so each domain we host can have >> >> their >> >> own options. I was able to get the "Required SpamAssassin Score" >> option >> >> to work properly, I get the domain from the to address, get that >> domains >> >> score from a database, and return it. I tried to do the same thing >> with >> >> "Spam Checks", but it does not work, Ms seems to go into a loop. I >> >> tried >> >> the return value as 1 or 0 as the CostomCinfig.pm file said, even >> tried >> >> returning "yes" or "no", but no luck. Any ideas? Some of our >> customers >> >> have asked that we do not scan their mail at all (go figure, paranoid >> >> people) >> > >> > Wouldn't this do that? >> > >> > # If you want to be able to switch scanning on/off for different users >> or >> > # different domains, set this to the filename of a ruleset. >> > # This can also be the filename of a ruleset. >> > Virus Scanning = yes >> > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > Those who cannot remember the past are doomed to buy Microsoft products. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shoval at SOFTOV.CO.IL Tue Apr 27 23:12:32 2004 From: shoval at SOFTOV.CO.IL (Shoval Tomer) Date: Thu Jan 12 21:24:51 2006 Subject: different character sets Message-ID: <588E0E742BFE0D4BB57874390270D8E68D6D95@stex00.softov.co.il> Can I temporarily disable MS and have sendmail work normally without undergoing major reconfiguration? The sendmail process is split to two processes, right? > -----Original Message----- > From: Peter Bonivart [mailto:peter@UCGBOOK.COM] > Sent: Wednesday, April 28, 2004 12:02 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: different character sets > > Shoval Tomer wrote: > > If I send the message through a different linux machine (running only > > sendmail, with no MS) it's also fine. > > MS shouldn't change that. Why don't you run Sendmail only on that > machine to see what's going on? The other machine could be configured > differently in some aspect. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Tue Apr 27 23:09:52 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:51 2006 Subject: SpamAssassin "bogus virus" ruleset Message-ID: <1083103792.29514.15.camel@bach.kevinspicer.co.uk> Don't know if anyone else is using this, but I've noticed that it picks up several MailScanner headers / report characteristics. This was causing some list mail to be flagged as spam, and was also causing reports generated by MailScanner to be marked as Spam (until I whitelisted localhost - I have no users on my MS box so hadn't deemed that necessary before). It seems that the name of the ruleset is somewhat misleading as it doesn't detect bogus virus warnings as one might imagine (such as the numerous 'new virus warning' chain letters), it attempts to detect all virus warnings. Whilst I understand their reasons (and I really dont want to start that discussion again!) I wanted to bring it to the attention of the list. Those with more patience might care to simply assign zero scores to those tests which mention MailScanner, I've just removed the ruleset. BTW it specifically mentions (in the comments) a number of domains belonging to folks that I know post here regularly. (Theres also one comment which refers to MailScanner as "a real PITA") BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Tue Apr 27 23:14:54 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:24:51 2006 Subject: Invalid qf queue files Message-ID: I haven't upgraded one of my mail servers I admin yet. It is version: MailScanner E-Mail Virus Scanner version 4.22-5 I've noticed that it does this every once and a while: Batch: Found invalid qf queue file for message i3NA1iv05824 It may go for a month fine. But then I'll start getting that in the log. When it does that, emails stop going out or coming in for that matter. Anyone know what causes that? I haven't upgraded the version of MailScanner yet but the thing that makes me nervous if I'm not here then the people here wouldn't know how to fix it. I just go in and delete the invalid files. But no one here would know how to do that. And I don't really want them doing that either :) You should see the log. It's filled with that stupid invalid stuff over and over and over. When I delete the invalid files and restart mailscanner then the error stops of course. If upgrading will fix this then I'll do it. But I would kinda like to know what causes this and maybe how I can prevent it? Thanks. -- Nathan Peters -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rich at MAIL.WVNET.EDU Tue Apr 27 23:20:07 2004 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:24:51 2006 Subject: High Load In-Reply-To: References: Message-ID: <408EDC97.90509@mail.wvnet.edu> Raymond Dijkxhoorn wrote: >Here's a somehow extended .cf to also enable the other SURBL lookups: > >[raymond@vmx01 spamassassin]$ more spamcop_uri.cf > >uri SPAMCOP_URI_RBL >eval:check_spamcop_uri_rbl('sc.surbl.org','127.0.0.2') >describe SPAMCOP_URI_RBL URI's domain appears in spamcop database at >sc.surbl.org >tflags SPAMCOP_URI_RBL net > >uri WS_URI_RBL >eval:check_spamcop_uri_rbl('ws.surbl.org','127.0.0.2') >describe WS_URI_RBL URI's domain appears in spamcop database at >ws.surbl.org >tflags WS_URI_RBL net > >uri BIGEVIL_URI_RBL >eval:check_spamcop_uri_rbl('be.surbl.org','127.0.0.2') >describe BIGEVIL_URI_RBL URI's domain appears in spamcop database at >be.surbl.org >tflags BIGEVIL_URI_RBL net > >score WS_URI_RBL 3.5 >score SPAMCOP_URI_RBL 3.5 >score BIGEVIL_URI_RBL 3.5 > >Bye, >Raymond. > > > > If I do the above does that also mean I should remove spamcop.net from the 'Spam List =' parameter in MailScanner.conf? Thanks in advance. -- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 259 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/43713521/rich.vcf From kdyke at KEYCOMPUTERCONSULTANTS.COM Tue Apr 27 23:28:27 2004 From: kdyke at KEYCOMPUTERCONSULTANTS.COM (Ken Dyke) Date: Thu Jan 12 21:24:51 2006 Subject: mailscanner and postfix In-Reply-To: <408ED1B7.7070309@themarshalls.co.uk> References: <20040427180213.GE21598@hyper> <408EB5AA.8040501@themarshalls.co.uk> <20040427201655.GJ21598@hyper> <408ED1B7.7070309@themarshalls.co.uk> Message-ID: <20040427222827.GP21598@hyper> Thanks again. On Tue, Apr 27, 2004 at 10:33:43PM +0100, Drew Marshall (drew@THEMARSHALLS.CO.UK) wrote: [...] > Not a problem. there is a thread in the list archive or have a look at > http://www.themarshalls.co.uk/mailscanner-docs/postfix.htm Cool. [...] > The only things to consider are how does the wrapper look after the mail > in the event of a system failure? MailScanner actually only scans a copy > of the message (I believe?) so in the event of a power failure the > original is just picked up again and is rescanned. After scanning the > message is moved from one queue to another so MailScanner doesn't > actually 'take control or ownership' of the message. This shouldn't be > too large a problem and certainly not a show stopper. > I would be interested to hear how you get on. I was just reading postfix-2.1.0/README_FILES/FILTER_README (skip down to the "Advanced content filter example") where I found a link to Bennett Todd's smtpprox (a perl/smtp proxy). This might be just the ticket we are looking for. [...] > Sorry, Repetitive Strain Injury. All the health & safety rage here in > the UK. Ah, here in the states it is more usually called "repetitive motion syndrome" (RMS). Kind of like when RMS gets on his gnu/linux soapbox. :-) -- I think, therefore, ken_i_m Chief Gadgeteer, Elegant Innovations Founder, Bozeman Linux Users Group (406) 581-0495 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Apr 27 23:36:56 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:51 2006 Subject: Invalid qf queue files In-Reply-To: References: Message-ID: <408EE088.8070608@ucgbook.com> NateDog wrote: > Batch: Found invalid qf queue file for message i3NA1iv05824 > > If upgrading will fix this then I'll do it. But I would kinda like to know > what causes this and maybe how I can prevent it? Looks like it's commented out now: # Every qf file should at least define the sender, 1 recipient and the # IP address. Everything else is optional, and is preserved as # MailScanner may not understand all the types of line. return 1 if $SFound && $RFound && $IPFound; #MailScanner::Log::WarnLog("Batch: Found invalid qf queue file for " . # "message %s", $message->{id}); return 0; It still checks it but it doesn't log it. Have you looked at those qf files? They may be from interrupted SMTP sessions for example, you can see above in the comment what MS is looking for in a qf file. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue Apr 27 23:36:49 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: <408EDC97.90509@mail.wvnet.edu> Message-ID: Ho! > >uri SPAMCOP_URI_RBL > >eval:check_spamcop_uri_rbl('sc.surbl.org','127.0.0.2') > >describe SPAMCOP_URI_RBL URI's domain appears in spamcop database at > >sc.surbl.org > >tflags SPAMCOP_URI_RBL net > If I do the above does that also mean I should remove spamcop.net from > the 'Spam List =' parameter in MailScanner.conf? Thanks in advance. You should in my eyes do spamcop checking within SA, but that has nothing to do with the above, this is only the spamcop surbl... Check http://www.surbl.org for more info. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Apr 27 23:41:28 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:52 2006 Subject: different character sets In-Reply-To: <588E0E742BFE0D4BB57874390270D8E68D6D95@stex00.softov.co.il> References: <588E0E742BFE0D4BB57874390270D8E68D6D95@stex00.softov.co.il> Message-ID: <408EE198.1050604@ucgbook.com> Shoval Tomer wrote: > Can I temporarily disable MS and have sendmail work normally without > undergoing major reconfiguration? > The sendmail process is split to two processes, right? You could try this: # service MailScanner stop # service sendmail start Now it should run Sendmail as usual with one queue. You might have to look into the start scripts but I'm pretty sure they leave Sendmails start script as it is and do all Sendmail stuff from the start script for MailScanner. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Tue Apr 27 23:46:48 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:24:52 2006 Subject: Invalid qf queue files References: <408EE088.8070608@ucgbook.com> Message-ID: Cool. Thanks Peter. So to keep that from happening just upgrade right? Thanks for your help. -- Nathan Peters ----- Original Message ----- From: "Peter Bonivart" To: Sent: Tuesday, April 27, 2004 5:36 PM Subject: Re: Invalid qf queue files > NateDog wrote: > > Batch: Found invalid qf queue file for message i3NA1iv05824 > > > > If upgrading will fix this then I'll do it. But I would kinda like to know > > what causes this and maybe how I can prevent it? > > Looks like it's commented out now: > > # Every qf file should at least define the sender, 1 recipient and the > # IP address. Everything else is optional, and is preserved as > # MailScanner may not understand all the types of line. > return 1 if $SFound && $RFound && $IPFound; > #MailScanner::Log::WarnLog("Batch: Found invalid qf queue file for " > # "message %s", $message->{id}); > return 0; > > It still checks it but it doesn't log it. Have you looked at those qf > files? They may be from interrupted SMTP sessions for example, you can > see above in the comment what MS is looking for in a qf file. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Wed Apr 28 00:00:35 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:24:52 2006 Subject: mailscanner and postfix In-Reply-To: <20040427222827.GP21598@hyper> References: <20040427180213.GE21598@hyper> <408EB5AA.8040501@themarshalls.co.uk> <20040427201655.GJ21598@hyper> <408ED1B7.7070309@themarshalls.co.uk> <20040427222827.GP21598@hyper> Message-ID: <408EE613.4010203@themarshalls.co.uk> Ken Dyke wrote: >I was just reading postfix-2.1.0/README_FILES/FILTER_README (skip down >to the "Advanced content filter example") where I found a link to >Bennett Todd's smtpprox (a perl/smtp proxy). This might be just the >ticket we are looking for. > > > Yes looks ideal. Can't be that hard to just get smtpprox to take the mail file and drop it in to a directory. The only challenge will be getting MailScanner's Postfix wrapper to recognise the queue format. >[...] > > >>Sorry, Repetitive Strain Injury. All the health & safety rage here in >>the UK. >> >> > >Ah, here in the states it is more usually called "repetitive motion >syndrome" (RMS). Kind of like when RMS gets on his gnu/linux soapbox. >:-) > > > :-D Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shoval at SOFTOV.CO.IL Wed Apr 28 00:09:22 2004 From: shoval at SOFTOV.CO.IL (Shoval Tomer) Date: Thu Jan 12 21:24:52 2006 Subject: different character sets Message-ID: <588E0E742BFE0D4BB57874390270D8E68D6D96@stex00.softov.co.il> Thanks Peter. Looks as if it isn't mailscanner's fault. Thanks for the tip. > -----Original Message----- > From: Peter Bonivart [mailto:peter@UCGBOOK.COM] > Sent: Wednesday, April 28, 2004 1:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: different character sets > > Shoval Tomer wrote: > > Can I temporarily disable MS and have sendmail work normally without > > undergoing major reconfiguration? > > The sendmail process is split to two processes, right? > > You could try this: > > # service MailScanner stop > # service sendmail start > > Now it should run Sendmail as usual with one queue. You might have to > look into the start scripts but I'm pretty sure they leave Sendmails > start script as it is and do all Sendmail stuff from the start script > for MailScanner. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rich at MAIL.WVNET.EDU Wed Apr 28 00:03:44 2004 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: References: Message-ID: <408EE6D0.6030904@mail.wvnet.edu> Raymond Dijkxhoorn wrote: >>If I do the above does that also mean I should remove spamcop.net from >>the 'Spam List =' parameter in MailScanner.conf? Thanks in advance. >> >> > >You should in my eyes do spamcop checking within SA, but that has nothing >to do with the above, this is only the spamcop surbl... > > > I've thought about doing just that. The advantage being that a spamcop hit just contributes to the score rather than a complete rejection. I haven't figured out how to do that though. How does one enable spamcop.net checking from SA? Does it make sense to run some RBLs (e.g. ORDB-RBL, NJABL, and SBL+XBL) from MS while running spamcop from SA? I have 'skip_rbl_checks 1' in spam.assassin.prefs.conf. Is that going to interfere? Thanks for helping out with this. -- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 259 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/29803777/rich.vcf From raymond at PROLOCATION.NET Wed Apr 28 00:16:24 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: <408EE6D0.6030904@mail.wvnet.edu> Message-ID: Hi! > >You should in my eyes do spamcop checking within SA, but that has nothing > >to do with the above, this is only the spamcop surbl... > I've thought about doing just that. The advantage being that a spamcop > hit just contributes to the score rather than a complete rejection. I > haven't figured out how to do that though. How does one enable > spamcop.net checking from SA? Does it make sense to run some RBLs > (e.g. ORDB-RBL, NJABL, and SBL+XBL) from MS while running spamcop from > SA? I have 'skip_rbl_checks 1' in spam.assassin.prefs.conf. Is that > going to interfere? Thanks for helping out with this. What do you mean, you can also raise the score in SA from each list, i would suggest however not to block/bounce since its on spamcop, thats VERY drastic and VERY unreliable also. We all know how spamcop works with reporting. I think you should move ALL the RBL stuff to SA. It helps with the score, and will definately give less false positives like that. Like someone said before on the list, its no art to simply block and reject mail, its art to get the right ones through. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rich at MAIL.WVNET.EDU Wed Apr 28 00:25:39 2004 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: References: Message-ID: <408EEBF3.2090505@mail.wvnet.edu> Raymond Dijkxhoorn wrote: >I think you should move ALL the RBL stuff to SA. It helps with the score, >and will definately give less false positives like that. > >Like someone said before on the list, its no art to simply block and >reject mail, its art to get the right ones through. > > > I agree. But what do I have to change to achieve that? Will removing the items from the Spam List= line and changing skip_rbl_checks to 0 do that? Sorry, if I'm being dense. -- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 259 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/6be9ca8b/rich.vcf From raymond at PROLOCATION.NET Wed Apr 28 00:50:11 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: <408EEBF3.2090505@mail.wvnet.edu> Message-ID: Hi! > >I think you should move ALL the RBL stuff to SA. It helps with the score, > >and will definately give less false positives like that. > > > >Like someone said before on the list, its no art to simply block and > >reject mail, its art to get the right ones through. > I agree. But what do I have to change to achieve that? Will removing > the items from the Spam List= line and changing skip_rbl_checks to 0 do > that? Sorry, if I'm being dense. Yes. And you might want to add additional ones. I have posted my config multiple times on the list, but here we go again. [root@vmx01 spamassassin]# more dnsbl_tests.cf # # Extra DNSBL checks: # # AHBL RBL checks header RCVD_IN_AHBL eval:check_rbl_txt('ahbl', 'dnsbl.ahbl.org.') describe RCVD_IN_AHBL Received via a relay in dnsbl.ahbl.org tflags RCVD_IN_AHBL net score RCVD_IN_AHBL 0 1.271 0 2.0 # RSL RBL checks header RCVD_IN_RSL eval:check_rbl_txt('rsl', 'relays.visi.com.') describe RCVD_IN_RSL Received via a relay in relays.visi.com. tflags RCVD_IN_RSL net score RCVD_IN_RSL 0 1.271 0 1.6 # SBL+XBL checks header RCVD_IN_SBL+XBL eval:check_rbl_txt('sbl-xbl','sbl-xbl.spamhaus.org.') describe RCVD_IN_SBL+XBL Received via a relay in sbl-xbl.spamhaus.org tflags RCVD_IN_SBL+XBL net score RCVD_IN_SBL+XBL 0 1.5 0 2.0 # # Customize RBL scores and disable unwanted lists # # Higher the score of DSBL score RCVD_IN_DSBL 0 1.271 0 1.6 score RCVD_IN_SORBS 0 1.0 0 1.0 # Disable SBL since we check with the combined SBL+XBL score RCVD_IN_SBL 0 Suc6, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Wed Apr 28 02:00:30 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:52 2006 Subject: mailscanner and postfix In-Reply-To: <20040427180213.GE21598@hyper> References: <20040427180213.GE21598@hyper> Message-ID: <408F022E.4010005@eatathome.com.au> Ken Dyke wrote: >Hi, > >Has anyone written a wrapper for receiving messages from postfix? >That seems to be the missing piece to avoiding the ugliness of the >set up described in "MailScanner Installation Guide - Postfix". >-- >I think, therefore, ken_i_m >Chief Gadgeteer, Elegant Innovations >Founder, Bozeman Linux Users Group >(406) 581-0495 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > There is a simpler way, and i believe that Julian is going to be implementing it as the defaul in a future version of mailscanner? i believe the hold up is the install.sh script. The 2 POstfix instance works perfectly, as described on the mailscanner site and plenty of uisers using that here - more recently some one has produced a guide that shows you how to use POstfix with one instance - i have attached the instructions, wrriten and sent to me by Drew? but there is plenty of talk in the archive about it already. Regards Pete -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- #For MailScanner /^Received:/ HOLD -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner Installation Guide.doc Type: application/msword Size: 24576 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/f3efaff9/MailScannerInstallationGuide.doc From eja at URBAKKEN.DK Wed Apr 28 08:21:18 2004 From: eja at URBAKKEN.DK (Erik Jakobsen) Date: Thu Jan 12 21:24:52 2006 Subject: Errors starting up MailScanner. Message-ID: Hi. I have set up a new server here, and have installed MailScanner. It shows the following error when I do start it up. What is this problem ?. # service MailScanner start Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate Archive/Zip.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 46. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 46. Compilation failed in require at /usr/sbin/MailScanner line 52. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52. [ OK ] -- Med venlig hilsen - Best regards. Erik Jakobsen - eja@urbakken.dk. Licensed radioamateur with the callsign OZ4KK. SuSE Linux 9.0 Proff. Registered as user #319488 with the Linux Counter, http://counter.li.org. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Wed Apr 28 08:39:00 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:52 2006 Subject: Errors starting up MailScanner. In-Reply-To: Message-ID: Hi! > I have set up a new server here, and have installed MailScanner. It shows > the following error when I do start it up. Did you install using the install.sh ? > What is this problem ?. > > > # service MailScanner start > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate Archive/Zip.pm in @INC (@INC Not that hard to spot, install Archive::Zip Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From eja at URBAKKEN.DK Wed Apr 28 08:42:49 2004 From: eja at URBAKKEN.DK (Erik Jakobsen) Date: Thu Jan 12 21:24:52 2006 Subject: Errors starting up MailScanner. Message-ID: On Wed, 28 Apr 2004 09:39:00 +0200, Raymond Dijkxhoorn wrote: >Hi! > >> I have set up a new server here, and have installed MailScanner. It shows >> the following error when I do start it up. > >Did you install using the install.sh ? Yes I did. >> What is this problem ?. >> >> >> # service MailScanner start >> Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: Can't locate Archive/Zip.pm in @INC (@INC > >Not that hard to spot, install Archive::Zip Can you please advise me on how to ?. >Bye, >Raymond. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html Erik. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Wed Apr 28 08:48:19 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:52 2006 Subject: Errors starting up MailScanner. In-Reply-To: Message-ID: Hi! > >Not that hard to spot, install Archive::Zip > > Can you please advise me on how to ?. Perl -MCPAN -e shell install Archive::Zip If you did a quick search on the archive you would have found it also. You might have to correct your language settings also. Here are some pointers. http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0403&L=mailscanner&P=R48305&I=-1 http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0403&L=mailscanner&D=0&I=-1&P=48099 Not that hard to simple look in the archive. You can do that here: http://www.jiscmail.ac.uk/cgi-bin/webadmin?S1=mailscanner&D=0&I=-1 Suc6, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Wed Apr 28 08:55:05 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: <200404271914.i3RJEQa1004752@avwall.bladeware.com> References: <200404271914.i3RJEQa1004752@avwall.bladeware.com> Message-ID: <408F6359.6070905@solid-state-logic.com> Mike I have a rule set so outgoing email only gets virus scanned, not spam scanned. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mike Kercher wrote: > I solved my problem in a roundabout way. I took out the RulesDeJour for one > thing. I'll try adding them back later. I think the biggest kicker was to > stop scanning (virus and content) for OUTGOING email. This brought my load > down from 190 to 2.1 Not sure why the sudden increase in load, but at least > the mail is flowing again! > > Thanks for the help folks! > > Mike > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>Sent: Tuesday, April 27, 2004 8:31 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: High Load >> >>Jeff >> >>seems to affect the smaller machines (like mine) quite badly.. >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Jeff A. Earickson wrote: >> >>>Hi, >>> I've been using bigevil.cf for a while (2.12M until this >> >>morning, >> >>>2.12P now), with no load problems. My setup: Sun V1280 (4 cpus), >>>Solaris 9, MS 4.29.7, razor, SA 2.63, perl 5.8.3 built as >> >>sun4-solaris-thread-multi. >> >>>My typical load is in the range of 2-3. >>> >>>Jeff Earickson >>>Colby College >>> >>>On Tue, 27 Apr 2004, Mike Kercher wrote: >>> >>> >>> >>>>Date: Tue, 27 Apr 2004 07:55:59 -0500 >>>>From: Mike Kercher >>>>Reply-To: MailScanner mailing list >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: High Load >>>> >>>>excellent pointer! I *did* have bigevil.cf loaded. After >> >>rm'ing it >> >>>>and reloading MS, my load is down below 1.00 again. I'll >> >>be keeping >> >>>>an eye on it today. Thanks a LOT! I woke up to an unresponsive >>>>server this morning :/ >>>> >>>>Mike >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list >>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>>>>Sent: Tuesday, April 27, 2004 3:09 AM >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: High Load >>>>> >>>>>Have you got the bigevil.cf loaded in SA? I found this a >> >>major hog.. >> >>>>>Also do the debug stuff mentioned previously. >>>>> >>>>>-- >>>>>Martin Hepworth >>>>>Snr Systems Administrator >>>>>Solid State Logic >>>>>Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>>James Gray wrote: >>>>> >>>>> >>>>>>Pete wrote: >>>>>> >>>>>> >>>>>> >>>>>>>Mike Kercher wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>I'm seeing a HUGE load on my system and I can't figure out why. >>>>>>>> >>>>>>>>14:47:00 up 46 min, 3 users, load average: 13.43, >> >>14.25, 10.73 >> >>>>>>>>102 processes: 87 sleeping, 12 running, 3 zombie, 0 stopped >>>>>>>>CPU states: 75.6% user 24.3% system 0.0% nice 0.0% iowait >>>>>>>>0.0% idle >>>>>>>>Mem: 1022796k av, 915824k used, 106972k free, 0k >>>>> >>>>>shrd, 43448k >>>>> >>>>> >>>>>>>>buff >>>>>>>> 522344k actv, 197376k in_d, 127288k in_c >>>>>>>>Swap: 2048276k av, 31672k used, 2016604k free >>>>> >>>>> 441600k >>>>> >>>>> >>>>>>>>cached >>>>>>>> >>>>>>>>PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM >>>>> >>>>>TIME CPU COMMAND >>>>> >>>>> >>>>>>>>9837 root 15 0 14808 952 820 S 68.5 0.0 3:25 0 >>>>>>>>MailScanner >>>>>>>>15534 hbaldera 23 0 0 0 0 Z 0.7 0.0 >> >> 0:00 0 >> >>>>>>>>cucipop >>>>>>>> >>>>>> >>>>>> >>>>>>**SNIPPED** >>>>>> >>>>>> >>>>>> >>>>>>>Why does your machine use swap when you have plenty of ram free ? >>>>>> >>>>>> >>>>>>I've often seen my *nix boxen swap stuff out to increase >>>>> >>>>>cache/buffer >>>>> >>>>> >>>>>>for stuff that is loaded but very rarely used (like lpd). >>>>> >>>>>I remember >>>>> >>>>> >>>>>>doing some exercises with this on Solaris when I did my Sun >>>>> >>>>>CSE course >>>>> >>>>> >>>>>>(the idea was performance tuning a server with very high >>>>> >>>>>I/O and low >>>>> >>>>> >>>>>>application memory requirements - think BIG ftp/mail >>>>> >>>>>server). Never >>>>> >>>>> >>>>>>touched it since then but is is possible to skew the memory >>>>> >>>>>management >>>>> >>>>> >>>>>>to "prefer" buffer/cache in certain circumstances. >>>>>> >>>>>>Cheers, >>>>>> >>>>>>James >>>>>> >>>>>>-------------------------- MailScanner list ---------------------- >>>>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>>>For further info about MailScanner, please see the Most Asked >>>>>>Questions at http://www.mailscanner.biz/maq/ and >> >>the archives >> >>>>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>>>> >>>>>*********************************************************** >> >>********** >> >>>>>* >>>>> >>>>>This email and any files transmitted with it are confidential and >>>>>intended solely for the use of the individual or entity to >> >>whom they >> >>>>>are addressed. If you have received this email in error >> >>please notify >> >>>>>the system manager. >>>>> >>>>>This footnote confirms that this email message has been >> >>swept for the >> >>>>>presence of computer viruses and is believed to be clean. >>>>> >>>>>*********************************************************** >> >>********** >> >>>>>* >>>>> >>>>>-------------------------- MailScanner list ---------------------- >>>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>>For further info about MailScanner, please see the Most Asked >>>>>Questions at http://www.mailscanner.biz/maq/ and >> >>the archives >> >>>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>>>> >>>> >>>>-------------------------- MailScanner list ---------------------- >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>For further info about MailScanner, please see the Most Asked >>>>Questions at http://www.mailscanner.biz/maq/ and the archives >>>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >>>> >>> >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>For further info about MailScanner, please see the Most Asked >>>Questions at http://www.mailscanner.biz/maq/ and the archives >>>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential >>and intended solely for the use of the individual or entity >>to whom they are addressed. If you have received this email >>in error please notify the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jens at JSCONSULT.DK Wed Apr 28 08:55:53 2004 From: jens at JSCONSULT.DK (Jens W. Skov - JS Consult) Date: Thu Jan 12 21:24:52 2006 Subject: SV: Errors starting up MailScanner. In-Reply-To: Message-ID: <20040428075548.A25561EC4E4@pasmtp.tele.dk> Cpan Install Archive::Zip quit -- Jens W. Skov - JS Consult -- R?veh?jparken 58, 2800 Kgs. Lyngby -- Tlf: 45884077 - Mob: 23254077 -- www.jsconsult.dk - www.jnet.dk -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] P? vegne af Erik Jakobsen Sendt: 28. april 2004 09:43 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: Re: Errors starting up MailScanner. On Wed, 28 Apr 2004 09:39:00 +0200, Raymond Dijkxhoorn wrote: >Hi! > >> I have set up a new server here, and have installed MailScanner. It shows >> the following error when I do start it up. > >Did you install using the install.sh ? Yes I did. >> What is this problem ?. >> >> >> # service MailScanner start >> Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: Can't locate Archive/Zip.pm in @INC (@INC > >Not that hard to spot, install Archive::Zip Can you please advise me on how to ?. >Bye, >Raymond. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html Erik. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From m.sapsed at BANGOR.AC.UK Wed Apr 28 09:15:32 2004 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:24:52 2006 Subject: Filename.rules.conf - CLSID false positive References: <9BDD6D4AD0795C46974D7D46C17883B80A748D80@ahm_exchange2.americanhm.com> Message-ID: <408F6824.1090202@bangor.ac.uk> jburzenski@americanhm.com wrote: > Has anyone else encountered any false positives with this filename rule? > > # Deny filenames ending with CLSID's > deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real > type Files containing CLSID's are trying to > hide their real type > > > I have a vendor who sends PDF files that look like: > > 138139_{8B5AC3AF-BE17-4A06-BB98-790FA5C00C9B}.pdf > > I researched the CLSID vulnerability and it seems that it is only > effective when tagged at the end of the filename, after the extension. > I am considering revising this regex to something like: > > \{[a-hA-H0-9-]{25,}\}$ > > Does anyone see any danger in this change? Bearing in mind Julian's reply, if you only get PDF's like this, why not put in an "allow {CLSID}.pdf$" line above Julian's "deny anything with a CLSID in" line? Or use a ruleset to turn off filename checking for that domain? Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jpabuyer at TECNOERA.COM Tue Apr 27 22:55:39 2004 From: jpabuyer at TECNOERA.COM (Juan Pablo Abuyeres) Date: Thu Jan 12 21:24:52 2006 Subject: it doesn't log RBL's activity properly Message-ID: <1083102938.6203.25.camel@blackbird.tecnoera.com> Hi,

I'm using mailscanner-4.29.7-1 + sendmail.

If I configure MailScanner.conf like this:

Spam Actions = bounce
High Scoring Spam Actions = bounce
Spam Checks = yes
Spam List = ORDB-RBL SBL+XBL
Use SpamAssassin = no

If someone sends an email from a host listed on the RBLs, the maillog only shows the "from" line of the sendmail, for example, one like this:

Apr 27 11:44:35 baltazar sendmail[29734]: i3RFiEn29734: from=<xxxxxxxxx@xxxxxxxx.xx>, size=120173, class=0, nrcpts=1, msgid=<002d01c42c6e$7af33380$0200a8c0@xxxxxxxx.xx>, proto=SMTP, daemon=MTA, relay=[10.10.10.10]

And if you search the maillog for id i3RFiEn29734, that is the only line showed. You don't have a clue of what happened to the email, when in fact it was bounced.

The expected behavior is MailScanner to show some log saying that the email id i3RFiEn29734 was bounced or whatever.

--
Juan Pablo Abuyeres <jpabuyer@tecnoera.com>


-------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed Apr 28 09:19:55 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:52 2006 Subject: it doesn't log RBL's activity properly In-Reply-To: <1083102938.6203.25.camel@blackbird.tecnoera.com> References: <1083102938.6203.25.camel@blackbird.tecnoera.com> Message-ID: <6.0.1.1.2.20040428091944.039948b8@imap.ecs.soton.ac.uk> What effect does Log Spam = yes have on it? At 22:55 27/04/2004, you wrote: >Hi, > >I'm using mailscanner-4.29.7-1 + sendmail. > >If I configure MailScanner.conf like this: > >Spam Actions = bounce >High Scoring Spam Actions = bounce >Spam Checks = yes >Spam List = ORDB-RBL SBL+XBL >Use SpamAssassin = no > >If someone sends an email from a host listed on the RBLs, the maillog only >shows the "from" line of the sendmail, for example, one like this: > >Apr 27 11:44:35 baltazar sendmail[29734]: i3RFiEn29734: >from=, size=120173, class=0, nrcpts=1, >msgid=<002d01c42c6e$7af33380$0200a8c0@xxxxxxxx.xx>, proto=SMTP, >daemon=MTA, relay=[10.10.10.10] > >And if you search the maillog for id i3RFiEn29734, that is the only line >showed. You don't have a clue of what happened to the email, when in fact >it was bounced. > >The expected behavior is MailScanner to show some log saying that the >email id i3RFiEn29734 was bounced or whatever. > >-- >Juan Pablo Abuyeres <jpabuyer@tecnoera.com> > > >-------------------------- MailScanner list ---------------------- To >leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info >about MailScanner, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Wed Apr 28 09:37:03 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:24:52 2006 Subject: smtp;554 5.1.0 Sender Denied Message-ID: <38531FBA30509D418523F41CC6E981D827EA8A@securenetdc.securenet.co.il> Hi all, I am using sendmail-8.12.8-9.90 and mailscanner 4.25 When I am sending a mail just from yahoo.com to my company I am getting this error: Reporting-MTA: dns; gateway@test.com Final-Recipient: RFC822;test@test.com Action: failed Status: 5.0.0 (permanent failure) Diagnostic-Code: smtp;554 5.1.0 Sender Denied Someone know the reason ? Thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/256aa981/attachment.html From mailscanner at ecs.soton.ac.uk Wed Apr 28 09:38:56 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:52 2006 Subject: smtp;554 5.1.0 Sender Denied In-Reply-To: <38531FBA30509D418523F41CC6E981D827EA8A@securenetdc.securen et.co.il> References: <38531FBA30509D418523F41CC6E981D827EA8A@securenetdc.securenet.co.il> Message-ID: <6.0.1.1.2.20040428093758.065dee10@imap.ecs.soton.ac.uk> Idan, Yet again, this is nothing whatsoever to do with MailScanner. Please restrict your questions to ones that are something to do with MailScanner, or I will have no option but to remove you from the mailing list, and I really don't want to have to do that. At 09:37 28/04/2004, you wrote: >Hi all, > >I am using sendmail-8.12.8-9.90 and mailscanner 4.25 >When I am sending a mail just from yahoo.com to my company I am getting >this error: > >Reporting-MTA: dns; gateway@test.com > >Final-Recipient: RFC822;test@test.com >Action: failed >Status: 5.0.0 (permanent failure) >Diagnostic-Code: smtp;554 5.1.0 Sender Denied >Someone know the reason ? > >Thanks >-------------------------- MailScanner list ---------------------- To >leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info >about MailScanner, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Wed Apr 28 10:04:11 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:52 2006 Subject: File blocked but virus not detected Message-ID: Hi Julian, I am seeing some strange things lately. Some messages are blocked due to filename extensions and are put in quarantine. When I take a closer look those messages contain a virus which is easily spotted using one of the virus scanners that MailScanner on that machine uses. But MailScanner did not complain about any virus, just the filename extension. Example: Apr 28 09:49:31 proxy-hb exim[89373]: 2004-04-28 09:49:31 1BIjov-000NFV-Kl <= 8439513@marlink.com H=aa2001120174003.userreverse.dion.ne.jp (pwl.de) [210.238.250.218] P=esmtp S=25189 from <8439513@marlink.com> for name.blanked@mydomain.de Apr 28 09:49:39 proxy-hb MailScanner[71322]: Filename Checks: Possible MS-Dos program shortcut attack (1BIjov-000NFV-Kl your_picture01.pif) Apr 28 09:49:39 proxy-hb MailScanner[71322]: Filetype Checks: No executables (1BIjov-000NFV-Kl your_picture01.pif) Apr 28 09:49:40 proxy-hb MailScanner[71322]: Saved entire message to /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl Apr 28 09:49:40 proxy-hb MailScanner[71322]: Saved infected "your_picture01.pif" to /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl Apr 28 09:49:40 proxy-hb exim[89475]: 2004-04-28 09:49:40 1BIjov-000NFV-Kl => name.blank@mydomain.de F=<8439513@marlink.com> R=mailertable T=remote_smtp S=2543 H=192.168.160.12 [192.168.160.12] Apr 28 09:49:40 proxy-hb exim[89475]: 2004-04-28 09:49:40 1BIjov-000NFV-Kl Completed The quarantine dir contains: -rw-r----- 1 mailnull getqmail 25189 Apr 28 09:49 message -rw-r----- 1 mailnull getqmail 17920 Apr 28 09:49 your_picture01.pif Virus scanning says: F-PROT ANTIVIRUS Program version: 4.2.0 Engine version: 3.14.7 VIRUS SIGNATURE FILES SIGN.DEF created 27 April 2004 SIGN2.DEF created 28 April 2004 MACRO.DEF created 21 April 2004 Search: message your_picture01.pif Action: Report only Files: Attempt to identify files Switches: /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl/message->you r_picture01.pif Infection: W32/NewWorm.01@mm /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl/your_picture 01.pif Infection: W32/NewWorm.01@mm Any ideas? As I said: I am seeing quite some of these! I am running 4.29.5 at that particular location. It would be awfully nice if you could have a look into this please. I am not aware of any changes between 4.29.5 and 4.29.7 that could cause this but will upgrade right away nevertheless. Moreover many viruses are caught as high scoring spam with action "store" and are not checked on viruses. I know this is not a bug but a feature but still.... If something contains a virus the report/flags etc. should say virus after all and not only spam. Kind regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed Apr 28 10:16:53 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:52 2006 Subject: File blocked but virus not detected In-Reply-To: References: Message-ID: <6.0.1.1.2.20040428101631.06605a40@imap.ecs.soton.ac.uk> Can you put an entire message on a web server somewhere for me please, so that I can fetch a copy and test it out? At 10:04 28/04/2004, you wrote: >Hi Julian, > >I am seeing some strange things lately. Some messages are blocked due to >filename extensions and are put in quarantine. When I take a closer look >those messages contain a virus which is easily spotted using one of the >virus scanners that MailScanner on that machine uses. But MailScanner >did not complain about any virus, just the filename extension. Example: > >Apr 28 09:49:31 proxy-hb exim[89373]: 2004-04-28 09:49:31 >1BIjov-000NFV-Kl <= 8439513@marlink.com >H=aa2001120174003.userreverse.dion.ne.jp (pwl.de) [210.238.250.218] >P=esmtp S=25189 from <8439513@marlink.com> for name.blanked@mydomain.de >Apr 28 09:49:39 proxy-hb MailScanner[71322]: Filename Checks: Possible >MS-Dos program shortcut attack (1BIjov-000NFV-Kl your_picture01.pif) >Apr 28 09:49:39 proxy-hb MailScanner[71322]: Filetype Checks: No >executables (1BIjov-000NFV-Kl your_picture01.pif) >Apr 28 09:49:40 proxy-hb MailScanner[71322]: Saved entire message to >/var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl >Apr 28 09:49:40 proxy-hb MailScanner[71322]: Saved infected >"your_picture01.pif" to >/var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl >Apr 28 09:49:40 proxy-hb exim[89475]: 2004-04-28 09:49:40 >1BIjov-000NFV-Kl => name.blank@mydomain.de F=<8439513@marlink.com> >R=mailertable T=remote_smtp S=2543 H=192.168.160.12 [192.168.160.12] >Apr 28 09:49:40 proxy-hb exim[89475]: 2004-04-28 09:49:40 >1BIjov-000NFV-Kl Completed > >The quarantine dir contains: > >-rw-r----- 1 mailnull getqmail 25189 Apr 28 09:49 message >-rw-r----- 1 mailnull getqmail 17920 Apr 28 09:49 >your_picture01.pif > > >Virus scanning says: > > >F-PROT ANTIVIRUS >Program version: 4.2.0 >Engine version: 3.14.7 > >VIRUS SIGNATURE FILES >SIGN.DEF created 27 April 2004 >SIGN2.DEF created 28 April 2004 >MACRO.DEF created 21 April 2004 > >Search: message your_picture01.pif >Action: Report only >Files: Attempt to identify files >Switches: > >/var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl/message->you >r_picture01.pif Infection: W32/NewWorm.01@mm >/var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl/your_picture >01.pif Infection: W32/NewWorm.01@mm > > >Any ideas? As I said: I am seeing quite some of these! I am running >4.29.5 at that particular location. It would be awfully nice if you >could have a look into this please. I am not aware of any changes >between 4.29.5 and 4.29.7 that could cause this but will upgrade right >away nevertheless. > >Moreover many viruses are caught as high scoring spam with action >"store" and are not checked on viruses. I know this is not a bug but a >feature but still.... If something contains a virus the report/flags >etc. should say virus after all and not only spam. > >Kind regards, > JP > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Wed Apr 28 10:31:13 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:52 2006 Subject: File blocked but virus not detected Message-ID: Apparently false alarm... I misread NetSky.A and NetSky.AB. It seems as if this customer has once again caught several messages with a virus that was not yet in the signatures. It is being detected now (since 10:30 GMT+1 CEST). Sorry for the confusion. BUT: I am still seeing High Scoring Spam though that causes me headaches. I just found several spams in the quarantine which contain "your_document.pif" etc. Looks very much like a virus to me but it is not detected. If I manually b64decode the attachment and run virus scanners on it, NetSky.D is detected at once. Probably this is some sort of bug though... Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Wed Apr 28 10:39:23 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:52 2006 Subject: File blocked but virus not detected Message-ID: > Can you put an entire message on a web server somewhere for > me please, so that I can fetch a copy and test it out? Done. Link via private mail. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed Apr 28 10:34:13 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:52 2006 Subject: File blocked but virus not detected In-Reply-To: References: Message-ID: Jan-Peter Koopmann wrote: > Hi Julian, > > I am seeing some strange things lately. Some messages are blocked due to > filename extensions and are put in quarantine. When I take a closer look > those messages contain a virus which is easily spotted using one of the > virus scanners that MailScanner on that machine uses. But MailScanner > did not complain about any virus, just the filename extension. Example: > > Apr 28 09:49:31 proxy-hb exim[89373]: 2004-04-28 09:49:31 > 1BIjov-000NFV-Kl <= 8439513@marlink.com > H=aa2001120174003.userreverse.dion.ne.jp (pwl.de) [210.238.250.218] > P=esmtp S=25189 from <8439513@marlink.com> for name.blanked@mydomain.de > Apr 28 09:49:39 proxy-hb MailScanner[71322]: Filename Checks: Possible > MS-Dos program shortcut attack (1BIjov-000NFV-Kl your_picture01.pif) > Apr 28 09:49:39 proxy-hb MailScanner[71322]: Filetype Checks: No > executables (1BIjov-000NFV-Kl your_picture01.pif) > Apr 28 09:49:40 proxy-hb MailScanner[71322]: Saved entire message to > /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl > Apr 28 09:49:40 proxy-hb MailScanner[71322]: Saved infected > "your_picture01.pif" to > /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl > Apr 28 09:49:40 proxy-hb exim[89475]: 2004-04-28 09:49:40 > 1BIjov-000NFV-Kl => name.blank@mydomain.de F=<8439513@marlink.com> > R=mailertable T=remote_smtp S=2543 H=192.168.160.12 [192.168.160.12] > Apr 28 09:49:40 proxy-hb exim[89475]: 2004-04-28 09:49:40 > 1BIjov-000NFV-Kl Completed > > The quarantine dir contains: > > -rw-r----- 1 mailnull getqmail 25189 Apr 28 09:49 message > -rw-r----- 1 mailnull getqmail 17920 Apr 28 09:49 > your_picture01.pif > > > Virus scanning says: > > > F-PROT ANTIVIRUS > Program version: 4.2.0 > Engine version: 3.14.7 > > VIRUS SIGNATURE FILES > SIGN.DEF created 27 April 2004 > SIGN2.DEF created 28 April 2004 > MACRO.DEF created 21 April 2004 > > Search: message your_picture01.pif > Action: Report only > Files: Attempt to identify files > Switches: > > /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl/message->you > r_picture01.pif Infection: W32/NewWorm.01@mm > /var/spool/MailScanner/quarantine/20040428/1BIjov-000NFV-Kl/your_picture > 01.pif Infection: W32/NewWorm.01@mm > > > Any ideas? As I said: I am seeing quite some of these! I am running > 4.29.5 at that particular location. It would be awfully nice if you > could have a look into this please. I am not aware of any changes > between 4.29.5 and 4.29.7 that could cause this but will upgrade right > away nevertheless. Do you have a symlink in your path to your virus-scanner? > > Moreover many viruses are caught as high scoring spam with action > "store" and are not checked on viruses. I know this is not a bug but a > feature but still.... If something contains a virus the report/flags > etc. should say virus after all and not only spam. http://www.mailscanner.biz/maq/#highsconotscanned > > Kind regards, > JP > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Wed Apr 28 10:54:25 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:52 2006 Subject: File blocked but virus not detected Message-ID: On Wednesday, April 28, 2004 11:34 AM Ugo Bellavance wrote: > Do you have a symlink in your path to your virus-scanner? Nope. As I just found out it was a VERY new virus and the signatures were updated last hour. The virus could not be spotted at delivery time but can be now... I just read NetSky.A (missing the B) and was confused since I then figured that NetSky.A should be detected of course... :-) >> a feature but still.... If something contains a virus the >> report/flags etc. should say virus after all and not only spam. > > http://www.mailscanner.biz/maq/#highsconotscanned > Rats. I had a look at the quarantine and was sure this was "fixed" since I see a lot of Spam AND Virus entries. Talking a closer look all of them were Spam and not High-Scoring Spam. Suddenly all makes sense. Julian: Forget my mail. Ugo: Thanks for the reminder. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Wed Apr 28 11:18:52 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:52 2006 Subject: Problem with lockfile in update_virus_scanners Message-ID: Hi, I just noticed that on one of our MailScanner servers no update was run for the past 20 days. Turns out that at one point there must have been a problem and the lockfile /tmp/MailScanner.autoupdate.lock was not removed. From that point on no update worked. This surely is not a suitable solution. If the sole purpose of this lockfile is to prevent two cron jobs coming to close to each other, would it not be better to check for the existence and the age of the lockfile? Something like "if the lockfile is older than one hour, ignore it"? Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at seceidos.de Wed Apr 28 12:33:44 2004 From: Jan-Peter.Koopmann at seceidos.de (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:52 2006 Subject: Problem with lockfile in update_virus_scanners Message-ID: Something like this should do the trick. Any thoughts? -------------- next part -------------- A non-text attachment was scrubbed... Name: update_virus_scanners.patch Type: application/octet-stream Size: 477 bytes Desc: update_virus_scanners.patch Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/576874ce/update_virus_scanners.obj From Jan-Peter.Koopmann at SECEIDOS.DE Wed Apr 28 12:33:44 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:52 2006 Subject: Problem with lockfile in update_virus_scanners Message-ID: Something like this should do the trick. Any thoughts? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: update_virus_scanners.patch Type: application/octet-stream Size: 477 bytes Desc: update_virus_scanners.patch Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/576874ce/update_virus_scanners-0001.obj From eja at URBAKKEN.DK Wed Apr 28 10:04:17 2004 From: eja at URBAKKEN.DK (Erik Jakobsen) Date: Thu Jan 12 21:24:52 2006 Subject: Errors starting up MailScanner. Message-ID: On Wed, 28 Apr 2004 09:48:19 +0200, Raymond Dijkxhoorn wrote: >Hi! > >> >Not that hard to spot, install Archive::Zip >> >> Can you please advise me on how to ?. > >Perl -MCPAN -e shell That did not work. >install Archive::Zip > >If you did a quick search on the archive you would have found it also. >You might have to correct your language settings also. Here are some >pointers. I'm sorry. Better that I pay for the help for MailScanner. >http://www.jiscmail.ac.uk/cgi-bin/webadmin? A2=ind0403&L=mailscanner&P=R48305&I=-1 >http://www.jiscmail.ac.uk/cgi-bin/webadmin? A2=ind0403&L=mailscanner&D=0&I=-1&P=48099 > >Not that hard to simple look in the archive. > >You can do that here: > >http://www.jiscmail.ac.uk/cgi-bin/webadmin?S1=mailscanner&D=0&I=-1 > >Suc6, >Raymond. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html Sorry for the inconvenience. Erik -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ricardo.bernardes at centraldecomunicacao.pt Wed Apr 28 14:12:50 2004 From: ricardo.bernardes at centraldecomunicacao.pt (Ricardo Bernardes) Date: Thu Jan 12 21:24:52 2006 Subject: Problem With PDF Files - HELP ! Message-ID: <014001c42d22$81f65900$320fa8c0@rbernardes> Hi, i?m using Mailscanner with ClamAV and my PDF files get corrupted. if they are zipped -- no problem anyone has a suggestion?? TIA Ricardo -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/fc65c011/attachment.html From jburzenski at AMERICANHM.COM Wed Apr 28 14:12:09 2004 From: jburzenski at AMERICANHM.COM (Jason Burzenski) Date: Thu Jan 12 21:24:52 2006 Subject: Filename.rules.conf - CLSID false positive Message-ID: <9BDD6D4AD0795C46974D7D46C17883B80A748E02@ahm_exchange2.americanhm.com> > Bearing in mind Julian's reply, if you only get PDF's like > this, why not put in an "allow {CLSID}.pdf$" line above > Julian's "deny anything with a CLSID in" line? Or use a > ruleset to turn off filename checking for that domain? That's not a bad idea (the allow line). I try not to let any domain bypass a particular filtering method with all of the 'forged' messages that are prevalent today. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/caf5b7d6/attachment.html From jpabuyer at TECNOERA.COM Wed Apr 28 14:37:52 2004 From: jpabuyer at TECNOERA.COM (Juan Pablo Abuyeres) Date: Thu Jan 12 21:24:52 2006 Subject: it doesn't log RBL's activity properly In-Reply-To: <6.0.1.1.2.20040428091944.039948b8@imap.ecs.soton.ac.uk> References: <1083102938.6203.25.camel@blackbird.tecnoera.com> <6.0.1.1.2.20040428091944.039948b8@imap.ecs.soton.ac.uk> Message-ID: <1083159472.8867.1.camel@blackbird.tecnoera.com> OMG... stupidity blocking my brain again... sorry man., I didn't realize there was an option for that. works perfect. Thanks. On Wed, 2004-04-28 at 04:19, Julian Field wrote: > What effect does > Log Spam = yes > have on it? > > At 22:55 27/04/2004, you wrote: > >Hi, > > > >I'm using mailscanner-4.29.7-1 + sendmail. > > > >If I configure MailScanner.conf like this: > > > >Spam Actions = bounce > >High Scoring Spam Actions = bounce > >Spam Checks = yes > >Spam List = ORDB-RBL SBL+XBL > >Use SpamAssassin = no > > > >If someone sends an email from a host listed on the RBLs, the maillog only > >shows the "from" line of the sendmail, for example, one like this: > > > >Apr 27 11:44:35 baltazar sendmail[29734]: i3RFiEn29734: > >from=, size=120173, class=0, nrcpts=1, > >msgid=<002d01c42c6e$7af33380$0200a8c0@xxxxxxxx.xx>, proto=SMTP, > >daemon=MTA, relay=[10.10.10.10] > > > >And if you search the maillog for id i3RFiEn29734, that is the only line > >showed. You don't have a clue of what happened to the email, when in fact > >it was bounced. > > > >The expected behavior is MailScanner to show some log saying that the > >email id i3RFiEn29734 was bounced or whatever. > > > >-- > >Juan Pablo Abuyeres <jpabuyer@tecnoera.com> > > > > > >-------------------------- MailScanner list ---------------------- To > >leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info > >about MailScanner, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Juan Pablo Abuyeres -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/a87fe8e4/attachment.html From jpabuyer at TECNOERA.COM Wed Apr 28 14:44:34 2004 From: jpabuyer at TECNOERA.COM (Juan Pablo Abuyeres) Date: Thu Jan 12 21:24:52 2006 Subject: it doesn't log RBL's activity properly In-Reply-To: <6.0.1.1.2.20040428091944.039948b8@imap.ecs.soton.ac.uk> References: <1083102938.6203.25.camel@blackbird.tecnoera.com> <6.0.1.1.2.20040428091944.039948b8@imap.ecs.soton.ac.uk> Message-ID: <1083159874.8867.3.camel@blackbird.tecnoera.com> (IMHO this option should be enabled by default) On Wed, 2004-04-28 at 04:19, Julian Field wrote: > What effect does > Log Spam = yes > have on it? > > At 22:55 27/04/2004, you wrote: > >Hi, > > > >I'm using mailscanner-4.29.7-1 + sendmail. > > > >If I configure MailScanner.conf like this: > > > >Spam Actions = bounce > >High Scoring Spam Actions = bounce > >Spam Checks = yes > >Spam List = ORDB-RBL SBL+XBL > >Use SpamAssassin = no > > > >If someone sends an email from a host listed on the RBLs, the maillog only > >shows the "from" line of the sendmail, for example, one like this: > > > >Apr 27 11:44:35 baltazar sendmail[29734]: i3RFiEn29734: > >from=, size=120173, class=0, nrcpts=1, > >msgid=<002d01c42c6e$7af33380$0200a8c0@xxxxxxxx.xx>, proto=SMTP, > >daemon=MTA, relay=[10.10.10.10] > > > >And if you search the maillog for id i3RFiEn29734, that is the only line > >showed. You don't have a clue of what happened to the email, when in fact > >it was bounced. > > > >The expected behavior is MailScanner to show some log saying that the > >email id i3RFiEn29734 was bounced or whatever. > > > >-- > >Juan Pablo Abuyeres <jpabuyer@tecnoera.com> > > > > > >-------------------------- MailScanner list ---------------------- To > >leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info > >about MailScanner, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Juan Pablo Abuyeres -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/f99fdc96/attachment.html From confirm-s2-Vl=qlxQPTTWgcfN93HhtlMfv0i4-mailscanner=ecs.soton.ac.uk at yahoogroups.com Wed Apr 28 15:20:33 2004 From: confirm-s2-Vl=qlxQPTTWgcfN93HhtlMfv0i4-mailscanner=ecs.soton.ac.uk at yahoogroups.com (Yahoo! Groups) Date: Thu Jan 12 21:24:52 2006 Subject: Please confirm your request to join A1Fun Message-ID: <1083162033.59.9224.m20@yahoogroups.com> Hello mailscanner@ecs.soton.ac.uk, We have received your request to join the A1Fun group hosted by Yahoo! Groups, a free, easy-to-use community service. This request will expire in 7 days. TO BECOME A MEMBER OF THE GROUP: 1) Go to the Yahoo! Groups site by clicking on this link: http://groups.yahoo.com/i?i=Vl-qlxQPTTWgcfN93HhtlMfv0i4&e=mailscanner%40ecs%2Esoton%2Eac%2Euk (If clicking doesn't work, "Cut" and "Paste" the line above into your Web browser's address bar.) -OR- 2) REPLY to this email by clicking "Reply" and then "Send" in your email program If you did not request, or do not want, a membership in the A1Fun group, please accept our apologies and ignore this message. Regards, Yahoo! Groups Customer Care Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ From zabriskw at ITECH.NET Wed Apr 28 15:38:25 2004 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:24:52 2006 Subject: spam.whitelist.rules Message-ID: <000801c42d2e$7753c260$0c02a8c0@itech.dom> I had a quick question about the spam.whitelist.rules file. We do mail for a domain, maildomain.com. They did not want spam filtering for their domain, so we went in to spam.whitelist.rules and placed the line FromorTo: *@maildomain.com yes. They are now rethinking things, and would like to turn it on for 1 of their accounts, art@maildomain.com. I was wondering if there was a way to leave it turned off for the entire domain, except for that one user, instead of whitelisting 50 accounts, just for that 1 account? Any help would greatly be appreciated! Kris Zabriskie I-Tech Inc. Network Admin / Consultant http://www.itech.net -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/8d9d92ba/attachment.html From mailscanner at ecs.soton.ac.uk Wed Apr 28 16:25:47 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:52 2006 Subject: spam.whitelist.rules In-Reply-To: <000801c42d2e$7753c260$0c02a8c0@itech.dom> References: <000801c42d2e$7753c260$0c02a8c0@itech.dom> Message-ID: <6.0.1.1.2.20040428162522.065c6f80@imap.ecs.soton.ac.uk> At 15:38 28/04/2004, you wrote: >I had a quick question about the spam.whitelist.rules file. We do mail >for a domain, maildomain.com. They did not want spam filtering for their >domain, so we went in to spam.whitelist.rules and placed the line >FromorTo: *@maildomain.com yes. They are now >rethinking things, and would like to turn it on for 1 of their >accounts, art@maildomain.com. I was wondering >if there was a way to leave it turned off for the entire domain, except >for that one user, instead of whitelisting 50 accounts, just for that 1 >account? Any help would greatly be appreciated! FromOrTo: art@maildomain.com no FromOrTo: *@maildomain.com yes -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Wed Apr 28 21:20:49 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:52 2006 Subject: O/T faqomatic (was Re: FAQ Entry) In-Reply-To: <08146035CA49D6119A36009027AC822A0549E5FF@CITY-EXCH-NTS> Message-ID: <408FE7F1.5636.3DEB3F5A@localhost> El 28 Apr 2004 a las 12:10, Kevin Miller escribi?: > Following up on some help I received a couple months ago relating to > checking downloads with GPG, I just appended a short blurb on in > http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?=&auth=ck8f1aa9b478bdac397a969ef5 > bcc1686f&file=85 (watch the wordwrap) Kevin, the auth=xxxx is not necessary to identify a faqomatic page... in fact, you only see it because you authenticated yourself to the faqomatic to update a page. At the bottom of every page there's a URL you can use to identify (and share) the page... in this case, it says: This document is: http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?file=85 Regards. -- Mariano Absatz El Baby ---------------------------------------------------------- Don't worry about the world coming to an end today. It's already tomorrow in Australia. -- Charles Schulz -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at SMITS.CO.UK Wed Apr 28 21:28:57 2004 From: mailscanner at SMITS.CO.UK (MailScanner) Date: Thu Jan 12 21:24:52 2006 Subject: Errors starting up MailScanner. Message-ID: <58696C94787F16468267F3509F115030077047@hermes.clumpton.homeip.net> Try calling perl in all lowercase like this (everything in Linux is case-sensitive): perl -MCPAN -e shell In Fedora Core 1 (and undoubtedly many other OS with recent versions of perl) you can just type: cpan Bart... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Erik Jakobsen Posted At: 28 April 2004 10:04 Posted To: MailScanner Conversation: Errors starting up MailScanner. Subject: Re: Errors starting up MailScanner. On Wed, 28 Apr 2004 09:48:19 +0200, Raymond Dijkxhoorn wrote: >Hi! > >> >Not that hard to spot, install Archive::Zip >> >> Can you please advise me on how to ?. > >Perl -MCPAN -e shell That did not work. >install Archive::Zip > >If you did a quick search on the archive you would have found it also. >You might have to correct your language settings also. Here are some >pointers. I'm sorry. Better that I pay for the help for MailScanner. >http://www.jiscmail.ac.uk/cgi-bin/webadmin? A2=ind0403&L=mailscanner&P=R48305&I=-1 >http://www.jiscmail.ac.uk/cgi-bin/webadmin? A2=ind0403&L=mailscanner&D=0&I=-1&P=48099 > >Not that hard to simple look in the archive. > >You can do that here: > >http://www.jiscmail.ac.uk/cgi-bin/webadmin?S1=mailscanner&D=0&I=-1 > >Suc6, >Raymond. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html Sorry for the inconvenience. Erik -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Wed Apr 28 22:58:15 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:52 2006 Subject: O/T faqomatic (was Re: FAQ Entry) In-Reply-To: <08146035CA49D6119A36009027AC822A0549E601@CITY-EXCH-NTS> Message-ID: <408FFEC7.21967.3E447531@localhost> Don't worry, it has some kind of timeout... your cookie no longer works :-) El 28 Apr 2004 a las 13:32, Kevin Miller escribi?: > Doh! I just blindly cut and pasted from the browser - Didn't notice the > auth key persisted after I'd left the posting form. Thanks, I'll be more > careful in the future. > > I don't know if that auth key is a one time only or if it persists (probably > the latter) but it might be prudent for Julian to deep-six my "account". I > can create it anew w/a different password which should give a new auth entry > the next time I feel inclined to add something. Now that it's in the > archives I'd hate for some miscreant to start posting a bunch of > objectionable stuff up there posing as me. > > Or can I change my password/auth key from here? I didn't notice a place to > do that in the Faq-O-Matic. > > Sorry for any extra work I cause anyone... > > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Administrator, Mail > Administrator > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > >-----Original Message----- > >Kevin, > > > >the auth=xxxx is not necessary to identify a faqomatic page... > >in fact, you > >only see it because you authenticated yourself to the > >faqomatic to update a > >page. > > > >At the bottom of every page there's a URL you can use to > >identify (and share) > >the page... in this case, it says: > >This document is: http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?file=85 -- Mariano Absatz El Baby ---------------------------------------------------------- Daddy, why doesn't this magnet pick up this floppy disk? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed Apr 28 14:17:37 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:52 2006 Subject: Problem with lockfile in update_virus_scanners In-Reply-To: References: Message-ID: <6.0.1.1.2.20040428141217.0670b4e0@imap.ecs.soton.ac.uk> Your patch will only work on GNU "find" and nothing else, as other "find" commands can only report in days. This will do a rather better job: [ x`perl -e 'print "young" if -f "'$LOCKFILE'" && -M "'$LOCKFILE'"<0.042'` = "xyoung" ] && exit 0 but note that perl must be on your $PATH, which is true for most people. If it is not on your $PATH, it will simply behave as if the check is not there at all, which isn't too dangerous as it only affects a few people anyway. Even people that use /usr/local/bin/perl and don't have it on their root $PATH tend to have a symlink from /usr/bin/perl just for their own ease of use. At 12:33 28/04/2004, you wrote: >Something like this should do the trick. > >Any thoughts? > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at vvd.com Thu Apr 29 00:32:53 2004 From: mailscanner at vvd.com (JWSmythe) Date: Thu Jan 12 21:24:52 2006 Subject: MailScanner x86_64 Linux tnef binary Message-ID: <1083195172.1544.249.camel@master.voynetworks.com> Julian, Once again, thanks for a great program! :) VoyNetworks/Voyeurweb now uses MailScanner on a dual AMD x86_64 system. Being that it's a slightly different platform, I had to compile tnef so it would run on it. Thanks for including the sources, that helped. :) I'm including the binary, attached to this Email (in a tgz, of course), so you can include it in future distributions, if you believe the demand is high enough. root@mail (/opt/MailScanner/bin) file tnef* tnef: symbolic link to `tnef.linux.x86_64' tnef-1.1.4+sizelimit: directory tnef-1.1.4+sizelimit.tar.gz: gzip compressed data, from Unix tnef-1.4.4-x86_64.tar.gz: gzip compressed data, from Unix tnef.linux: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped tnef.linux.x86_64: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), not stripped tnef.solaris: ELF 32-bit MSB executable, SPARC, version 1 (SYSV), dynamically linked (uses shared libs), stripped This particular server is running RedHat Fedora Core release 0.96 (Severn), if anyone asks. It was compiled natively on the machine, not by a cross-compiler elsewhere. I'm not very good at cross-compiling yet. :) A few weeks ago, we were beyond 160,000 emails/day, with minimal load on the system. Unfortunately, most of those messages are incoming spams, but hey, we use MailScanner, so the users don't mind (much). On typical days, we pass just over 60,000 emails/day If you're interested, you can see our graphs here: http://mail.vvd.com/mailscanner-mrtg/mail/mail.html We use several blacklists to catch the spam, and f-prot for virus protection. F-Prot was the only one which worked well on the x86_64 platform. All in all, it works great. Users don't receive viruses, the majority of the spam is filtered, and not much real mail gets flagged. Thanks again, MailScanner is what makes it all possible! -------------- next part -------------- A non-text attachment was scrubbed... Name: tnef-1.4.4-x86_64-linux.tar.gz Type: application/x-compressed-tar Size: 43190 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/735388cf/tnef-1.4.4-x86_64-linux.tar.bin From mailscanner at BARENDSE.TO Thu Apr 29 07:58:10 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:24:52 2006 Subject: bill.zip? Message-ID: Is anyone else receiving mails with an attachment bill.zip? The attachment is extremely small and I know for sure that it is not legitimate mail. Neither clam nor McAfee picked it up. This is what the df/qf pair contains: This is a multi-part message in MIME format. ------=_NextPart_000_0002_00000AA8.00001F69 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Important bill! ------=_NextPart_000_0002_00000AA8.00001F69 Content-Type: application/octet-stream; name="Bill.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Bill.zip" UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA== ------=_NextPart_000_0002_00000AA8.00001F69-- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ka at PACIFIC.NET Wed Apr 28 16:36:27 2004 From: ka at PACIFIC.NET (Ken Anderson (Pacific Internet)) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: References: Message-ID: <408FCF7B.6010502@pacific.net> Raymond Dijkxhoorn wrote: > Hi! > > >>>You should in my eyes do spamcop checking within SA, but that has nothing >>>to do with the above, this is only the spamcop surbl... > > >>I've thought about doing just that. The advantage being that a spamcop >>hit just contributes to the score rather than a complete rejection. I >>haven't figured out how to do that though. How does one enable >>spamcop.net checking from SA? Does it make sense to run some RBLs >>(e.g. ORDB-RBL, NJABL, and SBL+XBL) from MS while running spamcop from >>SA? I have 'skip_rbl_checks 1' in spam.assassin.prefs.conf. Is that >>going to interfere? Thanks for helping out with this. > > > What do you mean, you can also raise the score in SA from each list, i > would suggest however not to block/bounce since its on spamcop, thats VERY > drastic and VERY unreliable also. We all know how spamcop works with > reporting. > > I think you should move ALL the RBL stuff to SA. It helps with the score, > and will definately give less false positives like that. > > Like someone said before on the list, its no art to simply block and > reject mail, its art to get the right ones through. I'd agree, but I think it's worth mentioning that some lists are more reliable than others. sbl+xbl for example doesn't seem to misfire, whereas spamcop will routinely list some ISP mailservers. If the 'high load' is _really_ a problem, you can block/reject in sendmail using sbl-xbl and see about a 30-40% decrease in spam right off the top, with very few FPs. This reduces the load on MS/SA substantially. The downside is that even though you'll not see FPs with this list, you _will_ find yourself doing a bit of support for your customers contacts, who are PC owners with trojaned PCs listed in the CBL (part of the sbl-xbl). Alternately, I wonder if MailScanner could do a preliminary check on a good rbl or two and bypass SA and take action (quarantine,notify) if the message is found in the rbl? A sort of 'MailScanner-Lite' ? Ken A. > Bye, > Raymond. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miguelk at KONSULTEX.COM.BR Wed Apr 28 16:35:52 2004 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:24:52 2006 Subject: Problem With PDF Files - HELP ! References: <014001c42d22$81f65900$320fa8c0@rbernardes> Message-ID: <408FCF58.8070807@konsultex.com.br> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/feb155e2/attachment.html From zabriskw at ITECH.NET Wed Apr 28 16:39:47 2004 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:24:52 2006 Subject: spam.whitelist.rules References: <000801c42d2e$7753c260$0c02a8c0@itech.dom> <6.0.1.1.2.20040428162522.065c6f80@imap.ecs.soton.ac.uk> Message-ID: <000e01c42d37$092f4300$0c02a8c0@itech.dom> Thanks Julian! ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, April 28, 2004 11:25 AM Subject: Re: spam.whitelist.rules > At 15:38 28/04/2004, you wrote: > >I had a quick question about the spam.whitelist.rules file. We do mail > >for a domain, maildomain.com. They did not want spam filtering for their > >domain, so we went in to spam.whitelist.rules and placed the line > >FromorTo: *@maildomain.com yes. They are now > >rethinking things, and would like to turn it on for 1 of their > >accounts, art@maildomain.com. I was wondering > >if there was a way to leave it turned off for the entire domain, except > >for that one user, instead of whitelisting 50 accounts, just for that 1 > >account? Any help would greatly be appreciated! > > FromOrTo: art@maildomain.com no > FromOrTo: *@maildomain.com yes > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Wed Apr 28 16:45:54 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:52 2006 Subject: High Load In-Reply-To: <408FCF7B.6010502@pacific.net> Message-ID: Hi! > > Like someone said before on the list, its no art to simply block and > > reject mail, its art to get the right ones through. > > I'd agree, but I think it's worth mentioning that some lists are more > reliable than others. sbl+xbl for example doesn't seem to misfire, > whereas spamcop will routinely list some ISP mailservers. > > If the 'high load' is _really_ a problem, you can block/reject in > sendmail using sbl-xbl and see about a 30-40% decrease in spam right off > the top, with very few FPs. This reduces the load on MS/SA substantially. If i would have to block in MTA i would pick DSBL not spamhaus... Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Wed Apr 28 16:45:19 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:24:53 2006 Subject: Problem With PDF Files - HELP ! Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> Miguel Koren O'Brien de Lacy wrote: > Ricardo; > > I confirm your problem. I noticed this last week and thought it was a > fluke but I guess not. I'm using Clamav 0.70 and MS 4.29.7-1. > I can't see why this would be anything to do with Clam, as Clam does not alter files at all as it can't disinfect. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Wed Apr 28 17:01:57 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:53 2006 Subject: burned by spamcop, how to whitelist sites from RBL's Message-ID: Gang, I got burned by spamcop yesterday when they RBL'ed a nearby college that we get lots of email from. I use spamcop in sendmail, so I started rejecting everything from them. I know that Julian thinks spamcop is trigger-happy, he is probably right. So I had the issue of "how do I whitelist a site from RBL's that I use?" in sendmail. With the help of other MS listmembers and Google I have figured this out, and documented it. My essay can be found at: http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?amp=&auth=ckd44d989c416b2f49c737a8ba387c20b6&file=325 Thanks to all who helped. Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From quinting at HSD.CA Wed Apr 28 17:04:55 2004 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:24:53 2006 Subject: Autolearn Woes Message-ID: <495B774E2F64F1408E6741B61445C8589E8C77@mail.exchange.hsd15.ca> I am getting the following in my logs. This is for a message that definitely is spam. How do I get it to "learn" this is spam? Thanks. X-HSD-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6, autolearn=not spam) ____________________________________ Quintin Giesbrecht IT Professional Hanover School Division q@hsd.ca -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kodak at FRONTIERHOMEMORTGAGE.COM Wed Apr 28 17:16:34 2004 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:24:53 2006 Subject: burned by spamcop, how to whitelist sites from RBL's In-Reply-To: Message-ID: <007601c42d3c$2cd9b790$0501a8c0@darkside> >Thanks to all who helped. Thank YOU for documenting your fix. That'll help a lot of people in the future. As long as they bother to read the archives, that is. --J(K) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ricardo.bernardes at centraldecomunicacao.pt Wed Apr 28 16:59:48 2004 From: ricardo.bernardes at centraldecomunicacao.pt (Ricardo Bernardes) Date: Thu Jan 12 21:24:53 2006 Subject: Problem With PDF Files - HELP ! References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> Message-ID: <01ab01c42d39$d5ada7d0$320fa8c0@rbernardes> Hello Kevin I'm using RedHat 8.0 and Sendmail Version 8.12.5 do you have anyother suggestions? TIA ricardo ----- Original Message ----- From: "Spicer, Kevin" To: Sent: Wednesday, April 28, 2004 4:45 PM Subject: Re: Problem With PDF Files - HELP ! Miguel Koren O'Brien de Lacy wrote: > Ricardo; > > I confirm your problem. I noticed this last week and thought it was a > fluke but I guess not. I'm using Clamav 0.70 and MS 4.29.7-1. > I can't see why this would be anything to do with Clam, as Clam does not alter files at all as it can't disinfect. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ricardo.bernardes at centraldecomunicacao.pt Wed Apr 28 16:56:32 2004 From: ricardo.bernardes at centraldecomunicacao.pt (Ricardo Bernardes) Date: Thu Jan 12 21:24:53 2006 Subject: Problem With PDF Files - HELP ! References: <014001c42d22$81f65900$320fa8c0@rbernardes> <408FCF58.8070807@konsultex.com.br> Message-ID: <01a601c42d39$6025c3d0$320fa8c0@rbernardes> I?m using MS 4.29.7 and clamd / ClamAV version 0.70 ricardo ----- Original Message ----- From: Miguel Koren O'Brien de Lacy 4.29.7 To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, April 28, 2004 4:35 PM Subject: Re: Problem With PDF Files - HELP ! Ricardo; I confirm your problem. I noticed this last week and thought it was a fluke but I guess not. I'm using Clamav 0.70 and MS 4.29.7-1. Miguel Ricardo Bernardes wrote: Hi, i?m using Mailscanner with ClamAV and my PDF files get corrupted. if they are zipped -- no problem anyone has a suggestion?? TIA Ricardo -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/0651d6d1/attachment.html From ryan at MARINOCRANE.COM Wed Apr 28 17:29:36 2004 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:24:53 2006 Subject: Problem With PDF Files - HELP ! In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> Message-ID: <408FDBF0.10900@marinocrane.com> Spicer, Kevin wrote: >Miguel Koren O'Brien de Lacy wrote: > > >>Ricardo; >> >>I confirm your problem. I noticed this last week and thought it was a >>fluke but I guess not. I'm using Clamav 0.70 and MS 4.29.7-1. >> >> >> >I can't see why this would be anything to do with Clam, as Clam does not alter files at all as it can't disinfect. > > > Actually, I am noticing this myself. I have pdfs which open just fine on the originating machine, but when they are emailed, they become corrupt and wont open on the destination machine. I turned ClamAV scanning off and sent the email through again - Still corrupt! I also turned off Sophos scanning and the file still comes through corrupt. Any thoughts anyone? Ryan -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/a8120c1d/attachment.html From martinh at SOLID-STATE-LOGIC.COM Wed Apr 28 17:19:16 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:53 2006 Subject: Autolearn Woes In-Reply-To: <495B774E2F64F1408E6741B61445C8589E8C77@mail.exchange.hsd15.ca> References: <495B774E2F64F1408E6741B61445C8589E8C77@mail.exchange.hsd15.ca> Message-ID: <408FD984.20907@solid-state-logic.com> Quintin you need he email in mbox format and run sa-learn against it. most people have sa-learn pickup from a local mailspool (or remote imap folder) that people drop the email to. scripts have been posted before and are in FAQ I think.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Quintin Giesbrecht wrote: > I am getting the following in my logs. This is for a message that > definitely is spam. How do I get it to "learn" this is spam? Thanks. > > X-HSD-MailScanner-Information: Please contact the ISP for more > information > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6, > autolearn=not spam) > > ____________________________________ > Quintin Giesbrecht > IT Professional > Hanover School Division > q@hsd.ca > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Wed Apr 28 17:28:03 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:24:53 2006 Subject: Problem With PDF Files - HELP ! Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649CEB@pascal.priv.bmrb.co.uk> Ricardo Bernardes wrote: > Hello Kevin > I'm using RedHat 8.0 and Sendmail Version 8.12.5 > do you have anyother suggestions? Try sending wfrom a different MUA, to rule that out Try not scanning it for viruses, Try not scanning it for spam, Try running it just through sendmail alone (without MailScanner) basically try taking various stages out of the process until it doesn't happen any more, to narrow down at what point the corruption is happening. Particularly try turning off anything in MailScanner that may alter the body of the message (e.g. adding signatures, modifying html etc. etc.), because MailScanner copy the original message body intact without rebuilding it if it doesn't need to make any changes. Make sure you keep a detailed list of what you have done and the results, make just one change at a time, when you find what is causing the corruption please post it so that people can then try and replicate/ fix your problem. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mlm at LOANPROCESSING.NET Wed Apr 28 17:30:48 2004 From: mlm at LOANPROCESSING.NET (Mike McMullen) Date: Thu Jan 12 21:24:53 2006 Subject: Problem With PDF Files - HELP ! References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> <01ab01c42d39$d5ada7d0$320fa8c0@rbernardes> Message-ID: <03ce01c42d3e$2a25d040$0300a8c0@Spike> ----- Original Message ----- From: "Ricardo Bernardes" To: Sent: Wednesday, April 28, 2004 8:59 AM Subject: Re: Problem With PDF Files - HELP ! > Hello Kevin > I'm using RedHat 8.0 and Sendmail Version 8.12.5 > do you have anyother suggestions? > > TIA > ricardo > > > ----- Original Message ----- > From: "Spicer, Kevin" > To: > Sent: Wednesday, April 28, 2004 4:45 PM > Subject: Re: Problem With PDF Files - HELP ! > > > Miguel Koren O'Brien de Lacy wrote: > > Ricardo; > > > > I confirm your problem. I noticed this last week and thought it was a > > fluke but I guess not. I'm using Clamav 0.70 and MS 4.29.7-1. > > > I can't see why this would be anything to do with Clam, as Clam does not > alter files at all as it can't disinfect. > I'm using MS 4.29.7-1 and ClamAV .70 on FC1. We get lots of PDFs from clients everyday. I'm not seeing any corruption. Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ka at PACIFIC.NET Wed Apr 28 17:40:01 2004 From: ka at PACIFIC.NET (Ken Anderson (Pacific Internet)) Date: Thu Jan 12 21:24:53 2006 Subject: High Load In-Reply-To: References: Message-ID: <408FDE61.70503@pacific.net> Raymond Dijkxhoorn wrote: > Hi! > > >>>Like someone said before on the list, its no art to simply block and >>>reject mail, its art to get the right ones through. >> >>I'd agree, but I think it's worth mentioning that some lists are more >>reliable than others. sbl+xbl for example doesn't seem to misfire, >>whereas spamcop will routinely list some ISP mailservers. >> >>If the 'high load' is _really_ a problem, you can block/reject in >>sendmail using sbl-xbl and see about a 30-40% decrease in spam right off >>the top, with very few FPs. This reduces the load on MS/SA substantially. > > > If i would have to block in MTA i would pick DSBL not spamhaus... That reminds me.... I've also found it helpful (especially if you host websites, colos) to check all of your own IPs (and your neighbors) against the major rbls with a cron job, since it's very easy to get listed if your customers install an old version of formmail.pl or some other spammer friendly script. Ken A > Bye, > Raymond. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cparker at SWATGEAR.COM Wed Apr 28 17:44:00 2004 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:24:53 2006 Subject: MRTG graphs resetting at 4am Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE4479BB@ati-ex-01.ati.local> hi. starting a few weeks ago some of my MRTG graphs* are restting every day at 4am. that is to say they look similar to this: +-----------------------------------------------+ | ***********| | **************| | ***********************| | ** ******************************| | ***** ***********************************| |******** **************************************| +-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-+ 0 2 4 6 8 10 12 14 16 18 20 22 24 there isn't anything in /etc/cron.daily that i see to restart mailscanner and thus reset a counter (although i don't even think MS has anything to do with the counters used by MRTG??). i also don't see anything regarding MRTG in /etc/cron.daily. my Restart Every option is set at 14400 and the file check_MailScanner is in /etc/cron.hourly. since this didn't used to happen (actually it happened every ince in a whole but not on a consistent daily basis) i assume it has something to do with a configuration change i've made somewhere. anyone have any ideas what that might have been? thanks, chris. * Number of Messages Processed, Bytes of Mail Processed, Mail Determined To Be Spam -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ka at PACIFIC.NET Wed Apr 28 17:55:04 2004 From: ka at PACIFIC.NET (Ken Anderson (Pacific Internet)) Date: Thu Jan 12 21:24:53 2006 Subject: MRTG graphs resetting at 4am In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE4479BB@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE4479BB@ati-ex-01.ati.local> Message-ID: <408FE1E8.9060407@pacific.net> default logrotate time for apache in redhat is 4am - coincidence? :-) Ken Chris W. Parker wrote: > hi. > > starting a few weeks ago some of my MRTG graphs* are restting every day > at 4am. that is to say they look similar to this: > > +-----------------------------------------------+ > | ***********| > | **************| > | ***********************| > | ** ******************************| > | ***** ***********************************| > |******** **************************************| > +-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-+ > 0 2 4 6 8 10 12 14 16 18 20 22 24 > > there isn't anything in /etc/cron.daily that i see to restart > mailscanner and thus reset a counter (although i don't even think MS has > anything to do with the counters used by MRTG??). i also don't see > anything regarding MRTG in /etc/cron.daily. > > my Restart Every option is set at 14400 and the file check_MailScanner > is in /etc/cron.hourly. > > since this didn't used to happen (actually it happened every ince in a > whole but not on a consistent daily basis) i assume it has something to > do with a configuration change i've made somewhere. anyone have any > ideas what that might have been? > > > thanks, > chris. > > * Number of Messages Processed, Bytes of Mail Processed, Mail Determined > To Be Spam > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Wed Apr 28 17:54:41 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:24:53 2006 Subject: MRTG graphs resetting at 4am Message-ID: <08146035CA49D6119A36009027AC822A0549E5F6@CITY-EXCH-NTS> Check to see when your logs are being rotated. I'd hazard a guess that mrtg is reading a new maillog (or whatever is appropriate) and starting over w/a clean slate so to speak. Might be something else totally though but log dates are an easy thing to check... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 >-----Original Message----- >From: Chris W. Parker [mailto:cparker@SWATGEAR.COM] >Sent: Wednesday, April 28, 2004 8:44 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MRTG graphs resetting at 4am > > >hi. > >starting a few weeks ago some of my MRTG graphs* are restting every day >at 4am. that is to say they look similar to this: > >+-----------------------------------------------+ >| ***********| >| **************| >| ***********************| >| ** ******************************| >| ***** ***********************************| >|******** **************************************| >+-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-+ >0 2 4 6 8 10 12 14 16 18 20 22 24 > >there isn't anything in /etc/cron.daily that i see to restart >mailscanner and thus reset a counter (although i don't even >think MS has >anything to do with the counters used by MRTG??). i also don't see >anything regarding MRTG in /etc/cron.daily. > >my Restart Every option is set at 14400 and the file check_MailScanner >is in /etc/cron.hourly. > >since this didn't used to happen (actually it happened every ince in a >whole but not on a consistent daily basis) i assume it has something to >do with a configuration change i've made somewhere. anyone have any >ideas what that might have been? > > >thanks, >chris. > >* Number of Messages Processed, Bytes of Mail Processed, Mail >Determined >To Be Spam > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Wed Apr 28 18:03:45 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... Message-ID: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> Hello everyone. Im getting ready to go live here with my first mailscanner. I have a mix of excitement and nervousness. :) Just wanted to ask a few last questions, see if I can clear up a few things as well as tweak my settings. As far as viruses are concerned, anytime MS detects any viruses in email, I just wanted to have MS completely delete it. No need in delivering at all. I'm stil debating on the following and was hoping for some feedback: - do most people here have emails sent to postmaster when MS receives a virus in a email? - do most people here want their users to receive a email when a intended email for them contained a virus? I know for the first couple of days, weeks for that matter, it will be time to monitor, tune and tweak the system. But im hoping to not run into any significant problems if possible. Currently, i've been sending emails through the MS server, both a combination of viruses (eicar) as well as test spam (GTUBE). It is working well, as far as I can see. But im looking to try and 'blast' the server with quite a few emails at once, to see how the server reacts. Anyone have a recommendation for that? Lastly, I wanted to keep track of stats, that will include a variet of things. I want virus statistics as well as spam statistics to be included as well. Any recommendations on a setup for that? I appreciate the help. I look forward to rolling out my server. Thanks! Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Wed Apr 28 18:17:41 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:53 2006 Subject: MRTG graphs resetting at 4am In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE4479BB@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE4479BB@ati-ex-01.ati.local> Message-ID: <1083172661.29514.34.camel@bach.kevinspicer.co.uk> On Wed, 2004-04-28 at 17:44, Chris W. Parker wrote: > hi. > > starting a few weeks ago some of my MRTG graphs* are restting every day > at 4am. that is to say they look similar to this: (I'm assuming your talking MailScanner-MRTG, becuase of the graph names you use) This happens if you are running a very old version of MailScanner-MRTG (0.05 and below I think) whenever your logs roll over. More recent versions hold state between runs and only read the new portions of logs so this is no longer an issue. You really a should upgrade. [If you are running a recent version then you are probably having a permissions problem stopping state.info from being written]. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jburzenski at AMERICANHM.COM Wed Apr 28 18:18:41 2004 From: jburzenski at AMERICANHM.COM (Jason Burzenski) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... Message-ID: <9BDD6D4AD0795C46974D7D46C17883B80A748E36@ahm_exchange2.americanhm.com> > - do most people here have emails sent to postmaster when MS > receives a virus in a email? I don't do any postmaster notifications but I do (as policy) quarantine everything (including high scoring spam) in queue format so if there is a false positive, I have a procedure for easily dumping the appropriate queue files into my outbound queue. > Lastly, I wanted to keep track of stats, that will include a > variet of things. I want virus statistics as well as spam > statistics to be included as well. Any recommendations on a > setup for that? http://mailscannermrtg.sourceforge.net/ Some would argue other packages are better but this is most likely the simplest to install and gives a wealth of information. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/df99c30f/attachment.html From dnsadmin at 1BIGTHINK.COM Wed Apr 28 18:22:16 2004 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com > References: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> Message-ID: <6.1.0.6.0.20040428131614.06033540@mail.1bigthink.com> At 01:03 PM 4/28/2004, you wrote: >Hello everyone. > >Im getting ready to go live here with my first mailscanner. I have a mix of >excitement and nervousness. :) > >Just wanted to ask a few last questions, see if I can clear up a few things >as well as tweak my settings. > >As far as viruses are concerned, anytime MS detects any viruses in email, I >just wanted to have MS completely delete it. No need in delivering at all. >I'm stil debating on the following and was hoping for some feedback: > >- do most people here have emails sent to postmaster when MS receives a >virus in a email? > >- do most people here want their users to receive a email when a intended >email for them contained a virus? > >I know for the first couple of days, weeks for that matter, it will be time >to monitor, tune and tweak the system. But im hoping to not run into any >significant problems if possible. > >Currently, i've been sending emails through the MS server, both a >combination of viruses (eicar) as well as test spam (GTUBE). It is working >well, as far as I can see. But im looking to try and 'blast' the server >with quite a few emails at once, to see how the server reacts. Anyone have >a recommendation for that? > >Lastly, I wanted to keep track of stats, that will include a variet of >things. I want virus statistics as well as spam statistics to be included >as well. Any recommendations on a setup for that? > >I appreciate the help. I look forward to rolling out my server. > >Thanks! The parameters you have requested comment on are certainly the most contentious and you are guaranteed to receive conflicting opinions on how to set them. The most prominent one that I would comment on is that you not delete the virus, but quarantine them for a time, while tuning the system. Some false positives will show up due to the filename.rules. Files like document.doc.txt will get quarantined from the default filename.rules. I advise senders to modify their filenaming rules as a result. I do not deliver any incoming virus, but send notifications to myself (postmaster/administrator). I do notify senders of a virus within my network, however; it would be embarrassing should one of our machines become infected and start spewing! Cheers! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed Apr 28 18:29:13 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:53 2006 Subject: High Load In-Reply-To: <408FCF7B.6010502@pacific.net> References: <408FCF7B.6010502@pacific.net> Message-ID: <408FE9E9.4050205@ucgbook.com> Ken Anderson (Pacific Internet) wrote: > Alternately, I wonder if MailScanner could do a preliminary check on a > good rbl or two and bypass SA and take action (quarantine,notify) if the > message is found in the rbl? A sort of 'MailScanner-Lite' ? Is this something like that? # If the message sender is on any of the Spam Lists, do you still want # to do the SpamAssassin checks? Setting this to "no" will reduce the load # on your server, but will stop the High Scoring Spam Actions from ever # happening. # This can also be the filename of a ruleset. Check SpamAssassin If On Spam List = yes -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Wed Apr 28 18:59:35 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <6.1.0.6.0.20040428131614.06033540@mail.1bigthink.com> References: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> <6.1.0.6.0.20040428131614.06033540@mail.1bigthink.com> Message-ID: On Wed, 28 Apr 2004, DNSAdmin wrote: > Date: Wed, 28 Apr 2004 13:22:16 -0400 > From: DNSAdmin > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Last few questions before I go live... > > At 01:03 PM 4/28/2004, you wrote: > >Hello everyone. > > > >Im getting ready to go live here with my first mailscanner. I have a mix of > >excitement and nervousness. :) > > > >Just wanted to ask a few last questions, see if I can clear up a few things > >as well as tweak my settings. > > > >As far as viruses are concerned, anytime MS detects any viruses in email, I > >just wanted to have MS completely delete it. No need in delivering at all. > >I'm stil debating on the following and was hoping for some feedback: > > > >- do most people here have emails sent to postmaster when MS receives a > >virus in a email? In my case, yes. I have: Send Notices = yes Notices Include Full Headers = yes then I use procmail to snag the virus warnings and save them to an alternate mailbox. I have a cronjob that runs once a day to tell me if any on-campus machines spewed a virus, by reading this mailbox. That way I can have our helpdesk track down the machine. > > > >- do most people here want their users to receive a email when a intended > >email for them contained a virus? > > This is a waste of time. Use the method above and let your helpdesk track down the real problems. Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ryan at MARINOCRANE.COM Wed Apr 28 19:06:45 2004 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> References: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> Message-ID: <408FF2B5.40101@marinocrane.com> Hey Jason, Jason Williams wrote: > Hello everyone. > > Im getting ready to go live here with my first mailscanner. I have a > mix of > excitement and nervousness. :) > > Just wanted to ask a few last questions, see if I can clear up a few > things > as well as tweak my settings. > > As far as viruses are concerned, anytime MS detects any viruses in > email, I > just wanted to have MS completely delete it. No need in delivering at > all. > I'm stil debating on the following and was hoping for some feedback: I just have MailScanner deliver the rest of the message. What will happen is that someone will try to email one of your users a file which is questionable (bad file name etc) and they will be notified by email that MailScanner caught something. In your scenario instead of getting the notification send to the sender and recipient, they will get nothing, which in my mind would alarm users more. I also changed the Modify Subjects to be more descriptive. IE. "Virus" I changed to "Virus Removed" etc > > - do most people here have emails sent to postmaster when MS receives a > virus in a email? I set up a specific email address for this purpose. This way these notifications are kept separate from everything else. > > > - do most people here want their users to receive a email when a intended > email for them contained a virus? Not sure if I understand this one. Maybe ties in with 2 questions ago? > > > I know for the first couple of days, weeks for that matter, it will be > time > to monitor, tune and tweak the system. But im hoping to not run into any > significant problems if possible. > > Currently, i've been sending emails through the MS server, both a > combination of viruses (eicar) as well as test spam (GTUBE). It is > working > well, as far as I can see. But im looking to try and 'blast' the server > with quite a few emails at once, to see how the server reacts. Anyone > have > a recommendation for that? > > Lastly, I wanted to keep track of stats, that will include a variet of > things. I want virus statistics as well as spam statistics to be included > as well. Any recommendations on a setup for that? MailWatch has been good for me http://mailwatch.sourceforge.net/ > > > I appreciate the help. I look forward to rolling out my server. good luck.... Ryan > > Thanks! > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pvelasquez at ITS.CO.CR Wed Apr 28 16:36:52 2004 From: pvelasquez at ITS.CO.CR (Pablo Velasquez R.) Date: Thu Jan 12 21:24:53 2006 Subject: Variables in reports Message-ID: Hi all. I'm trying to access some variables in the reports. For example when the mailscanner detects a "potencially dangerous content", it sends a warning message to the user, and access the variable $id. I saw in other reports the variables $from and $to, and I would like to access them in the warning message. I modified the warning message and include a line like this : http://some_server/some_script?id=$id&from=$from&to=$to but when a "potencially dangerous content" is found, I get the line like this: http://some_server/some_script?id=$id as you can see the variables $from and $to are not present. So, is there a way to get the $from and $to variables ?? Thanks !! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cparker at SWATGEAR.COM Wed Apr 28 18:21:44 2004 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:24:53 2006 Subject: MRTG graphs resetting at 4am Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B89A0@ati-ex-01.ati.local> Kevin Miller on Wednesday, April 28, 2004 9:55 AM said: > Check to see when your logs are being rotated. I'd hazard a guess > that mrtg is reading a new maillog (or whatever is appropriate) and > starting over w/a clean slate so to speak. Might be something else > totally though but log dates are an easy thing to check... ken anderson also suggested this and it is something that crossed my mind as well... but i dismissed it since i didn't think mrtg was getting it's info from there. but now that i think about i'm pretty sure you guys are right on with your assessment. thanks! chris. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cparker at SWATGEAR.COM Wed Apr 28 18:23:05 2004 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:24:53 2006 Subject: MRTG graphs resetting at 4am Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B89A1@ati-ex-01.ati.local> Kevin Spicer on Wednesday, April 28, 2004 10:18 AM said: > (I'm assuming your talking MailScanner-MRTG, becuase of the graph > names you use) you are correct. > This happens if you are running a very old version of MailScanner-MRTG > (0.05 and below I think) whenever your logs roll over. More recent > versions hold state between runs and only read the new portions of > logs so this is no longer an issue. You really a should upgrade. in that case i will look into upgrading. my MS version is old too. in fact i haven't done any upgrading in a long time! :\ chris. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed Apr 28 18:32:57 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:53 2006 Subject: Problem with lockfile in update_virus_scanners In-Reply-To: References: Message-ID: <408FEAC9.9080200@ucgbook.com> Jan-Peter Koopmann wrote: > Something like this should do the trick. > > +[ -f $LOCKFILE ] && [ "`find $LOCKFILE -type f -mmin +60 -print`" = "" ] && exit 0 The option "-mmin" (minutes) is only in GNU find, not in standard find. Only "-mtime" (days) can be used there. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ka at PACIFIC.NET Wed Apr 28 18:50:17 2004 From: ka at PACIFIC.NET (Ken Anderson (Pacific Internet)) Date: Thu Jan 12 21:24:53 2006 Subject: High Load In-Reply-To: <408FE9E9.4050205@ucgbook.com> References: <408FCF7B.6010502@pacific.net> <408FE9E9.4050205@ucgbook.com> Message-ID: <408FEED9.80209@pacific.net> Peter Bonivart wrote: > Ken Anderson (Pacific Internet) wrote: > >> Alternately, I wonder if MailScanner could do a preliminary check on a >> good rbl or two and bypass SA and take action (quarantine,notify) if the >> message is found in the rbl? A sort of 'MailScanner-Lite' ? > > > Is this something like that? > > # If the message sender is on any of the Spam Lists, do you still want > # to do the SpamAssassin checks? Setting this to "no" will reduce the load > # on your server, but will stop the High Scoring Spam Actions from ever > # happening. > # This can also be the filename of a ruleset. > Check SpamAssassin If On Spam List = yes I'd looked at this before and thought... why would I want to "keep the high scoring spam action from ever happening?" I hadn't considered that if I set the "Spam Lists To Reach High Score" to a low value and use a reliable rbl, I'd still get the high score action and could skip SA checks on a lot of mail. Is my understanding of this correct, or does setting "Check SpamAssassin If On Spam List = no" mean you _really can't_ have the high score action? Thanks, Ken A. > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dustin.baer at IHS.COM Wed Apr 28 19:16:13 2004 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:24:53 2006 Subject: burned by spamcop, how to whitelist sites from RBL's References: Message-ID: <408FF4ED.F6A219CB@ihs.com> "Jeff A. Earickson" wrote: > > Gang, > > I got burned by spamcop yesterday when they RBL'ed a > nearby college that we get lots of email from. I use > spamcop in sendmail, so I started rejecting everything from them. > I know that Julian thinks spamcop is trigger-happy, he is probably > right. > > So I had the issue of "how do I whitelist a site from > RBL's that I use?" in sendmail. With the help of other MS > listmembers and Google I have figured this out, and documented it. > My essay can be found at: > > http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?amp=&auth=ckd44d989c416b2f49c737a8ba387c20b6&file=325 > > Thanks to all who helped. > > Jeff Earickson Hi Jeff, Since you are using SpamCop with Sendmail, couldn't you just add the RBLed IP to a sendmail access file? I have several IPs in my access file, due to the fact that they are on RBLs and email from those IPs pass through with no problem. Dustin -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lou.baccari at HP.COM Wed Apr 28 19:15:37 2004 From: lou.baccari at HP.COM (Baccari, Lou) Date: Thu Jan 12 21:24:53 2006 Subject: SORBS-DNSBL issues again Message-ID: Hi, I've had a user complain today that he is received a few messages today that are blacklisted by SORBS-DNSBL when they should not. An example of the problem, two messages received today one at 12:00 and the other at 1:05 est from the same user, Kutten, the first message was okay but the second message was blacklisted by SORBS-DNSBL. My user has shown me a few of examples from more then one sender. Is anyone else experience the same problem. Any ideas ? Thanks, Lou mailscanner-4.24-5 spamassassin-2.61-1 Backlisted: =================== Received: from USERNAME.iem.technion.ac.il (USERNAME.iem.technion.ac.il [132.68.159.140]) by ie.technion.ac.il (Postfix) with ESMTP id A6C66D30C; Wed, 28 Apr 2004 19:05:33 +0300 (IDT) Date: Wed, 28 Apr 2004 19:06:25 +0300 (Jerusalem Daylight Time) X-HPLC-MailScanner-Information: Please contact the ISP for more information X-HPLC-MailScanner: Found to be clean X-HPLC-MailScanner-SpamCheck: spam, SORBS-DNSBL, SpamAssassin (score=-3.699, required 5, BAYES_00 -4.90, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10) Non Blacklisted: =================== Received: from USERNAME.iem.technion.ac.il (USERNAME.iem.technion.ac.il [132.68.159.140]) by ie.technion.ac.il (Postfix) with ESMTP id A0FCCD30C; Wed, 28 Apr 2004 19:10:03 +0300 (IDT) Date: Wed, 28 Apr 2004 19:10:55 +0300 (Jerusalem Daylight Time) X-HPLC-MailScanner-Information: Please contact the ISP for more information X-HPLC-MailScanner: Found to be clean X-HPLC-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.9, required 5, BAYES_00 -4.90) is a user name kutten sent mail and at 12:00pm est and it was recieved here as not being blacklisted and then at 1:05 pm est the same user kutten he receives a message from spam and then spam notice -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Wed Apr 28 19:28:16 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:53 2006 Subject: burned by spamcop, how to whitelist sites from RBL's In-Reply-To: <408FF4ED.F6A219CB@ihs.com> References: <408FF4ED.F6A219CB@ihs.com> Message-ID: Dustin, That was the first thing I thought of. I stuck the IP number in my access file, eg 139.140.14.83 OK This didn't work. Then I tried: Spam:bowdoin.edu FRIEND and various permutations of this. Yes, I did makemap. The DNSBL rulesets always killed the emails first. Searching on the net revealed that running your own whitelist in front of the RBLs seems to be the only workaround. Jeff Earickson Colby College On Wed, 28 Apr 2004, Dustin Baer wrote: > Date: Wed, 28 Apr 2004 12:16:13 -0600 > From: Dustin Baer > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: burned by spamcop, how to whitelist sites from RBL's > > "Jeff A. Earickson" wrote: > > > > Gang, > > > > I got burned by spamcop yesterday when they RBL'ed a > > nearby college that we get lots of email from. I use > > spamcop in sendmail, so I started rejecting everything from them. > > I know that Julian thinks spamcop is trigger-happy, he is probably > > right. > > > > So I had the issue of "how do I whitelist a site from > > RBL's that I use?" in sendmail. With the help of other MS > > listmembers and Google I have figured this out, and documented it. > > My essay can be found at: > > > > http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?amp=&auth=ckd44d989c416b2f49c737a8ba387c20b6&file=325 > > > > Thanks to all who helped. > > > > Jeff Earickson > > Hi Jeff, > > Since you are using SpamCop with Sendmail, couldn't you just add the > RBLed IP to a sendmail access file? I have several IPs in my access > file, due to the fact that they are on RBLs and email from those IPs > pass through with no problem. > > Dustin > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed Apr 28 18:51:35 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> References: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> Message-ID: <408FEF27.1020703@ucgbook.com> Jason Williams wrote: > As far as viruses are concerned, anytime MS detects any viruses in email, I > just wanted to have MS completely delete it. No need in delivering at all. > I'm stil debating on the following and was hoping for some feedback: I would recommend that you quarantine all blocked stuff (attachments, virus, high scoring spam) and use the quarantine cleaning script to delete it after for example 14 days. That's a whole lot safer. Look into these options to start with: Quarantine Infections = yes Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes High Scoring Spam Actions = store > Currently, i've been sending emails through the MS server, both a > combination of viruses (eicar) as well as test spam (GTUBE). It is working > well, as far as I can see. But im looking to try and 'blast' the server > with quite a few emails at once, to see how the server reacts. Anyone have > a recommendation for that? Julian posted his load testing scripts recently. http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0404&L=mailscanner&P=R3423&I=-1 http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0404&L=mailscanner&P=R3141&I=-1 > Lastly, I wanted to keep track of stats, that will include a variet of > things. I want virus statistics as well as spam statistics to be included > as well. Any recommendations on a setup for that? I can recommend Vispan if you want stats and easy install. On the page below you have a link to a live site so you can see how it looks before you install it yourself. http://www.while.homeunix.net/mailstats/ -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dustin.baer at IHS.COM Wed Apr 28 19:54:16 2004 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:24:53 2006 Subject: OT: Re: burned by spamcop, how to whitelist sites from RBL's References: <408FF4ED.F6A219CB@ihs.com> Message-ID: <408FFDD8.4B500ACB@ihs.com> "Jeff A. Earickson" wrote: > > Dustin, > That was the first thing I thought of. I stuck the IP number > in my access file, eg > > 139.140.14.83 OK > > This didn't work. Then I tried: > > Spam:bowdoin.edu FRIEND > > and various permutations of this. Yes, I did makemap. The DNSBL > rulesets always killed the emails first. Searching on the net > revealed that running your own whitelist in front of the RBLs > seems to be the only workaround. Jeff, Out of curiosity, do you have: FEATURE(`delay_checks', `friend')dnl in your mc file? "friend" is an optional argument. If I remember correctly, "delay_checks" delays the check_relay (checking the IP address) rule until the check_rcpt rule is called. Since check_relay is called first, then if you don't have the delay_checks FEATURE, your access map won't be looked at before the email is rejected. Dustin -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From georgelist at CONPOINT.COM Wed Apr 28 20:51:08 2004 From: georgelist at CONPOINT.COM (George Edwards) Date: Thu Jan 12 21:24:53 2006 Subject: How can I allow one user to recieve exe attachments? Message-ID: <000d01c42d5a$267adff0$6601a8c0@toshibaGEORGE> I need to allow one user to recieve exe attachments. I found the following in the archives but I am either just not reading it right or something is missing here. Can someone tell me another way to do this or explain this better. Thanks, George http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0307&L=mailscanner&P=R12781&I=-1 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/938198b5/attachment.html From quinting at HSD.CA Wed Apr 28 20:59:45 2004 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:24:53 2006 Subject: Exchange and MS and sa-learn Message-ID: <495B774E2F64F1408E6741B61445C8589E8C8D@mail.exchange.hsd15.ca> OK, Exchange really bites! I have discovered, that when you forward mail that you have received externally to another address, it strips ALL of the freaking headers! So, when I forward an email to spam@domain.com - I get JUST my headers in it, and no others, so there is nothing for sa-learn to learn from... Our exchange guy is looking at it, but has anyone else had experience with this?(exchange is running as a mapi system) Thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Wed Apr 28 21:08:31 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:53 2006 Subject: Exchange and MS and sa-learn In-Reply-To: <495B774E2F64F1408E6741B61445C8589E8C8D@mail.exchange.hsd15.ca> References: <495B774E2F64F1408E6741B61445C8589E8C8D@mail.exchange.hsd15.ca> Message-ID: <1083182911.22759.106.camel@bach.kevinspicer.co.uk> On Wed, 2004-04-28 at 20:59, Quintin Giesbrecht wrote: > OK, Exchange really bites! I have discovered, that when you forward > mail that you have received externally to another address, it strips ALL > of the freaking headers! > > So, when I forward an email to spam@domain.com - I get JUST my headers > in it, and no others, so there is nothing for sa-learn to learn from... > > Our exchange guy is looking at it, but has anyone else had experience > with this?(exchange is running as a mapi system) Yeah we had similar troubles with Exchange 2000 (5.5 is different in this respect I think). I was able to get round this for false positives by using the attachment action for spam, but was unable to address false negatives at all. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Wed Apr 28 21:10:40 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:24:53 2006 Subject: FAQ Entry Message-ID: <08146035CA49D6119A36009027AC822A0549E5FF@CITY-EXCH-NTS> Following up on some help I received a couple months ago relating to checking downloads with GPG, I just appended a short blurb on in http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?=&auth=ck8f1aa9b478bdac397a969ef5 bcc1686f&file=85 (watch the wordwrap) I appended it to the "Where do I get MailScanner" post rather than start a new one. If I've made any glaring mistakes, please let me know or followup in the FAQ. Thanks. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed Apr 28 21:23:08 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:53 2006 Subject: How can I allow one user to recieve exe attachments? In-Reply-To: <000d01c42d5a$267adff0$6601a8c0@toshibaGEORGE> References: <000d01c42d5a$267adff0$6601a8c0@toshibaGEORGE> Message-ID: <409012AC.1060509@ucgbook.com> George Edwards wrote: > I need to allow one user to recieve exe attachments. I found the > following in the archives but I am either just not reading it right or > something is missing here. Can someone tell me another way to do this > or explain this better. Thanks, George > http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0307&L=mailscanner&P=R12781&I=-1 That thread is about something a little more complicated than necessary. You just need to make copies of filename.rules.conf and filetype.rules.conf, edit them to allow exe files and finally use a ruleset for these two: Filename Rules = %rules-dir%/filename.rules Filetype Rules = %rules-dir%/filetype.rules The one for file names would look like this: To: user@yourdomain.com %etc-dir%/filename.rules.allowexe.conf FromOrTo: default %etc-dir%/filename.rules.conf -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Wed Apr 28 21:32:53 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:24:53 2006 Subject: Exchange and MS and sa-learn Message-ID: <91A5926EFF44D3118B1200104B7276EB02C56FCA@hart-exchange.hartwellcorp.com> Quintin Giesbrecht wrote: > OK, Exchange really bites! I have discovered, that when you forward > mail that you have received externally to another address, it strips > ALL of the freaking headers! > > So, when I forward an email to spam@domain.com - I get JUST my headers > in it, and no others, so there is nothing for sa-learn to learn > from... > > Our exchange guy is looking at it, but has anyone else had experience > with this?(exchange is running as a mapi system) Yeah, a lot of people have. ;-D Hit the FAQ and the list archives. If you still have questions after that you'll find plenty of help available. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevin at KEVINSPICER.CO.UK Wed Apr 28 21:41:09 2004 From: kevin at KEVINSPICER.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:53 2006 Subject: MailScanner-MRTG users, a question Message-ID: <1083184869.22764.122.camel@bach.kevinspicer.co.uk> Evening all! (except those of you in timezones where its not currently evening...) I'm toying with the idea of adding a graph or two for disk-IO. I'd really like to, but I suspect that it won't work for many people therefore I'd like to ask you all to take part in a little investigation to see how many *nix varients ship with a version of NET-SNMP or UCD-SNMP which supports the diskio stats I need. So, what I need to know is... Operating System (including distribution and version) the output of the following 2 commands snmpwalk -V snmpwalk -v2c -c public localhost versionConfigureOptions UCD-SNMP users need to use this command instead: snmpwalk localhost public versionConfigureOptions Please also state if you compiled snmp yourself, without using a standard build for your system [please consider BSD ports/ Gentoo ebuilds/ Source RPMS etc to be standard builds unless you modified the configure flags yourself] I'd be grateful if folks could email me directly (off-list) to spare unecessary traffic on the list. Many Thanks Kevin -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040428/7dcd509f/attachment.bin From jwilliams at COURTESYMORTGAGE.COM Wed Apr 28 21:53:05 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... Message-ID: <5.2.1.1.0.20040428135304.00b1b388@pop.courtesymortgage.com> At 07:51 PM 4/28/2004 +0200, you wrote: >I would recommend that you quarantine all blocked stuff (attachments, >virus, high scoring spam) and use the quarantine cleaning script to >delete it after for example 14 days. That's a whole lot safer. > >Look into these options to start with: > >Quarantine Infections = yes >Quarantine Whole Message = yes >Quarantine Whole Messages As Queue Files = yes >High Scoring Spam Actions = store I appreciate that. I'll take a look at it. >Julian posted his load testing scripts recently. > >http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0404&L=mailscanner&P=R3423&I=-1 >http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0404&L=mailscanner&P=R3141&I=-1 Found the script, but not sure if it will work in my situation. Looks like it requires 3 servers, but I only have 2. :) >I can recommend Vispan if you want stats and easy install. On the page >below you have a link to a live site so you can see how it looks before >you install it yourself. > >http://www.while.homeunix.net/mailstats/ I find this one very interesting. I like the output of it. Looking at the dependencies for it, i'm sure there are more requirements than just those to get those nice graphs and detailed statistics... What is the trick to getting those graphs? Apache has to be one of them... >-- >/Peter Bonivart I appreciate the help. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed Apr 28 22:05:50 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <5.2.1.1.0.20040428135304.00b1b388@pop.courtesymortgage.com> References: <5.2.1.1.0.20040428135304.00b1b388@pop.courtesymortgage.com> Message-ID: <40901CAE.2090504@ucgbook.com> Jason Williams wrote: > Found the script, but not sure if it will work in my situation. Looks like > it requires 3 servers, but I only have 2. :) OK, but maybe you can follow the thread for other suggestions. There's been similar postings before also, look for load/load test/stress test and similar. > I find this one very interesting. I like the output of it. Looking at the > dependencies for it, i'm sure there are more requirements than just those > to get those nice graphs and detailed statistics... > > What is the trick to getting those graphs? Apache has to be one of them... Yes, you need a web server. :-) The graphs are created by MRTG which is mentioned there. That's it, no database or nothing. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Wed Apr 28 22:32:13 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:24:53 2006 Subject: O/T faqomatic (was Re: FAQ Entry) Message-ID: <08146035CA49D6119A36009027AC822A0549E601@CITY-EXCH-NTS> Doh! I just blindly cut and pasted from the browser - Didn't notice the auth key persisted after I'd left the posting form. Thanks, I'll be more careful in the future. I don't know if that auth key is a one time only or if it persists (probably the latter) but it might be prudent for Julian to deep-six my "account". I can create it anew w/a different password which should give a new auth entry the next time I feel inclined to add something. Now that it's in the archives I'd hate for some miscreant to start posting a bunch of objectionable stuff up there posing as me. Or can I change my password/auth key from here? I didn't notice a place to do that in the Faq-O-Matic. Sorry for any extra work I cause anyone... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 >-----Original Message----- >Kevin, > >the auth=xxxx is not necessary to identify a faqomatic page... >in fact, you >only see it because you authenticated yourself to the >faqomatic to update a >page. > >At the bottom of every page there's a URL you can use to >identify (and share) >the page... in this case, it says: >This document is: http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?file=85 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From me at MATTKRAUSE.NET Wed Apr 28 22:39:20 2004 From: me at MATTKRAUSE.NET (Matt Krause) Date: Thu Jan 12 21:24:53 2006 Subject: mailscanner and postfix In-Reply-To: <408F022E.4010005@eatathome.com.au> References: <20040427180213.GE21598@hyper> <408F022E.4010005@eatathome.com.au> Message-ID: <40902488.7060108@mattkrause.net> Wow, thanks! That makes thing so much less confusing not having to deal with postfix and postfix.in. Thanks!!! Matt Pete wrote: > Ken Dyke wrote: > >> Hi, >> >> Has anyone written a wrapper for receiving messages from postfix? >> That seems to be the missing piece to avoiding the ugliness of the >> set up described in "MailScanner Installation Guide - Postfix". >> -- >> I think, therefore, ken_i_m >> Chief Gadgeteer, Elegant Innovations >> Founder, Bozeman Linux Users Group >> (406) 581-0495 >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> For further info about MailScanner, please see the Most Asked >> Questions at http://www.mailscanner.biz/maq/ and the archives >> at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >> >> >> > There is a simpler way, and i believe that Julian is going to be > implementing it as the defaul in a future version of mailscanner? i > believe the hold up is the install.sh script. > > The 2 POstfix instance works perfectly, as described on the mailscanner > site and plenty of uisers using that here - more recently some one has > produced a guide that shows you how to use POstfix with one instance - i > have attached the instructions, wrriten and sent to me by Drew? but > there is plenty of talk in the archive about it already. > > Regards > Pete > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ------------------------------------------------------------------------ > > #For MailScanner > /^Received:/ HOLD > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lance at WARE.NET Wed Apr 28 22:56:15 2004 From: lance at WARE.NET (Lance) Date: Thu Jan 12 21:24:53 2006 Subject: sa-learn/MailScanner question Message-ID: <200404282156.i3SLuHxe020831@kili.jiscmail.ac.uk> Hi Folks, I've been through a few upgrades and now I'm trying to add some ham manually, but not having much luck. It seems sa-learn doesn't want to look to the right place for my bayes files - which are in /var/spool/spamassassin. Any tips? sa-learn --prefs-file=/etc/MailScanner/etc/spam.assassin.prefs.conf --ham --mbox notspam Cannot open bayes databases /root/.spamassassin/bayes_* R/O: tie failed: No such file or directory Cannot open bayes databases /root/.spamassassin/bayes_* R/W: tie failed: File exists Cannot open bayes databases /root/.spamassassin/bayes_* R/W: tie failed: File exists Cannot open bayes databases /root/.spamassassin/bayes_* R/W: tie failed: File exists Learned from 0 message(s) (1 message(s) examined). -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed Apr 28 23:12:32 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:53 2006 Subject: sa-learn/MailScanner question In-Reply-To: <200404282156.i3SLuHxe020831@kili.jiscmail.ac.uk> References: <200404282156.i3SLuHxe020831@kili.jiscmail.ac.uk> Message-ID: <40902C50.2060200@ucgbook.com> Lance wrote: > It seems sa-learn doesn't want to look to the right place for my bayes files > - which are in /var/spool/spamassassin. # sa-learn -h -C path, --configpath=path, --config-file=path Path to standard configuration dir -p prefs, --prefspath=file, --prefs-file=file Set user preferences file Point it to your spam.assassin.prefs.conf file. I have symlinked /etc/mail/spamassassin/local.cf to it so I don't have to think about this. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Wed Apr 28 23:12:11 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:53 2006 Subject: burned by spamcop, how to whitelist sites from RBL's In-Reply-To: References: Message-ID: <40902C3B.3050800@eatathome.com.au> Jeff A. Earickson wrote: >Gang, > > I got burned by spamcop yesterday when they RBL'ed a >nearby college that we get lots of email from. I use >spamcop in sendmail, so I started rejecting everything from them. >I know that Julian thinks spamcop is trigger-happy, he is probably >right. > > So I had the issue of "how do I whitelist a site from >RBL's that I use?" in sendmail. With the help of other MS >listmembers and Google I have figured this out, and documented it. >My essay can be found at: > >http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?amp=&auth=ckd44d989c416b2f49c737a8ba387c20b6&file=325 > >Thanks to all who helped. > >Jeff Earickson >Colby College > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > They did this to our countries largest ISp last week - not good - its a shame because most of the time this list catches heaps of spam... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Wed Apr 28 23:39:50 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <40901CAE.2090504@ucgbook.com> References: <5.2.1.1.0.20040428135304.00b1b388@pop.courtesymortgage.com> <5.2.1.1.0.20040428135304.00b1b388@pop.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040428153832.00b199c0@pop.courtesymortgage.com> At 11:05 PM 4/28/2004 +0200, you wrote: >>What is the trick to getting those graphs? Apache has to be one of them... > >Yes, you need a web server. :-) The graphs are created by MRTG which is >mentioned there. That's it, no database or nothing. I am interested in vispan. It looks pretty nice. Nice it does not have to have a database on the backend. I'd like to implement this. How hard/quickly can this be deployed? I'm rolling out my setup here on Friday night. Im guessing, it would not be a very good idea to roll it out while the server is in production ya? :) I appreciate the help. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Wed Apr 28 23:38:40 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> References: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> Message-ID: <40903270.8090906@eatathome.com.au> Jason Williams wrote: > Hello everyone. > > Im getting ready to go live here with my first mailscanner. I have a > mix of > excitement and nervousness. :) > > Just wanted to ask a few last questions, see if I can clear up a few > things > as well as tweak my settings. > > As far as viruses are concerned, anytime MS detects any viruses in > email, I > just wanted to have MS completely delete it. No need in delivering at > all. > I'm stil debating on the following and was hoping for some feedback: > > - do most people here have emails sent to postmaster when MS receives a > virus in a email? > > - do most people here want their users to receive a email when a intended > email for them contained a virus? > > I know for the first couple of days, weeks for that matter, it will be > time > to monitor, tune and tweak the system. But im hoping to not run into any > significant problems if possible. > > Currently, i've been sending emails through the MS server, both a > combination of viruses (eicar) as well as test spam (GTUBE). It is > working > well, as far as I can see. But im looking to try and 'blast' the server > with quite a few emails at once, to see how the server reacts. Anyone > have > a recommendation for that? > > Lastly, I wanted to keep track of stats, that will include a variet of > things. I want virus statistics as well as spam statistics to be included > as well. Any recommendations on a setup for that? > > I appreciate the help. I look forward to rolling out my server. > > Thanks! > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > This is a great test and will score 5+ in spamassassin, if you use the inbuilt subject http://hyvatti.iki.fi/~jaakko/spam/unkillable.txt also, may i suggest you do not use the delete action at all for the first month - always use store instead, you can clear the quarantine later once you are positive its deletable - wouldnt be a good look to have been accidently deleting good email due to mis config during your first outing. Defintely you will want to check out mailwatch, its at sourceforge and LOADS of us use it for stats etc Remember when you first go live, stopping spam and viruses si NOT your first priority, routing mail is - so turn on all your spam detection and but just ahve deliver or deliver and store turned on while you tune it up for the first few hours and then start performing actions ? Good luck - and remember when you get stuck 1. RTFM 2. Google 3. Search the mail list archives 4 Post in the list. Regards Pete -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed Apr 28 23:57:23 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <5.2.1.1.0.20040428153832.00b199c0@pop.courtesymortgage.com> References: <5.2.1.1.0.20040428135304.00b1b388@pop.courtesymortgage.com> <5.2.1.1.0.20040428135304.00b1b388@pop.courtesymortgage.com> <5.2.1.1.0.20040428153832.00b199c0@pop.courtesymortgage.com> Message-ID: <409036D3.70905@ucgbook.com> Jason Williams wrote: > I'd like to implement this. How hard/quickly can this be deployed? I'm > rolling out my setup here on Friday night. > Im guessing, it would not be a very good idea to roll it out while the > server is in production ya? :) Since it doesn't really integrate with MS but instead passively reads the mail log you can mess with it during production. I just upgraded from an older version with no interruption to MS. If you're running Linux it's easy to get Apache and MRTG. Then there's three Perl modules you can install from CPAN (or packages if you can find them) if you don't have them. The only slightly tricky thing is the GeoIP stuff, you need to download the correct two files and install them manually. If I remember correctly it's these two in this order: GeoIP-1.3.2.tar.gz Geo-IP-1.21.tar.gz -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 01:12:22 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:53 2006 Subject: High Load In-Reply-To: <408FEED9.80209@pacific.net> References: <408FCF7B.6010502@pacific.net> <408FE9E9.4050205@ucgbook.com> <408FEED9.80209@pacific.net> Message-ID: Ken Anderson (Pacific Internet) wrote: > Peter Bonivart wrote: > >> Ken Anderson (Pacific Internet) wrote: >> >>> Alternately, I wonder if MailScanner could do a preliminary check on a >>> good rbl or two and bypass SA and take action (quarantine,notify) if the >>> message is found in the rbl? A sort of 'MailScanner-Lite' ? >> >> >> >> Is this something like that? >> >> # If the message sender is on any of the Spam Lists, do you still want >> # to do the SpamAssassin checks? Setting this to "no" will reduce the >> load >> # on your server, but will stop the High Scoring Spam Actions from ever >> # happening. >> # This can also be the filename of a ruleset. >> Check SpamAssassin If On Spam List = yes > > > I'd looked at this before and thought... why would I want to "keep the > high scoring spam action from ever happening?" > > I hadn't considered that if I set the "Spam Lists To Reach High Score" > to a low value and use a reliable rbl, I'd still get the high score > action and could skip SA checks on a lot of mail. Is my understanding of > this correct, or does setting "Check SpamAssassin If On Spam List = no" > mean you _really can't_ have the high score action? False, # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as "High Scoring Spam" and so # the "High Scoring Spam Actions" will happen. You probably want to set # this to 2 if you are actually using this feature. 5 is high enough that # it will never happen unless you use lots of "Spam Lists". # This can also be the filename of a ruleset. Spam Lists To Reach High Score = 3 > > Thanks, > Ken A. > >> -- >> /Peter Bonivart >> >> --Unix lovers do it in the Sun >> >> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, >> SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3 >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> For further info about MailScanner, please see the Most Asked >> Questions at http://www.mailscanner.biz/maq/ and the archives >> at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 01:18:15 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:53 2006 Subject: How can I allow one user to recieve exe attachments? In-Reply-To: <000d01c42d5a$267adff0$6601a8c0@toshibaGEORGE> References: <000d01c42d5a$267adff0$6601a8c0@toshibaGEORGE> Message-ID: George Edwards wrote: > I need to allow one user to recieve exe attachments. I found the > following in the archives but I am either just not reading it right or > something is missing here. Can someone tell me another way to do this > or explain this better. Thanks, George You should read the MAQ. It is at the beginning. www.mailscanner.biz/maq/ > http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0307&L=mailscanner&P=R12781&I=-1 > > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further > info about MailScanner, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 01:38:33 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:53 2006 Subject: Last few questions before I go live... In-Reply-To: <40903270.8090906@eatathome.com.au> References: <5.2.1.1.0.20040428095802.00ab9270@pop.courtesymortgage.com> <40903270.8090906@eatathome.com.au> Message-ID: Pete wrote: > Jason Williams wrote: > >> Hello everyone. >> >> Im getting ready to go live here with my first mailscanner. I have a >> mix of >> excitement and nervousness. :) >> >> Just wanted to ask a few last questions, see if I can clear up a few >> things >> as well as tweak my settings. >> >> As far as viruses are concerned, anytime MS detects any viruses in >> email, I >> just wanted to have MS completely delete it. No need in delivering at >> all. >> I'm stil debating on the following and was hoping for some feedback: >> >> - do most people here have emails sent to postmaster when MS receives a >> virus in a email? >> >> - do most people here want their users to receive a email when a intended >> email for them contained a virus? >> >> I know for the first couple of days, weeks for that matter, it will be >> time >> to monitor, tune and tweak the system. But im hoping to not run into any >> significant problems if possible. >> >> Currently, i've been sending emails through the MS server, both a >> combination of viruses (eicar) as well as test spam (GTUBE). It is >> working >> well, as far as I can see. But im looking to try and 'blast' the server >> with quite a few emails at once, to see how the server reacts. Anyone >> have >> a recommendation for that? >> >> Lastly, I wanted to keep track of stats, that will include a variet of >> things. I want virus statistics as well as spam statistics to be included >> as well. Any recommendations on a setup for that? >> >> I appreciate the help. I look forward to rolling out my server. >> >> Thanks! >> >> Jason >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> For further info about MailScanner, please see the Most Asked >> Questions at http://www.mailscanner.biz/maq/ and the archives >> at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >> > This is a great test and will score 5+ in spamassassin, if you use the > inbuilt subject > http://hyvatti.iki.fi/~jaakko/spam/unkillable.txt > > also, may i suggest you do not use the delete action at all for the > first month - always use store instead, you can clear the quarantine > later once you are positive its deletable - wouldnt be a good look to > have been accidently deleting good email due to mis config during your > first outing. > > Defintely you will want to check out mailwatch, its at sourceforge and > LOADS of us use it for stats etc > > Remember when you first go live, stopping spam and viruses si NOT your > first priority, routing mail is - so turn on all your spam detection and > but just ahve deliver or deliver and store turned on while you tune it > up for the first few hours and then start performing actions ? > > Good luck - and remember when you get stuck > 1. RTFM > 2. Google > 3. Search the mail list archives > 4 Post in the list. I'd like to add: 1.5 : read the MAQs www.mailscanner.biz/maq/ 5 : make sure you have a backup MX, to be prudent... :) Ugo > > Regards > Pete > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Thu Apr 29 03:35:27 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:53 2006 Subject: FreeBSD, MailScanner and Diskspace Message-ID: <409069EF.1030308@eatathome.com.au> Hi there, as this is my furst BSD experience, and i am still a bit of a *nix newbie, i have discovered that i havent set up my bsd/ms server correctly. MaiScanner is configured as per the docs so that its quarantine dir is at /var/spool/MailScanner/quarantine But since i used the auto disk partition set up, /usr has 28GB and /var has 256mb allocated - which is not all that usefull on this mailgateway. Would it be unwise, break anything, cause instability etc if i changed the quarantine to a symlink to a dir on /usr ? The machine is remotely hosted now so changes partition sizes isnt on, and moving the dir altogether seems like a customization that may cause me trouble in the future? Should i use a symlink or just move the dir to another partition? Love to hear any other suggestions, would it be safe to ask a colleague who is fairly linux capable to use a Knoppix cd and qparted to mod the sizes, or do you think this is getting a bit risky? thanks for any input. (yes in feel silly for not having thought of this when i building it) Pete -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jeremy at E-STUDIO.COM.AU Thu Apr 29 03:29:08 2004 From: jeremy at E-STUDIO.COM.AU (Jeremy Ervine) Date: Thu Jan 12 21:24:53 2006 Subject: Help ! Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 5401 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/4d572411/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 33472 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/4d572411/attachment-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 2969 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/4d572411/attachment-0002.obj From pete at eatathome.com.au Thu Apr 29 04:16:13 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:53 2006 Subject: Help ! In-Reply-To: References: Message-ID: <4090737D.30703@eatathome.com.au> Jeremy Ervine wrote: > Hello, > > I am using MailScanner on my Redhat Fedora Core 1 incoming mailserver > running Sendmail as the MTA, however am having trouble getting > MailScanner to stop spam, and about once a day MailScanner itself > stops functioning. > > What I am trying to achieve is that each message is checked against > all the open relay lists, then checked against spamassasin, and if the > spam assassin score is over 5, it will bounce the message. There are a > number of messages that come through with spam assasin scores over 5 > and they never get bounced, below is an extract of my logfiles for a > message which is clearly spam: > > Apr 29 11:39:44 mx2 MailScanner[10724]: Message i3T29aMt016204 from > 202.144.11.203 (_hofgune@epomail.com_) to egplant.com.au is not spam > (whitelisted), SpamAssassin (score=11.608, required 5, autolearn=spam, > BAYES_50, HTML_60_70, HTML_FONT_BIG, HTML_MESSAGE, HTML_TAG_BALANCE_A, > MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI, RCVD_IN_BL_SPAMCOP_NET, > RCVD_IN_DSBL, RCVD_IN_NJABL, RCVD_IN_NJABL_PROXY, RCVD_IN_OPM, > RCVD_IN_OPM_HTTP, RCVD_IN_OPM_HTTP_POST, RCVD_IN_SORBS, > RCVD_IN_SORBS_HTTP) > > > I have attached my MailScanner and spam assassin config files. I feel > completely out of my depth here and confused as no matter what I do it > seems that I can't stop the spam. Virus Protection and file-type > filtering seems to be working quite well. Usually once a day or so, > MailScanner ceases to function however the sendmail MTA continues to > operate, restarting mailscanner doesn't fix the problem, the only > solution I have to the problem is completely reboot the server. > > Any help greatly appreciated ! > > Regards, > Jeremy Ervine > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further > info about MailScanner, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html Well your its aint gonna bounce as long you have the following in your config - suggest you dont use delete at all untill you get a better handle of this, and have a read of the original config files comments as they content all the infio you need, like what available spam actions there are - eg bounce. Spam Actions = delete High Scoring Spam Actions = delete and you have Required SpamAssassin Score = 5 High SpamAssassin Score = 5 whicxh doesnt make sense - maybe try High Score of 10 or 15 while testing ? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscriptions at ETEAM.COM.AU Thu Apr 29 04:47:40 2004 From: subscriptions at ETEAM.COM.AU (Wayne Fox) Date: Thu Jan 12 21:24:54 2006 Subject: BitDefender-autoupdate SysLog report added for VISPAN In-Reply-To: References: Message-ID: <6.0.3.0.2.20040429134017.060041c8@mail.eteam.com.au> I have attached my bitdefender-autoupdate script which has SysLog reporting added to it. This is so VISPAN can report last Update Date from scanning the maillog. VISPAN only needs to know if update was successful so no other SysLog status was added. Wayne -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: bitdefender-autoupdate Type: application/octet-stream Size: 21146 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/3d0df65f/bitdefender-autoupdate.obj From mike at CAMAROSS.NET Thu Apr 29 06:30:58 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:54 2006 Subject: Slightly OT: Sendmail+MySQL? Message-ID: <200404290531.i3T5Ux8o003489@avwall.bladeware.com> Has anyone tried sendmail-8.12.11-5 which adds MySQL support? Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Thu Apr 29 08:00:33 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:54 2006 Subject: FreeBSD, MailScanner and Diskspace Message-ID: On Thursday, April 29, 2004 4:35 AM Pete wrote: > Would it be unwise, break anything, cause instability etc if > i changed the quarantine to a symlink to a dir on /usr ? The > machine is remotely hosted now so changes partition sizes > isnt on, and moving the dir altogether seems like a > customization that may cause me trouble in the future? > > Should i use a symlink or just move the dir to another > partition? Love to hear any other suggestions, would it be Symlink on quarantine shoul (!) work. You might as well setup another directory and put that in the MailScanner.conf though. Another clean solution would be to mount another partition to /var/spool/MailScanner that is if you have another partition free or can spare one. The cleanest solution would be to set the machine up again of course. 256M for /var is not that big in the first place. What about logfiles etc.? Depending on how you use the serve, a /var that small will give you trouble sooner or later. > safe to ask a colleague who is fairly linux capable to use a > Knoppix cd and qparted to mod the sizes, or do you think this > is getting a bit risky? Indeed. I would call that risky. Can you/the housing center attach a terminal to the computer that you could access? > thanks for any input. (yes in feel silly for not having > thought of this when i building it) Well you should... :-) Happens only one time though. Been there myself. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Thu Apr 29 08:02:35 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:54 2006 Subject: Problem with lockfile in update_virus_scanners Message-ID: On Wednesday, April 28, 2004 3:18 PM Julian Field wrote: > Your patch will only work on GNU "find" and nothing else, as other > "find" commands can only report in days. > This will do a rather better job: Ok. I will try that. Could you put this in the next distribution? Believe it or not our customer hat a power failure during update_virus_scanners which caused this... Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Thu Apr 29 11:12:11 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:24:54 2006 Subject: Where are the MailScanner and Spamassassin logs ? Message-ID: <38531FBA30509D418523F41CC6E981D827EA9C@securenetdc.securenet.co.il> Hi all, where is the location of the MailScanner and spamassassin logs? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Thu Apr 29 11:16:45 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:24:54 2006 Subject: Where are the MailScanner and Spamassassin logs ? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649CEF@pascal.priv.bmrb.co.uk> Idan Plotnik wrote: > Hi all, > > where is the location of the MailScanner and spamassassin logs? > Logged to syslog with the facility mail. So probably in /var/log/maillog (on Redhat) /var/log/mail (Mandrake) /var/log/syslog (Solaris) /var/log/mail.info (Gentoo) or somewhere similar. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Thu Apr 29 11:20:28 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:24:54 2006 Subject: Where are the MailScanner and Spamassassin logs ? Message-ID: <38531FBA30509D418523F41CC6E981D827EA9D@securenetdc.securenet.co.il> I familiar with the mailog file, but this is the MailScanner and the SpamAssassin log also ? Thanks a lot -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: Thursday, April 29, 2004 12:17 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Where are the MailScanner and Spamassassin logs ? Idan Plotnik wrote: > Hi all, > > where is the location of the MailScanner and spamassassin logs? > Logged to syslog with the facility mail. So probably in /var/log/maillog (on Redhat) /var/log/mail (Mandrake) /var/log/syslog (Solaris) /var/log/mail..info (Gentoo) or somewhere similar. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Thu Apr 29 11:21:23 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? Message-ID: <38531FBA30509D418523F41CC6E981D827EA9E@securenetdc.securenet.co.il> Hi All, I hope someone will by able to answer my simple question, the attachment is a spam mail that I have got and he get this score score=2.4 why ???? And how can its happened ? I have a lot of examples like this, and a lot of opposite examples that a simple mail is recognize as spam and he isnt ! This is the information from the Mailscanner and the spamassassin about this email: Microsoft Mail Internet Headers Version 2.0 Received: from localhost.localdomain ([10.0.0.4]) by exc-srv.dm-rind.rcip.co.il with Microsoft SMTPSVC(5.0.2195.6713); Wed, 28 Apr 2004 17:28:10 +0200 Received: through eSafe SMTP Relay 1082769548; Wed Apr 28 16:29:50 2004 Received: from audiogram.mail.pas.earthlink.net (audiogram.mail.pas.earthlink.net [207.217.120.253]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id i3SJY5mw010057 for ; Wed, 28 Apr 2004 17:34:19 -0200 Received: from [61.174.248.65] (helo=61.174.248.65) by audiogram.mail.pas.earthlink.net with asmtp (Exim 3.36 #4) id 1BIq2z-00022P-00; Wed, 28 Apr 2004 07:28:26 -0700 Message-ID: <005801c42d90$ff05a04f$f850ae31@nehh> Reply-To: "=?windows-1251?B?UmV5ZXM=?=" " From: "=?windows-1251?B?UmV5ZXM=?=" " Subject: =?windows-1251?B?QnVzdHkgbW9tcyBhbmQgYmlnIGMoKWNrIHNvbnMuLg==?= Date: Wed, 28 Apr 2004 09:22:49 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-ELNK-Trace: db305808ed97cd2be20a33f9b80bf72f239a348a220c260950bf1b39f15aec713dba715d 84806b6d93caf27dac41a8fd350badd9bab72f9c350badd9bab72f9c X-MailScanner-Information: Please contact the ISP for more information X-MailScanner-Information:X-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-MailScanner-SpamCheck: not spam, SpamAssassin (score=2.4, required 4,HTML_60_70 0.10, HTML_EVENT_UNSAFE 0.21, HTML_IMAGE_ONLY_02 1.44,HTML_IMAGE_RATIO_02 0.50, HTML_WITH_BGCOLOR 0.10,MIME_HTML_ONLY 0.10) X-MailScanner-SpamScore: ss Bcc: Return-Path: mfepOAu@vixensplace.com X-OriginalArrivalTime: 28 Apr 2004 15:28:10.0225 (UTC) FILETIME=[69A67610:01C42D35] BTW Where can I configure the RBL for the MailScanner and the SpamAssassin and how can I know which one to configure ? Thanks a lot. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An embedded message was scrubbed... From: "Reyes" Subject: Busty moms and big c()ck sons.. Date: Wed, 28 Apr 2004 17:22:49 +0300 Size: 1179 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/8f0cdfb1/attachment.mht From martinh at SOLID-STATE-LOGIC.COM Thu Apr 29 11:37:09 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? In-Reply-To: <38531FBA30509D418523F41CC6E981D827EA9E@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EA9E@securenetdc.securenet.co.il> Message-ID: <4090DAD5.4010807@solid-state-logic.com> Idan it hit the following rules on my system.. score=5.971, required 5, BAYES_44 -0.00, BIZ_TLD 0.10, FCS_URI_NODOTS 0.35, LARGE_HEX 1.16, LG_4C_2V_3C 0.05, OACYS_CONS_6 1.00, OACYS_HASH 1.00, PLING_PLING 0.65, SARE_ADULT2 1.67 I've got alot of the rules in www.ruleemporium.org loaded (not the bigevil.cf!) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Thu Apr 29 11:41:55 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? Message-ID: <38531FBA30509D418523F41CC6E981D827EAA1@securenetdc.securenet.co.il> Hi Martin, 1. The link is not working 2. how do I install these rules on my MailScanner, I thinks this is the solution !!! Thanks a lot. -----Original Message----- From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] Sent: Thursday, April 29, 2004 12:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: simple question!!! Why? Idan it hit the following rules on my system.. score=5.971, required 5, BAYES_44 -0.00, BIZ_TLD 0.10, FCS_URI_NODOTS 0.35, LARGE_HEX 1.16, LG_4C_2V_3C 0.05, OACYS_CONS_6 1.00, OACYS_HASH 1.00, PLING_PLING 0.65, SARE_ADULT2 1.67 I've got alot of the rules in www.ruleemporium.org loaded (not the bigevil.cf!) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 11:46:38 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? In-Reply-To: <38531FBA30509D418523F41CC6E981D827EA9E@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EA9E@securenetdc.securenet.co.il> Message-ID: Idan Plotnik wrote: > Hi All, > > I hope someone will by able to answer my simple question, the attachment > is a spam mail that I have got and he get this score > score=2.4 why ???? And how can its happened ? MailScanner and Spamassassin aren't magic. It cannot catch 100% of spam. This example is what we call a false negative. It is considered legitimate mail while it is spam. Since you provided us with no information about your setup, that is about how far I can go. I can only suggest you read the MAQ page http://www.mailscanner.biz/maq/ , especially the part about optimization, but please read the whole thing... Giving more info on your setup would help as well. > > I have a lot of examples like this, and a lot of opposite examples that > a simple mail is recognize as spam and he isnt ! That is what we call false positive. If you use bayes it should help as soon as it kicks in (after 200 hams and 200 spams). There is a section about that in the MAQ. BTW this header is weird: > X-MailScanner-Information:X-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details hth > > This is the information from the Mailscanner and the spamassassin about > this email: > > > Microsoft Mail Internet Headers Version 2.0 > Received: from localhost.localdomain ([10.0.0.4]) by > exc-srv.dm-rind.rcip.co.il with Microsoft SMTPSVC(5.0.2195.6713); > Wed, 28 Apr 2004 17:28:10 +0200 > Received: through eSafe SMTP Relay 1082769548; Wed Apr 28 16:29:50 2004 > Received: from audiogram.mail.pas.earthlink.net > (audiogram.mail.pas.earthlink.net [207.217.120.253]) by > localhost.localdomain > (8.12.5/8.12.5) with ESMTP id i3SJY5mw010057 for > ; Wed, 28 Apr 2004 17:34:19 -0200 > Received: from [61.174.248.65] (helo=61.174.248.65) by > audiogram.mail.pas.earthlink.net with asmtp (Exim 3.36 #4) id > 1BIq2z-00022P-00; > Wed, 28 Apr 2004 07:28:26 -0700 > Message-ID: <005801c42d90$ff05a04f$f850ae31@nehh> > Reply-To: "=?windows-1251?B?UmV5ZXM=?=" " > From: "=?windows-1251?B?UmV5ZXM=?=" " > Subject: =?windows-1251?B?QnVzdHkgbW9tcyBhbmQgYmlnIGMoKWNrIHNvbnMuLg==?= > Date: Wed, 28 Apr 2004 09:22:49 -0500 > MIME-Version: 1.0 > Content-Type: text/html; > charset="windows-1251" > Content-Transfer-Encoding: 7bit > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > X-ELNK-Trace: > db305808ed97cd2be20a33f9b80bf72f239a348a220c260950bf1b39f15aec713dba715d > 84806b6d93caf27dac41a8fd350badd9bab72f9c350badd9bab72f9c > X-MailScanner-Information: Please contact the ISP for more information > X-MailScanner-Information:X-MailScanner: Not scanned: please contact > your Internet E-Mail Service Provider for details > X-MailScanner-SpamCheck: not spam, SpamAssassin (score=2.4, required > 4,HTML_60_70 0.10, HTML_EVENT_UNSAFE 0.21, HTML_IMAGE_ONLY_02 > 1.44,HTML_IMAGE_RATIO_02 0.50, HTML_WITH_BGCOLOR > 0.10,MIME_HTML_ONLY 0.10) > X-MailScanner-SpamScore: ss > Bcc: > Return-Path: mfepOAu@vixensplace.com > X-OriginalArrivalTime: 28 Apr 2004 15:28:10.0225 (UTC) > FILETIME=[69A67610:01C42D35] > > > BTW > Where can I configure the RBL for the MailScanner and the SpamAssassin > and how can I know which one to configure ? You've got the answer in the MAQ http://www.mailscanner.biz/maq/#howtocustom > > > Thanks a lot. > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ------------------------------------------------------------------------ > > Subject: > Busty moms and big c()ck sons.. > From: > "Reyes" > Date: > Wed, 28 Apr 2004 17:22:49 +0300 > > X-MimeOLE: > Produced By Microsoft Exchange V6.0.6375.0 > content-class: > urn:content-classes:message > MIME-Version: > 1.0 > Content-Type: > text/plain; charset="Windows-1251" > Content-Transfer-Encoding: > quoted-printable > Message-ID: > <005801c42d90$ff05a04f$f850ae31@nehh> > Thread-Topic: > Busty moms and big c()ck sons.. > Thread-Index: > AcQtNWmrqiMa0NwvR8eTqX61EsRqpQ== > Reply-To: > "Reyes" > > > Dear Major > > > > Hot horny babe fingers her pussy > > > Guys get into an unbelievable orgy > > > > > First-time teen gets wet playing with a dildo > > Regards Shelton! > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 11:48:19 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? In-Reply-To: <38531FBA30509D418523F41CC6E981D827EAA1@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EAA1@securenetdc.securenet.co.il> Message-ID: Idan Plotnik wrote: > Hi Martin, > > 1. The link is not working http://www.rulesemporium.com/ > 2. how do I install these rules on my MailScanner, I thinks this is the > solution !!! Thanks a lot. > > > -----Original Message----- > From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] > Sent: Thursday, April 29, 2004 12:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: simple question!!! Why? > > Idan > > it hit the following rules on my system.. > > score=5.971, required 5, BAYES_44 -0.00, BIZ_TLD 0.10, FCS_URI_NODOTS > 0.35, LARGE_HEX 1.16, LG_4C_2V_3C 0.05, OACYS_CONS_6 1.00, OACYS_HASH > 1.00, PLING_PLING 0.65, SARE_ADULT2 1.67 > > I've got alot of the rules in www.ruleemporium.org loaded (not the > bigevil.cf!) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Thu Apr 29 12:15:50 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? In-Reply-To: <38531FBA30509D418523F41CC6E981D827EAA1@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EAA1@securenetdc.securenet.co.il> Message-ID: <4090E3E6.7070603@solid-state-logic.com> d'oh http://www.rulesemporium.com/ add them into /etc/mail/spamassasin make sure they are readable by the MailScanner user and restart MailScanner. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Idan Plotnik wrote: > Hi Martin, > > 1. The link is not working > 2. how do I install these rules on my MailScanner, I thinks this is the > solution !!! Thanks a lot. > > > -----Original Message----- > From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] > Sent: Thursday, April 29, 2004 12:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: simple question!!! Why? > > Idan > > it hit the following rules on my system.. > > score=5.971, required 5, BAYES_44 -0.00, BIZ_TLD 0.10, FCS_URI_NODOTS > 0.35, LARGE_HEX 1.16, LG_4C_2V_3C 0.05, OACYS_CONS_6 1.00, OACYS_HASH > 1.00, PLING_PLING 0.65, SARE_ADULT2 1.67 > > I've got alot of the rules in www.ruleemporium.org loaded (not the > bigevil.cf!) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Thu Apr 29 12:54:05 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? Message-ID: <38531FBA30509D418523F41CC6E981D827EAA6@securenetdc.securenet.co.il> Hi Martin thanks a lot for your help!!!. I just need to copy the files (ruls) into this directory and make sure that to user have access to them ? Thanks -----Original Message----- From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] Sent: Thursday, April 29, 2004 1:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: simple question!!! Why? d'oh http://www.rulesemporium.com/ add them into /etc/mail/spamassasin make sure they are readable by the MailScanner user and restart MailScanner. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Idan Plotnik wrote: > Hi Martin, > > 1. The link is not working > 2. how do I install these rules on my MailScanner, I thinks this is > the solution !!! Thanks a lot. > > > -----Original Message----- > From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] > Sent: Thursday, April 29, 2004 12:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: simple question!!! Why? > > Idan > > it hit the following rules on my system.. > > score=5.971, required 5, BAYES_44 -0.00, BIZ_TLD 0.10, FCS_URI_NODOTS > 0.35, LARGE_HEX 1.16, LG_4C_2V_3C 0.05, OACYS_CONS_6 1.00, OACYS_HASH > 1.00, PLING_PLING 0.65, SARE_ADULT2 1.67 > > I've got alot of the rules in www.ruleemporium.org loaded (not the > bigevil.cf!) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Thu Apr 29 13:13:05 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:54 2006 Subject: bill.zip? In-Reply-To: Message-ID: <200404291213.i3TCD68o032328@avwall.bladeware.com> Apr 28 21:47:10 avwall MailScanner[16624]: INFECTED:: W32/Netsky-P W32/Netsky-P:: ./i3T2l18o026083/bill.zip Apr 28 21:47:10 avwall MailScanner[16624]: INFECTED:: Worm.SomeFool.P:: ./i3T2l18o026083/bill.zip > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Remco Barendse > Sent: Thursday, April 29, 2004 1:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: bill.zip? > > Is anyone else receiving mails with an attachment bill.zip? > > The attachment is extremely small and I know for sure that it > is not legitimate mail. Neither clam nor McAfee picked it up. > > This is what the df/qf pair contains: > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0002_00000AA8.00001F69 > Content-Type: text/plain; > charset="Windows-1252" > Content-Transfer-Encoding: 7bit > > Important bill! > > > ------=_NextPart_000_0002_00000AA8.00001F69 > Content-Type: application/octet-stream; > name="Bill.zip" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="Bill.zip" > > UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA== > ------=_NextPart_000_0002_00000AA8.00001F69-- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ricardo.bernardes at centraldecomunicacao.pt Thu Apr 29 13:58:05 2004 From: ricardo.bernardes at centraldecomunicacao.pt (Ricardo Bernardes) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> <01ab01c42d39$d5ada7d0$320fa8c0@rbernardes> <03ce01c42d3e$2a25d040$0300a8c0@Spike> Message-ID: <02cb01c42de9$9cba4720$320fa8c0@rbernardes> Hello I think I've solved the problem by disabling the Sign Clean Messages # Add the "Inline HTML Signature" or "Inline Text Signature" to the end # of uninfected messages? # This can also be the filename of a ruleset. Sign Clean Messages = no it?s a shame to take out the Mailscanner Clean Message but it seems to work. Thank you all Ricardo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Thu Apr 29 13:49:59 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:54 2006 Subject: simple question!!! Why? In-Reply-To: <38531FBA30509D418523F41CC6E981D827EAA6@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EAA6@securenetdc.securenet.co.il> Message-ID: <4090F9F7.8090608@solid-state-logic.com> Idan yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Idan Plotnik wrote: > Hi Martin > > thanks a lot for your help!!!. > I just need to copy the files (ruls) into this directory and make sure > that to user have access to them ? > > Thanks > > > -----Original Message----- > From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] > Sent: Thursday, April 29, 2004 1:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: simple question!!! Why? > > d'oh > > http://www.rulesemporium.com/ > > add them into /etc/mail/spamassasin > > make sure they are readable by the MailScanner user and restart > MailScanner. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Idan Plotnik wrote: > >>Hi Martin, >> >>1. The link is not working >>2. how do I install these rules on my MailScanner, I thinks this is >>the solution !!! Thanks a lot. >> >> >>-----Original Message----- >>From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] >>Sent: Thursday, April 29, 2004 12:37 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: simple question!!! Why? >> >>Idan >> >>it hit the following rules on my system.. >> >>score=5.971, required 5, BAYES_44 -0.00, BIZ_TLD 0.10, > > FCS_URI_NODOTS > >>0.35, LARGE_HEX 1.16, LG_4C_2V_3C 0.05, OACYS_CONS_6 1.00, > > OACYS_HASH > >>1.00, PLING_PLING 0.65, SARE_ADULT2 1.67 >> >>I've got alot of the rules in www.ruleemporium.org loaded (not the >>bigevil.cf!) >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept for the >>presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at karel.com.tr Thu Apr 29 14:22:50 2004 From: linux at karel.com.tr (Volkan Evrin) Date: Thu Jan 12 21:24:54 2006 Subject: Usermin and Autoreply Error Message-ID: <052601c42ded$121435f0$0a02a8c0@toranaga> I have used the Usermin module on my Redhat 9.0 e-mail server running with Mail Scanner 4.29.7+Clamav0.70+Spamassassin2.63+Sendmail 8.12-8.4. I don't know this subject is related with this list, but when I configure the Usermin user to send autoreply from file, I got an error, smrsh: uid 500: attempt to use "autoprely.pl /home/den1/deneme.txt den1" (stat failed) sendmail[3899]: to"|/home/den1/.usermin/forward/autoreply.pl /home/den1/deneme.txt den1", ctrladdr= (500/100), delay=00:00:34, xdelay=00:00:00, mailer=prog, pri=121033, dsn=5.0.0, stat=Service unavailable sendmail[3899] DSN: Service unavailable I understood this log lines, there was no active sendmail service because of the MailScanner controlled the sendmail service. Is there any possible way to show in the autoreply.pl the active mail system working on the MailScanner, or other ways? Volkan Evrin KAREL. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu Apr 29 15:03:02 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:24:54 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200404291403.i3TE32GW014801@seer.ecs.soton.ac.uk> New Guestbook-Entry from Arn Henry http://members.fortunecity.com/papuaguinea/ , What a ******** , reviewing Tenssion with the neighboring australia continent This site is the best site you''ll have the honor to watch with your very own eyes on the Web From miguelk at KONSULTEX.COM.BR Thu Apr 29 15:10:54 2004 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> <01ab01c42d39$d5ada7d0$320fa8c0@rbernardes> <03ce01c42d3e$2a25d040$0300a8c0@Spike> <02cb01c42de9$9cba4720$320fa8c0@rbernardes> Message-ID: <40910CEE.9080208@konsultex.com.br> Ricardo; I was doing some testing yesterday and by sending PDFs to myself and could not duplicate the problem. I have Sign Clean Messages = yes. I think this has more to do with certain PDF files. I'll have to wait and see if someone complains again so I can test with a known bad file. It is a strange problem though. Miguel Ricardo Bernardes wrote: >Hello > >I think I've solved the problem by disabling the Sign Clean Messages > > ># Add the "Inline HTML Signature" or "Inline Text Signature" to the end ># of uninfected messages? ># This can also be the filename of a ruleset. >Sign Clean Messages = no > > > >it?s a shame to take out the Mailscanner Clean Message but it seems to work. > > > >Thank you all > >Ricardo > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dean.plant at ROKE.CO.UK Thu Apr 29 15:18:19 2004 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED Message-ID: I suffered a very similar problem and traced it down (with the help of Julian) to our MS exchange 5.5 server which encoded some mails with pdf attachments in quoted printable format and some in base64. Any that were quoted printable were corrupted when the signature was added. Do your mails originate from MS exchange? Dean -----Original Message----- From: Miguel Koren O'Brien de Lacy [mailto:miguelk@KONSULTEX.COM.BR] Sent: 29 April 2004 15:11 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem With PDF Files - SOLVED Ricardo; I was doing some testing yesterday and by sending PDFs to myself and could not duplicate the problem. I have Sign Clean Messages = yes. I think this has more to do with certain PDF files. I'll have to wait and see if someone complains again so I can test with a known bad file. It is a strange problem though. Miguel Ricardo Bernardes wrote: >Hello > >I think I've solved the problem by disabling the Sign Clean Messages > > ># Add the "Inline HTML Signature" or "Inline Text Signature" to the end ># of uninfected messages? ># This can also be the filename of a ruleset. >Sign Clean Messages = no > > > >it?s a shame to take out the Mailscanner Clean Message but it seems to work. > > > >Thank you all > >Ricardo > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- Visit our website at www.roke.co.uk Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Thu Apr 29 15:18:11 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649CF3@pascal.priv.bmrb.co.uk> Miguel Koren O'Brien de Lacy wrote: > Ricardo; > > I was doing some testing yesterday and by sending PDFs to myself and > could not duplicate the problem. I have Sign Clean Messages = yes. I > think this has more to do with certain PDF files. I'll have to wait > and see if someone complains again so I can test with a known bad > file. It is a strange problem though. I wonder if it is a particular MUA assigining an incorrect mime type to pdf attachments. A quick google reveals these mime-types application/pdf application/x-pdf application/acrobat applications/vnd.pdf text/pdf text/x-pdf If an MUA uses one of the last two then I think MS will sign it (IIRC it signs any text part). I had to write a custom function to prevent it signing Outlook meeting requests (which are text/calendar or something like that). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Thu Apr 29 15:32:17 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:54 2006 Subject: SweepViruses.pm: minor patch to 4.29.7, for 4.30 Message-ID: Julian, Attached is a minor "diff -c" patch to /lib/MailScanner/SweepViruses.pm. The purpose of the patch is to change the syslog output for ClamAVmodule and SophosSAVI from: MailScanner[29668]: INFECTED:: W32/Bagle-AA:: (pathname) MailScanner[29668]: INFECTED:: Worm.Bagle.Z:: (pathname) to: MailScanner[24988]: INFECTED::SophosSAVI:: W32/Bagle-AA:: (pathname) MailScanner[24988]: INFECTED::ClamAVModule:: Worm.Bagle.Z:: (pathname) I would like to know which anti-virus engine caused the syslog, since I have perl scripts that track this stuff on a daily basis and different engines call the same virus by different names. Could this be rolled into the 4.30 version? This may also be applicable to other anti-virus engine logging that doesn't operate by way of perl APIs (I don't use any, so can't test). Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- *** SweepViruses.pm.orig Thu Apr 29 10:13:59 2004 --- SweepViruses.pm Thu Apr 29 10:21:09 2004 *************** *** 925,934 **** next; } if ($results->virus) { ! print "INFECTED::"; print " $results" . ":: $dirname/$childname/$filename\n"; } else { ! print "CLEAN:: :: $dirname/$childname/$filename\n"; } } $child->close; --- 925,934 ---- next; } if ($results->virus) { ! print "INFECTED::ClamAVModule::"; print " $results" . ":: $dirname/$childname/$filename\n"; } else { ! print "CLEAN::ClamAVModule :: $dirname/$childname/$filename\n"; } } $child->close; *************** *** 984,996 **** next; } if ($results->infected) { ! print "INFECTED::"; foreach $virus ($results->viruses) { print " $virus"; } print ":: $dirname/$childname/$filename\n"; } else { ! print "CLEAN:: :: $dirname/$childname/$filename\n"; } } $child->close; --- 984,996 ---- next; } if ($results->infected) { ! print "INFECTED::SophosSAVI::"; foreach $virus ($results->viruses) { print " $virus"; } print ":: $dirname/$childname/$filename\n"; } else { ! print "CLEAN::SophosSAVI :: $dirname/$childname/$filename\n"; } } $child->close; From ryan at MARINOCRANE.COM Thu Apr 29 15:31:09 2004 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <02cb01c42de9$9cba4720$320fa8c0@rbernardes> References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> <01ab01c42d39$d5ada7d0$320fa8c0@rbernardes> <03ce01c42d3e$2a25d040$0300a8c0@Spike> <02cb01c42de9$9cba4720$320fa8c0@rbernardes> Message-ID: <409111AD.3020200@marinocrane.com> Wow, this now fixes the issue I have been having with certain pdfs. It is odd to note that it wasnt ALL pdfs that were being broken by the (now discovered) inline message. We actually narrowed it down yesterday to PDFs being created/printed from the latest version of QuickBooks with the latest version of Acrobat Professional V6.01. It was also noted that these pdfs emailed with Netscape were delivered just fine, but those sent with Outlook AND Outlook Express both delivered corrupt pdfs. Now that I have removed the inline signature, these pdfs are coming through just fine. I have attached a sample of the pdfs that were causing the issue for those who are interested. This attachment is being sent with Netscape 7. Thanks for the fix Ricardo! Ryan Pitt Ricardo Bernardes wrote: >Hello > >I think I've solved the problem by disabling the Sign Clean Messages > > ># Add the "Inline HTML Signature" or "Inline Text Signature" to the end ># of uninfected messages? ># This can also be the filename of a ruleset. >Sign Clean Messages = no > > > >it?s a shame to take out the Mailscanner Clean Message but it seems to work. > > > >Thank you all > >Ricardo > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: pdf for ms testing.pdf Type: application/pdf Size: 7456 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/0a9b4d66/pdfformstesting.pdf From ricardo.bernardes at centraldecomunicacao.pt Thu Apr 29 16:06:14 2004 From: ricardo.bernardes at centraldecomunicacao.pt (Ricardo Bernardes) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> <01ab01c42d39$d5ada7d0$320fa8c0@rbernardes> <03ce01c42d3e$2a25d040$0300a8c0@Spike> <02cb01c42de9$9cba4720$320fa8c0@rbernardes> <409111AD.3020200@marinocrane.com> Message-ID: <030701c42dfb$84482ba0$320fa8c0@rbernardes> i got the same problem anly a few were damaged your pdf works just fine on my computer let's hope this is it ! ricardo ----- Original Message ----- From: "Ryan Pitt" To: Sent: Thursday, April 29, 2004 3:31 PM Subject: Re: Problem With PDF Files - SOLVED Wow, this now fixes the issue I have been having with certain pdfs. It is odd to note that it wasnt ALL pdfs that were being broken by the (now discovered) inline message. We actually narrowed it down yesterday to PDFs being created/printed from the latest version of QuickBooks with the latest version of Acrobat Professional V6.01. It was also noted that these pdfs emailed with Netscape were delivered just fine, but those sent with Outlook AND Outlook Express both delivered corrupt pdfs. Now that I have removed the inline signature, these pdfs are coming through just fine. I have attached a sample of the pdfs that were causing the issue for those who are interested. This attachment is being sent with Netscape 7. Thanks for the fix Ricardo! Ryan Pitt Ricardo Bernardes wrote: >Hello > >I think I've solved the problem by disabling the Sign Clean Messages > > ># Add the "Inline HTML Signature" or "Inline Text Signature" to the end ># of uninfected messages? ># This can also be the filename of a ruleset. >Sign Clean Messages = no > > > >it?s a shame to take out the Mailscanner Clean Message but it seems to work. > > > >Thank you all > >Ricardo > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ispmgr at CLAS.NET Thu Apr 29 16:42:20 2004 From: ispmgr at CLAS.NET (Youn Gonzales) Date: Thu Jan 12 21:24:54 2006 Subject: burned by spamcop, how to whitelist sites from RBL's References: <408FF4ED.F6A219CB@ihs.com> Message-ID: <00b001c42e00$8f1d0d20$813112d0@ISPMGR> > That was the first thing I thought of. I stuck the IP number > in my access file, eg > > 139.140.14.83 OK > > This didn't work. Then I tried: > > Spam:bowdoin.edu FRIEND > We had the same results. According to the docs, the access file is supposed to override the RBL lookups, but it is buggy at best. Sometimes it works and sometimes it doesn't. We took most of the RBL lookups out of sendmail and stuck them in SpamAssassin and began tagging instead of blocking. To get the performance up on the relay servers, we switched to the reiser file system and put the temp dirs in ram, and setup a separate log server connected through a second nic. We are still looking for better ways to block at least some of the spam at the MTA level, but we are leaning towards throwing more and more processor power at the problem and sticking to tagging. Youn Gonzales System Administrator Comptia A+, Network+, INET+, Cisco CCNA/CCDA Certified Technician Microsoft Certified Professional Indifference can not but be criminal, when it is conversant about objects which are so far from being of an indifferent nature, that they are highest importance. --Addison. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miguelk at KONSULTEX.COM.BR Thu Apr 29 17:03:24 2004 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED References: Message-ID: <4091274C.8010909@konsultex.com.br> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/400dc3c7/attachment.html From miguelk at KONSULTEX.COM.BR Thu Apr 29 17:06:06 2004 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:24:54 2006 Subject: Problem With PDF Files - SOLVED References: <5C0296D26910694BB9A9BBFC577E7AB001649CEA@pascal.priv.bmrb.co.uk> <01ab01c42d39$d5ada7d0$320fa8c0@rbernardes> <03ce01c42d3e$2a25d040$0300a8c0@Spike> <02cb01c42de9$9cba4720$320fa8c0@rbernardes> <409111AD.3020200@marinocrane.com> Message-ID: <409127EE.30108@konsultex.com.br> Ryan; Good point. That would explain why it only happens infrequently. I'll give your PDF a try. Miguel Ryan Pitt wrote: > Wow, this now fixes the issue I have been having with certain pdfs. > It is odd to note that it wasnt ALL pdfs that were being broken by the > (now discovered) inline message. > We actually narrowed it down yesterday to PDFs being created/printed > from the latest version of QuickBooks with the latest version of > Acrobat Professional V6.01. > It was also noted that these pdfs emailed with Netscape were delivered > just fine, but those sent with Outlook AND Outlook Express both > delivered corrupt pdfs. > Now that I have removed the inline signature, these pdfs are coming > through just fine. > > I have attached a sample of the pdfs that were causing the issue for > those who are interested. > This attachment is being sent with Netscape 7. > > Thanks for the fix Ricardo! > > Ryan Pitt > > Ricardo Bernardes wrote: > >> Hello >> >> I think I've solved the problem by disabling the Sign Clean Messages >> >> >> # Add the "Inline HTML Signature" or "Inline Text Signature" to the end >> # of uninfected messages? >> # This can also be the filename of a ruleset. >> Sign Clean Messages = no >> >> >> >> it?s a shame to take out the Mailscanner Clean Message but it seems >> to work. >> >> >> >> Thank you all >> >> Ricardo >> > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu Apr 29 17:01:51 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:54 2006 Subject: Problem with lockfile in update_virus_scanners In-Reply-To: References: Message-ID: <6.0.1.1.2.20040429170140.099dbf18@imap.ecs.soton.ac.uk> At 08:02 29/04/2004, you wrote: >On Wednesday, April 28, 2004 3:18 PM Julian Field > wrote: > > > Your patch will only work on GNU "find" and nothing else, as other > > "find" commands can only report in days. > > This will do a rather better job: > >Ok. I will try that. Could you put this in the next distribution? Already done. > Believe it or not our customer hat a power failure during > update_virus_scanners which caused this... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Thu Apr 29 18:05:43 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:54 2006 Subject: (Fwd) subject not modified (sometimes) Message-ID: <40910BB7.19985.425F0F27@localhost> Hi... it seems the list ate my message... it seems it was too long (or too spamish) with all the spam message attached. Now I uploaded everything to http://baby.com.ar/MailScanner/msg-20040429/ so you can see it and the message is lighter. Please, read on. ------- Forwarded message follows ------- From: Mariano Absatz To: MailScanner mailing list Subject: subject not modified (sometimes) Date: Thu, 29 Apr 2004 11:38:27 -0300 Hi, I'm using MailScanner 4.29.7 + SpamAssassin 2.63 + ZMailer 2.99.56 with linux (redhat 6.1). It is working nicely, but sometimes, and only sometimes, it refuses to modify the subject. That is, the message is correctly identified as spam by SpamAssassin, the X-*-MailScanner*: headers are added, but the subject is NOT prepended with the {spam} string. The settings _DO_ set this string for all messages, no rulesets here. This happens in a very small percentage of messages, but I don't know why. I suspected of strange MIME encodings in the subject: =?windows-1252?Q?Ten=E9s_DVD?_Entonces_arm=E1_tu_propia_colecci=F3n!!!?= but it's not only that, 'cause I saw this happening in messages whose subject is not MIME encoded... An example of this is at http://baby.com.ar/MailScanner/msg-20040429/message1.msg and the corresponding log is http://baby.com.ar/MailScanner/msg-20040429/message1.log The other 4 messages (I don't have the corresponding logs) are hi-scoring spam that didn't get their subject modified. They're not MIME encoded BUT I just noticed all of them have To: (and eventually Cc:) header(s) that don't have actual addresses in them. To: MAIL3 To: unlisted-recipients:; (no To-header on input) Cc: 113 To: unlisted-recipients:; (no To-header on input) Cc: \ok112.OK, \ok113.OK, \ok114.OK, \ok115.OK, \ok116.OK, \ok117.OK, \ok118.OK, \ok119.OK, \ok120.OK, \ok121.OK, \ok122.OK, \ok123.OK Might this be two different problems? Attachments: C:\DOCUME~1\baby\LOCALS~1\Temp\WPM$0A70.PM$ C:\DOCUME~1\baby\LOCALS~1\Temp\WPM$6A9A.PM$ C:\DOCUME~1\baby\LOCALS~1\Temp\WPM$3976.PM$ C:\DOCUME~1\baby\LOCALS~1\Temp\WPM$662A.PM$ ------- End of forwarded message ------- -- Mariano Absatz El Baby ---------------------------------------------------------- Unix is very simple, but it takes a genius to understand the simplicity. -- Dennis Ritchie -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Thu Apr 29 19:32:58 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:54 2006 Subject: MailScanner.conf size (was Re: Full spamassassin report in header?) In-Reply-To: References: <40913F21.1020706@ahsc.arizona.edu> Message-ID: <4091202A.3001.42AEEF77@localhost> El 29 Apr 2004 a las 13:48, Ugo Bellavance escribi?: > > I agree that one wan't really obvious. We sometimes forget how big > MailScanner.conf is :). > > But I undertsand Michael, there is many people that come here and post > to the list without making an effort. It looks it wasn't your case. Sorry. > Hi, I think we reached a point where MailScanner.conf is a complete beast... Julian is so kind to add every little thing we ask for, that a file I once read and was able to understand about 80% of it being a newbie, is now really tiresome to browse and find something, even if I'm no longer a newbie. I know that because I prefer not to use 'upgrade_MailScanner_conf', or run it on a copy of MailScanner.conf and then manually check the settings, especially the new ones... I re-read Julian's comments every now and then 'cause they're also upgraded, even on old settings, and that is something upgrade_MailScanner_conf can't handle. IIRC, once I asked if there was a way to use something like 'include' in MailScanner.conf... at that time, I wanted to have most of MailScanner.conf in there and include a tiny file that I'd let a sysadmin edit... alas, that was not possible. Now I think it might be a good idea to have some include mechanism and break MailScanner.conf into different parts (I know... this can easily lead to a flame war about the parts, but anyway, here I go). I think that, for historical reasons, parts of the configuration that are somehow related are spread all over, and should be closer. I'd like to have all vulnerabilities processing options together, and near the virus scanner options, and the like... Do you think this might be possible?... I don't consider myself capable of re- writing the configuration processing engine, but if someone can do it, I'd be glad to throw some ideas... It'd be a good time to allow some kind of 'CustomOptions' that may allow to configure customizations in the config files and NOT within the CustomFunctions... Regards. -- Mariano Absatz El Baby ---------------------------------------------------------- Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -- Rich Cook -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Thu Apr 29 19:39:14 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:54 2006 Subject: MailScanner standalone startup script Message-ID: <409121A2.7854.42B4AEAE@localhost> Hi, in case someone is using the /etc/rc.d/init.d/MailScanner startup script I wrote for starting up only MailScanner (and not the MTA), that is at http://baby.com.ar/MailScanner/StartupScripts/MailScanner and is referenced from my instructions at http://MailScanner.info/install/zmailer.shtml I just made a small upgrade of the script that is completely backward- compatible. It is now easier to modify it if you move or rename your configuration files and/or directories. The PID File and Incoming Working Directory are now read directly from the configuration file, and it is easier to have multiple instances of MailScanner in the same machine (I sometimes have 2 on a userless gateway for processing with completely separated instances incoming and outgoing mail). Regards. -- Mariano Absatz El Baby ---------------------------------------------------------- Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a "methodology" or on a schedule. -- Damian Conway, Perl Guru -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Thu Apr 29 22:22:18 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:54 2006 Subject: Outlook sucks! Message-ID: <409147DA.24199.4349FBBC@localhost> Yes, I know the subject is no news to anyone... but, as a dual-mailer-user (Pegasus & Outlook 2000) I just discovered something I don't know how to solve, and I fear O2K users will come screaming if I enable 'attachment deliver' to them... I have to use O2K 'cause I have to access lots of large shared folders in a MS-Exchange 5.5 server. If I open them using Pegasus' IMAP client, it takes ages to load, so I use outlook and I can navigate them just fine. Every now and then I saw that the messages that MailScanner identified as spam (with 'attachment deliver' enabled, and using the $spamreport variable in the report), sometimes got all wrong, as if there wasn't newlines within the report. As I _never_ saw a report like that in Pegasus, I thought it might be an Exchange problem (Exchange really tries to mangle your messages). But I just discovered the problem was Outlook 2000 (I'm using version 9.0.0.6627). It seems that no matter what the message MIME headers say, if, within a 'multipart/report' it finds a _SINGLE_ html tag it knows within a text part, it just interprets ALL THE PART AS HTML!!!!!!!!!!!! Even when this particular part says it's 'text/plain'!!!! Does anyone know if there's a setting in Outlook2K to stop doing it???? -- Mariano Absatz El Baby ---------------------------------------------------------- If I held you any closer I would be on the other side of you. -- Groucho Marx -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ISLANDB.COM Fri Apr 30 03:06:59 2004 From: mailscanner at ISLANDB.COM (Brooks Weisblat) Date: Thu Jan 12 21:24:55 2006 Subject: Spam Actions Issue Message-ID: <16362.64.118.232.46.1083290819.squirrel@www.islandb.com> I have a couple of DNS blacklists enabled with the mailscanner.... When I just set: Spam Actions = forward trash@mydomain.com the spam gets tagged and is still delivered to the recipient.... when I set both: Spam Actions = forward trash@mydomain.com High Scoring Spam Actions = forward trash@mydomain.com the spam does get forwarded to the trash mailbox, but the message is scanned by spamassassin.... I don't want any extra load on the server, I just want to forward the messages that are tagged as spam by mailscanner to that box.... and not have the messages scanned by spamassassin... my spamassassin config is set to not use spamassassin..... thanks for any help.... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Apr 29 17:09:35 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:24:55 2006 Subject: burned by spamcop, how to whitelist sites from RBL's In-Reply-To: <00b001c42e00$8f1d0d20$813112d0@ISPMGR> Message-ID: <001601c42e04$5fa9d8d0$df00a8c0@alexlaptop> I know this would be somewhat OT, but would implementing reiserfs instead of, say, ext3, be faster overall? By how much? Depending on what? Thanks... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Youn Gonzales Sent: Thursday, April 29, 2004 10:42 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: burned by spamcop, how to whitelist sites from RBL's > That was the first thing I thought of. I stuck the IP number in my > access file, eg > > 139.140.14.83 OK > > This didn't work. Then I tried: > > Spam:bowdoin.edu FRIEND > We had the same results. According to the docs, the access file is supposed to override the RBL lookups, but it is buggy at best. Sometimes it works and sometimes it doesn't. We took most of the RBL lookups out of sendmail and stuck them in SpamAssassin and began tagging instead of blocking. To get the performance up on the relay servers, we switched to the reiser file system and put the temp dirs in ram, and setup a separate log server connected through a second nic. We are still looking for better ways to block at least some of the spam at the MTA level, but we are leaning towards throwing more and more processor power at the problem and sticking to tagging. Youn Gonzales System Administrator Comptia A+, Network+, INET+, Cisco CCNA/CCDA Certified Technician Microsoft Certified Professional Indifference can not but be criminal, when it is conversant about objects which are so far from being of an indifferent nature, that they are highest importance. --Addison. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 17:15:28 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:55 2006 Subject: OT: ext3 vs reiserfs vs ext2 Message-ID: Alex Neuman wrote: > I know this would be somewhat OT, but would implementing reiserfs instead > of, say, ext3, be faster overall? By how much? Depending on what? Hi, If it is OT, please do not reply to a message, create a new one and put "OT:" in the subject. To answer your question, I don't know the internals of these fs types, but I think that if you want the best performance, you should go with a non-journalled FS (ext2), especially if your machine is only a mail server and is protected by a ups and ups software. However, do you have put the work directory in tempfs (ramdisk)? This is probably a lot better than changing the fs type. hth Ugo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Apr 29 17:45:18 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:24:55 2006 Subject: ext3 vs reiserfs vs ext2 In-Reply-To: Message-ID: <001e01c42e09$5c21d140$df00a8c0@alexlaptop> True. Did that. On machines with gobs of RAM I've even considered putting other places on tmpfs - but yes, I do place the work directory in tempfs in most new installs unless the machine is underpowered (128mb ram, for example). -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Thursday, April 29, 2004 11:15 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: ext3 vs reiserfs vs ext2 Alex Neuman wrote: > I know this would be somewhat OT, but would implementing reiserfs instead > of, say, ext3, be faster overall? By how much? Depending on what? Hi, If it is OT, please do not reply to a message, create a new one and put "OT:" in the subject. To answer your question, I don't know the internals of these fs types, but I think that if you want the best performance, you should go with a non-journalled FS (ext2), especially if your machine is only a mail server and is protected by a ups and ups software. However, do you have put the work directory in tempfs (ramdisk)? This is probably a lot better than changing the fs type. hth Ugo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From christian.gerbrandt at GMX.NET Thu Apr 29 17:40:30 2004 From: christian.gerbrandt at GMX.NET (Christian Gerbrandt) Date: Thu Jan 12 21:24:55 2006 Subject: quarantine and deliver of spam Message-ID: <008301c42e08$afc7cee0$0c08a8c0@icezeit.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: qfi3TGR9p7027141 Type: application/octet-stream Size: 1593 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/9b12bca5/qfi3TGR9p7027141.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: dfi3TGR9p7027141 Type: application/octet-stream Size: 541 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/9b12bca5/dfi3TGR9p7027141.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: i3TGR9p5027141 Type: application/octet-stream Size: 1999 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/9b12bca5/i3TGR9p5027141.obj From raymond at PROLOCATION.NET Thu Apr 29 17:53:29 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:55 2006 Subject: quarantine and deliver of spam In-Reply-To: <008301c42e08$afc7cee0$0c08a8c0@icezeit.local> Message-ID: Hi! > 1. i use attachment store for spam actions and high scoring spam > actions, but i never get the spam as an attachment, > it will only be stored in the quarantine folder of mailscanner No deliver in your actions? Might be your problem.... Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssl at AHSC.ARIZONA.EDU Thu Apr 29 18:19:50 2004 From: ssl at AHSC.ARIZONA.EDU (shanna leonard) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? Message-ID: <40913936.4000205@ahsc.arizona.edu> Hi - I am wondering if there is an option in Mailscanner to allow me to get the full spamassassin report in a mail header even for messages which have *not* been marked as spam. currently I get a full report in headers only for messages which *are* marked as spam. -- ---- MHO --- shanna leonard arizona health sciences library 626-2923 ---------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Thu Apr 29 18:26:41 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? Message-ID: <91A5926EFF44D3118B1200104B7276EB02C56FD5@hart-exchange.hartwellcorp.com> shanna leonard wrote: > Hi - I am wondering if there is an option in Mailscanner to allow me > to get the full spamassassin report in a mail header even for messages > which have *not* been marked as spam. > > currently I get a full report in headers only for messages which *are* > marked as spam. Yes Shanna, it is. You need to actually *read* the MailScanner.conf file. The explanations included in it are extensive and are intended to answer questions such as these. The answer to your question in particular lies therein. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssl at AHSC.ARIZONA.EDU Thu Apr 29 18:45:05 2004 From: ssl at AHSC.ARIZONA.EDU (shanna leonard) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? In-Reply-To: <91A5926EFF44D3118B1200104B7276EB02C56FD5@hart-exchange.hartwellcorp.com> References: <91A5926EFF44D3118B1200104B7276EB02C56FD5@hart-exchange.hartwellcorp.com> Message-ID: <40913F21.1020706@ahsc.arizona.edu> wow. Incredibly helpful! thanks! Having just read through the conf file before sending the message, could someone maybe give me a teeny hint? Michael St. Laurent wrote: >shanna leonard wrote: > > >>Hi - I am wondering if there is an option in Mailscanner to allow me >>to get the full spamassassin report in a mail header even for messages >>which have *not* been marked as spam. >> >>currently I get a full report in headers only for messages which *are* >>marked as spam. >> >> > >Yes Shanna, it is. You need to actually *read* the MailScanner.conf file. >The explanations included in it are extensive and are intended to answer >questions such as these. The answer to your question in particular lies >therein. > >-- >Michael St. Laurent >Hartwell Corporation > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- ---- MHO --- shanna leonard arizona health sciences library 626-2923 ---------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/5d57634b/attachment.html From kevins at BMRB.CO.UK Thu Apr 29 18:47:46 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? In-Reply-To: <40913F21.1020706@ahsc.arizona.edu> References: <91A5926EFF44D3118B1200104B7276EB02C56FD5@hart-exchange.hartwellcorp.com> <40913F21.1020706@ahsc.arizona.edu> Message-ID: <1083260866.25900.2.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-29 at 18:45, shanna leonard wrote: > wow. Incredibly helpful! thanks! > > Having just read through the conf file before sending the message, > could someone maybe give me a teeny hint? So you want to Always Include SpamAssassin Report? Hope that helps. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kodak at FRONTIERHOMEMORTGAGE.COM Thu Apr 29 18:49:48 2004 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? In-Reply-To: <40913936.4000205@ahsc.arizona.edu> Message-ID: <006901c42e12$5d4a83b0$0501a8c0@darkside> >Hi - I am wondering if there is an option in Mailscanner to allow me to >get the full spamassassin report in a mail header even for messages >which have *not* been marked as spam. > >currently I get a full report in headers only for messages which *are* >marked as spam. >From my MailScanner.conf: # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = no HTH, --J(K) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssl at AHSC.ARIZONA.EDU Thu Apr 29 19:00:53 2004 From: ssl at AHSC.ARIZONA.EDU (shanna leonard) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? In-Reply-To: <1083260866.25900.2.camel@bach.kevinspicer.co.uk> References: <91A5926EFF44D3118B1200104B7276EB02C56FD5@hart-exchange.hartwellcorp.com> <40913F21.1020706@ahsc.arizona.edu> <1083260866.25900.2.camel@bach.kevinspicer.co.uk> Message-ID: <409142D5.5040804@ahsc.arizona.edu> Thanks. I was looking in the "changes to message headers" section..., where "Detailed Spam Report is set yes/no" so for anyone searching this list in the future: Always Include SpamAssassin Report = yes :) Kevin Spicer wrote: >On Thu, 2004-04-29 at 18:45, shanna leonard wrote: > > >>wow. Incredibly helpful! thanks! >> >>Having just read through the conf file before sending the message, >> could someone maybe give me a teeny hint? >> >> > >So you want to Always Include SpamAssassin >Report? > >Hope that helps. > > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- ---- MHO --- shanna leonard arizona health sciences library 626-2923 ---------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/75dac32b/attachment.html From ugob at CAMO-ROUTE.COM Thu Apr 29 18:48:01 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? In-Reply-To: <40913F21.1020706@ahsc.arizona.edu> References: <91A5926EFF44D3118B1200104B7276EB02C56FD5@hart-exchange.hartwellcorp.com> <40913F21.1020706@ahsc.arizona.edu> Message-ID: shanna leonard wrote: > wow. Incredibly helpful! thanks! > > Having just read through the conf file before sending the message, > could someone maybe give me a teeny hint? You might want to try: Log Non Spam = yes I agree that one wan't really obvious. We sometimes forget how big MailScanner.conf is :). But I undertsand Michael, there is many people that come here and post to the list without making an effort. It looks it wasn't your case. Sorry. Hope this helps. > > > Michael St. Laurent wrote: > >>shanna leonard wrote: >> >> >>>Hi - I am wondering if there is an option in Mailscanner to allow me >>>to get the full spamassassin report in a mail header even for messages >>>which have *not* been marked as spam. >>> >>>currently I get a full report in headers only for messages which *are* >>>marked as spam. >>> >>> >> >>Yes Shanna, it is. You need to actually *read* the MailScanner.conf file. >>The explanations included in it are extensive and are intended to answer >>questions such as these. The answer to your question in particular lies >>therein. >> >>-- >>Michael St. Laurent >>Hartwell Corporation >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > > -- > ---- > MHO > --- > shanna leonard > arizona health sciences library > 626-2923 > ---------------------------------- > > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further > info about MailScanner, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 18:58:32 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? In-Reply-To: <409142D5.5040804@ahsc.arizona.edu> References: <91A5926EFF44D3118B1200104B7276EB02C56FD5@hart-exchange.hartwellcorp.com> <40913F21.1020706@ahsc.arizona.edu> <1083260866.25900.2.camel@bach.kevinspicer.co.uk> <409142D5.5040804@ahsc.arizona.edu> Message-ID: shanna leonard wrote: > Thanks. I was looking in the "changes to message headers" section..., where > > "Detailed Spam Report is set yes/no" > > so for anyone searching this list in the future: > > Always Include SpamAssassin Report = yes oops, I guess I was wrong. Sorry... :( > > :) > > > Kevin Spicer wrote: > >>On Thu, 2004-04-29 at 18:45, shanna leonard wrote: >> >> >>>wow. Incredibly helpful! thanks! >>> >>>Having just read through the conf file before sending the message, >>> could someone maybe give me a teeny hint? >>> >>> >> >>So you want to Always Include SpamAssassin >>Report? >> >>Hope that helps. >> >> >> >> >>BMRB International >>http://www.bmrb.co.uk >>+44 (0)20 8566 5000 >>_________________________________________________________________ >>This message (and any attachment) is intended only for the >>recipient and may contain confidential and/or privileged >>material. If you have received this in error, please contact the >>sender and delete this message immediately. Disclosure, copying >>or other action taken in respect of this email or in >>reliance on it is prohibited. BMRB International Limited >>accepts no liability in relation to any personal emails, or >>content of any email which does not directly relate to our >>business. >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > > -- > ---- > MHO > --- > shanna leonard > arizona health sciences library > 626-2923 > ---------------------------------- > > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further > info about MailScanner, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Thu Apr 29 19:21:32 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:24:55 2006 Subject: New installation, maillog question Message-ID: <20040429182120.RPQQ12066.tomts45-srv.bellnexxia.net@ronniepc> Hi, Im running mailscanner 4.29.7-1. When I restart mailscanner, I notice the following line in /var/log/maillog: Apr 29 11:47:25 filter MailScanner[10012]: Using Custom Function file /usr/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm I have read through the file, and, would like to get a better understanding as to what its purpose is, is it necessary, how I can modify it, what are the benefits to it, and just anything other piece of info anyone might have. Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. ronnie@daslweb.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Thu Apr 29 19:24:28 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? Message-ID: <91A5926EFF44D3118B1200104B7276EB02C56FD9@hart-exchange.hartwellcorp.com> shanna leonard wrote: > wow. Incredibly helpful! thanks! Sarcasm noted. ;-D > Having just read through the conf file before sending the message, > could someone maybe give me a teeny hint? When asking for help on a really busy list (like this one) it's a good idea to tell people that you've already made an effort to find the information on your own. Otherwise they may assume that you have not. Especially when the file is as well documented as MailScanner.conf. No offense was intended and so I hope none was taken. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From zabriskw at ITECH.NET Thu Apr 29 19:28:58 2004 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:24:55 2006 Subject: SpamAssassin Score / Domain Message-ID: <000a01c42e17$d7244360$0c02a8c0@itech.dom> Is anyone aware of a way to have a required SA score of 5, but for one domain, and only 1 domain, bump it up to 6? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/8b442d49/attachment.html From kevins at BMRB.CO.UK Thu Apr 29 19:30:30 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: New installation, maillog question In-Reply-To: <20040429182120.RPQQ12066.tomts45-srv.bellnexxia.net@ronniepc> References: <20040429182120.RPQQ12066.tomts45-srv.bellnexxia.net@ronniepc> Message-ID: <1083263430.25904.10.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-29 at 19:21, Ronnie Regev wrote: > Hi, > Im running mailscanner 4.29.7-1. When I restart mailscanner, I notice the > following line in /var/log/maillog: > Apr 29 11:47:25 filter MailScanner[10012]: Using Custom Function file > /usr/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm > > I have read through the file, and, would like to get a better understanding > as to what its purpose is, is it necessary, how I can modify it, what are > the benefits to it, and just anything other piece of info anyone might have. Its purpose is to serve as an example to anyone thinking of implementing their own custom functions. MailScanner scans this directory and loads all the .pm files it finds. Custom functions can be used in the configuration file anywhere a ruleset is acceptable (see the comments at the top of the conf file), this makes it possible to vastly expand the configurability without having to add all sorts of strange extra options. You can create your own custom functions based on the MyExample.pm template (given the necessary perl skills) or by using any of the several available that other folks have written. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Apr 29 19:33:21 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:24:55 2006 Subject: SpamAssassin Score / Domain In-Reply-To: <000a01c42e17$d7244360$0c02a8c0@itech.dom> Message-ID: <000301c42e18$755a6e10$2b00a8c0@alexlaptop> Use a ruleset when implementing the required score. Ruleset could look like: FromorTo: default 5 To: specialdomain.com 6 Right? # This replaces the SpamAssassin configuration value 'required_hits'. # If a message achieves a SpamAssassin score higher than this value, # it is spam. See also the High SpamAssassin Score configuration option. # This can also be the filename of a ruleset, so the SpamAssassin # required_hits value can be set to different values for different messages. Required SpamAssassin Score = 4 # If a message achieves a SpamAssassin score higher than this value, # then the "High Scoring Spam Actions" are used. You may want to use # this to deliver moderate scores, while deleting very high scoring messsages. # This can also be the filename of a ruleset. High SpamAssassin Score = 8 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kris Zabriskie Sent: Thursday, April 29, 2004 1:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: SpamAssassin Score / Domain Is anyone aware of a way to have a required SA score of 5, but for one domain, and only 1 domain, bump it up to 6? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Thu Apr 29 19:39:16 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:24:55 2006 Subject: SpamAssassin Score / Domain Message-ID: <91A5926EFF44D3118B1200104B7276EB02C56FDA@hart-exchange.hartwellcorp.com> Kris Zabriskie wrote: > Is anyone aware of a way to have a required SA score of 5, but for > one domain, and only 1 domain, bump it up to 6? # This replaces the SpamAssassin configuration value 'required_hits'. # If a message achieves a SpamAssassin score higher than this value, # it is spam. See also the High SpamAssassin Score configuration option. # This can also be the filename of a ruleset, so the SpamAssassin # required_hits value can be set to different values for different messages. Required SpamAssassin Score = 4 The option is capable of accepting the filename of a ruleset. Create a ruleset to return a 6 for the domain in question and a default value of 5 for everyone else. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Thu Apr 29 19:41:18 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner.conf size (was Re: Full spamassassin report in he ader?) Message-ID: <91A5926EFF44D3118B1200104B7276EB02C56FDB@hart-exchange.hartwellcorp.com> > Now I think it might be a good idea to have some include mechanism > and break MailScanner.conf into different parts (I know... this can > easily lead to a flame war about the parts, but anyway, here I go). Breaking it into parts may only make it even harder to understand. No flames intended. ;-D -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From zabriskw at ITECH.NET Thu Apr 29 19:40:20 2004 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:24:55 2006 Subject: SpamAssassin Score / Domain References: <91A5926EFF44D3118B1200104B7276EB02C56FDA@hart-exchange.hartwellcorp.com> Message-ID: <001901c42e19$6d068360$0c02a8c0@itech.dom> OK. Can someone point me to an example of how to create a ruleset? Thanks for everyones help. ----- Original Message ----- From: "Michael St. Laurent" To: Sent: Thursday, April 29, 2004 2:39 PM Subject: Re: SpamAssassin Score / Domain > Kris Zabriskie wrote: > > Is anyone aware of a way to have a required SA score of 5, but for > > one domain, and only 1 domain, bump it up to 6? > > # This replaces the SpamAssassin configuration value 'required_hits'. > # If a message achieves a SpamAssassin score higher than this value, > # it is spam. See also the High SpamAssassin Score configuration option. > # This can also be the filename of a ruleset, so the SpamAssassin > # required_hits value can be set to different values for different messages. > Required SpamAssassin Score = 4 > > The option is capable of accepting the filename of a ruleset. Create a > ruleset to return a 6 for the domain in question and a default value of 5 > for everyone else. > > -- > Michael St. Laurent > Hartwell Corporation > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From zabriskw at ITECH.NET Thu Apr 29 19:42:06 2004 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:24:55 2006 Subject: SpamAssassin Score / Domain References: <91A5926EFF44D3118B1200104B7276EB02C56FDA@hart-exchange.hartwellcorp.com> <001901c42e19$6d068360$0c02a8c0@itech.dom> Message-ID: <001d01c42e19$ac0befa0$0c02a8c0@itech.dom> Nevermind.. I found it on the website. Thanks everyone for your help! ----- Original Message ----- From: "Kris Zabriskie" To: Sent: Thursday, April 29, 2004 2:40 PM Subject: Re: SpamAssassin Score / Domain > OK. Can someone point me to an example of how to create a ruleset? Thanks > for everyones help. > > > ----- Original Message ----- > From: "Michael St. Laurent" > To: > Sent: Thursday, April 29, 2004 2:39 PM > Subject: Re: SpamAssassin Score / Domain > > > > Kris Zabriskie wrote: > > > Is anyone aware of a way to have a required SA score of 5, but for > > > one domain, and only 1 domain, bump it up to 6? > > > > # This replaces the SpamAssassin configuration value 'required_hits'. > > # If a message achieves a SpamAssassin score higher than this value, > > # it is spam. See also the High SpamAssassin Score configuration option. > > # This can also be the filename of a ruleset, so the SpamAssassin > > # required_hits value can be set to different values for different > messages. > > Required SpamAssassin Score = 4 > > > > The option is capable of accepting the filename of a ruleset. Create a > > ruleset to return a 6 for the domain in question and a default value of 5 > > for everyone else. > > > > -- > > Michael St. Laurent > > Hartwell Corporation > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > For further info about MailScanner, please see the Most Asked > > Questions at http://www.mailscanner.biz/maq/ and the archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Apr 29 19:50:01 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner.conf size (was Re: Full spamassassin report in header?) In-Reply-To: <4091202A.3001.42AEEF77@localhost> References: <40913F21.1020706@ahsc.arizona.edu> <4091202A.3001.42AEEF77@localhost> Message-ID: Mariano Absatz wrote: > El 29 Apr 2004 a las 13:48, Ugo Bellavance escribi?: > > >>I agree that one wan't really obvious. We sometimes forget how big >>MailScanner.conf is :). >> >>But I undertsand Michael, there is many people that come here and post >>to the list without making an effort. It looks it wasn't your case. Sorry. >> > > > Hi, > > I think we reached a point where MailScanner.conf is a complete beast... > Julian is so kind to add every little thing we ask for, that a file I once > read and was able to understand about 80% of it being a newbie, is now really > tiresome to browse and find something, even if I'm no longer a newbie. > > I know that because I prefer not to use 'upgrade_MailScanner_conf', or run it > on a copy of MailScanner.conf and then manually check the settings, > especially the new ones... I re-read Julian's comments every now and then > 'cause they're also upgraded, even on old settings, and that is something > upgrade_MailScanner_conf can't handle. > > IIRC, once I asked if there was a way to use something like 'include' in > MailScanner.conf... at that time, I wanted to have most of MailScanner.conf > in there and include a tiny file that I'd let a sysadmin edit... alas, that > was not possible. > > Now I think it might be a good idea to have some include mechanism and break > MailScanner.conf into different parts (I know... this can easily lead to a > flame war about the parts, but anyway, here I go). Hmmm. As long as it is not a default setting,I agree on the fact that it might be nice for some people. However, it might make support harder if you don't have the settings in the same file as other people. > > I think that, for historical reasons, parts of the configuration that are > somehow related are spread all over, and should be closer. I do agree on this one, I think it should be done before your 1st suggestion. > > I'd like to have all vulnerabilities processing options together, and near > the virus scanner options, and the like... > > Do you think this might be possible?... I don't consider myself capable of re- > writing the configuration processing engine, but if someone can do it, I'd be > glad to throw some ideas... It'd be a good time to allow some kind of > 'CustomOptions' that may allow to configure customizations in the config > files and NOT within the CustomFunctions... > > Regards. > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > Programming today is a race between software engineers striving > to build bigger and better idiot-proof programs, and the Universe > trying to produce bigger and better idiots. So far, the Universe > is winning. > -- Rich Cook > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Thu Apr 29 20:33:43 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner.conf size References: <40913F21.1020706@ahsc.arizona.edu> <4091202A.3001.42AEEF77@localhost> Message-ID: <005a01c42e20$e1f9eb60$a301a8c0@cnpapers.net> I, for one, would like to see a table of all of the configuration options, along with a short description of what each does, and how and if other options affect that option. (Much like that one that Mr. Field provided for the Allow .... Tags section in the recent MailScanner.conf file). Now I realize that the file itself is very informational, but it has grown very large. Most options do not affect others and could stand alone as far as affecting other options. This table (perhaps a web page somewhere) would allow for easy changes as new options become available, thus making the conf file stand as is. By being able to scan options without the comments above them (which sometimes hides the option itself) and seeing what it controls, one could scan the conf file and read the comments for a better explanation. Just my 2 pennies on the street. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Thursday, April 29, 2004 2:50 PM Subject: Re: MailScanner.conf size (was Re: Full spamassassin report in header?) Mariano Absatz wrote: > El 29 Apr 2004 a las 13:48, Ugo Bellavance escribi?: > > >>I agree that one wan't really obvious. We sometimes forget how big >>MailScanner.conf is :). >> >>But I undertsand Michael, there is many people that come here and post >>to the list without making an effort. It looks it wasn't your case. Sorry. >> > > > Hi, > > I think we reached a point where MailScanner.conf is a complete beast... > Julian is so kind to add every little thing we ask for, that a file I once > read and was able to understand about 80% of it being a newbie, is now really > tiresome to browse and find something, even if I'm no longer a newbie. > > I know that because I prefer not to use 'upgrade_MailScanner_conf', or run it > on a copy of MailScanner.conf and then manually check the settings, > especially the new ones... I re-read Julian's comments every now and then > 'cause they're also upgraded, even on old settings, and that is something > upgrade_MailScanner_conf can't handle. > > IIRC, once I asked if there was a way to use something like 'include' in > MailScanner.conf... at that time, I wanted to have most of MailScanner.conf > in there and include a tiny file that I'd let a sysadmin edit... alas, that > was not possible. > > Now I think it might be a good idea to have some include mechanism and break > MailScanner.conf into different parts (I know... this can easily lead to a > flame war about the parts, but anyway, here I go). Hmmm. As long as it is not a default setting,I agree on the fact that it might be nice for some people. However, it might make support harder if you don't have the settings in the same file as other people. > > I think that, for historical reasons, parts of the configuration that are > somehow related are spread all over, and should be closer. I do agree on this one, I think it should be done before your 1st suggestion. > > I'd like to have all vulnerabilities processing options together, and near > the virus scanner options, and the like... > > Do you think this might be possible?... I don't consider myself capable of re- > writing the configuration processing engine, but if someone can do it, I'd be > glad to throw some ideas... It'd be a good time to allow some kind of > 'CustomOptions' that may allow to configure customizations in the config > files and NOT within the CustomFunctions... > > Regards. > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > Programming today is a race between software engineers striving > to build bigger and better idiot-proof programs, and the Universe > trying to produce bigger and better idiots. So far, the Universe > is winning. > -- Rich Cook > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Thu Apr 29 20:54:55 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:24:55 2006 Subject: Bayes Rebuild confirmation? Message-ID: <008601c42e23$d86be820$a301a8c0@cnpapers.net> I am running 4.29.7-1 on a RH 7.3 Sendmail box. After following most of the Bayes rebuilding threads, I find I am confused by my log files and files in my bayes directory. Can someone confirm this is proper and that bayes rebuilding is functional in this release? I have in my MS.conf file the following two options Rebuild Bayes Every = 86400 Wait During Bayes Rebuild = yes and in spam.assassin.prefs.conf bayes_auto_expire 0 Are the bayes_toks.expire files below normal? They seem a little old to me. Are they related to rebuild or normal updating of bayes? What causes them to remain behind? Log entries: Apr 25 16:12:46 kanawha MailScanner[11070]: Bayes database rebuild is due Apr 25 16:12:49 kanawha MailScanner[11070]: SpamAssassin Bayes database rebuild pr eparing Apr 25 16:12:49 kanawha MailScanner[11070]: SpamAssassin Bayes database rebuild st arting Apr 25 16:16:13 kanawha MailScanner[11070]: SpamAssassin Bayes database rebuild co mpleted Apr 25 16:16:13 kanawha MailScanner[11070]: Rebuilding SpamAssassin Bayes database Apr 26 16:16:33 kanawha MailScanner[2689]: Bayes database rebuild is due Apr 26 16:16:36 kanawha MailScanner[2689]: SpamAssassin Bayes database rebuild pre paring Apr 26 16:16:36 kanawha MailScanner[2689]: SpamAssassin Bayes database rebuild sta rting Apr 26 16:17:37 kanawha MailScanner[2689]: SpamAssassin Bayes database rebuild com pleted Apr 26 16:17:37 kanawha MailScanner[2689]: Rebuilding SpamAssassin Bayes database Apr 27 16:19:30 kanawha MailScanner[29228]: Bayes database rebuild is due Apr 27 16:19:32 kanawha MailScanner[29228]: SpamAssassin Bayes database rebuild pr eparing Apr 27 16:19:33 kanawha MailScanner[29228]: SpamAssassin Bayes database rebuild st arting Apr 27 16:21:40 kanawha MailScanner[29228]: SpamAssassin Bayes database rebuild co mpleted Apr 27 16:21:40 kanawha MailScanner[29228]: Rebuilding SpamAssassin Bayes database Apr 28 16:23:39 kanawha MailScanner[11717]: Bayes database rebuild is due Apr 28 16:23:41 kanawha MailScanner[11717]: SpamAssassin Bayes database rebuild pr eparing Apr 28 16:23:41 kanawha MailScanner[11717]: SpamAssassin Bayes database rebuild st arting Apr 28 16:24:37 kanawha MailScanner[11717]: SpamAssassin Bayes database rebuild co mpleted Apr 28 16:24:37 kanawha MailScanner[11717]: Rebuilding SpamAssassin Bayes database Files in bayes directory: -rw-rw---- 1 root apache 109284 Apr 29 15:39 bayes_journal -rw-rw---- 1 root apache 43425792 Apr 29 15:39 bayes_seen -rw-rw---- 1 root apache 10559488 Apr 29 15:39 bayes_toks -rw-rw---- 1 root apache 12288 Apr 25 18:16 bayes_toks.expire12437 -rw-rw---- 1 root apache 532480 Apr 25 18:27 bayes_toks.expire15561 -rw-rw---- 1 root apache 12288 Apr 27 18:53 bayes_toks.expire15697 -rw-rw---- 1 root apache 270336 Apr 25 18:33 bayes_toks.expire17012 -rw-rw---- 1 root apache 270336 Apr 25 16:56 bayes_toks.expire23163 -rw-rw---- 1 root apache 1056768 Apr 25 17:07 bayes_toks.expire25747 -rw-rw---- 1 root apache 532480 Apr 25 17:44 bayes_toks.expire3858 -rw-rw---- 1 root apache 2387968 Apr 25 17:50 bayes_toks.expire5076 -rw-rw---- 1 root apache 12288 Apr 24 16:27 bayes_toks.expire838 -rw-rw---- 1 root apache 532480 Apr 25 20:04 bayes_toks.expire9958 Thanks for any help? Steve Campbell campbell@cnpapers.com Charleston Newspapers -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jase at SENSIS.COM Thu Apr 29 21:01:19 2004 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:24:55 2006 Subject: Bayes Rebuild confirmation? Message-ID: This is similar to what I see in my logs. I think the "Rebuilding SpamAssassin Bayes database" message is wrong, and should indicate that the rebuilding is complete. Jase Stephe Campbell wrote: > I am running 4.29.7-1 on a RH 7.3 Sendmail box. After following most > of the Bayes rebuilding threads, I find I am confused by my log files > and files in my bayes directory. Can someone confirm this is proper > and that bayes rebuilding is functional in this release? > > I have in my MS.conf file the following two options > Rebuild Bayes Every = 86400 > Wait During Bayes Rebuild = yes > > and in spam.assassin.prefs.conf > bayes_auto_expire 0 > > Are the bayes_toks.expire files below normal? They seem a little old > to me. Are they related to rebuild or normal updating of bayes? What > causes them to remain behind? > > Log entries: > Apr 25 16:12:46 kanawha MailScanner[11070]: Bayes database rebuild is > due Apr 25 16:12:49 kanawha MailScanner[11070]: SpamAssassin Bayes > database rebuild pr > eparing > Apr 25 16:12:49 kanawha MailScanner[11070]: SpamAssassin Bayes > database rebuild st > arting > Apr 25 16:16:13 kanawha MailScanner[11070]: SpamAssassin Bayes > database rebuild co > mpleted > Apr 25 16:16:13 kanawha MailScanner[11070]: Rebuilding SpamAssassin > Bayes database > > Apr 26 16:16:33 kanawha MailScanner[2689]: Bayes database rebuild is > due Apr 26 16:16:36 kanawha MailScanner[2689]: SpamAssassin Bayes > database rebuild pre > paring > Apr 26 16:16:36 kanawha MailScanner[2689]: SpamAssassin Bayes database > rebuild sta > rting > Apr 26 16:17:37 kanawha MailScanner[2689]: SpamAssassin Bayes database > rebuild com > pleted > Apr 26 16:17:37 kanawha MailScanner[2689]: Rebuilding SpamAssassin > Bayes database > Apr 27 16:19:30 kanawha MailScanner[29228]: Bayes database rebuild is > due Apr 27 16:19:32 kanawha MailScanner[29228]: SpamAssassin Bayes > database rebuild pr > eparing > Apr 27 16:19:33 kanawha MailScanner[29228]: SpamAssassin Bayes > database rebuild st > arting > Apr 27 16:21:40 kanawha MailScanner[29228]: SpamAssassin Bayes > database rebuild co > mpleted > Apr 27 16:21:40 kanawha MailScanner[29228]: Rebuilding SpamAssassin > Bayes database > > Apr 28 16:23:39 kanawha MailScanner[11717]: Bayes database rebuild is > due Apr 28 16:23:41 kanawha MailScanner[11717]: SpamAssassin Bayes > database rebuild pr > eparing > Apr 28 16:23:41 kanawha MailScanner[11717]: SpamAssassin Bayes > database rebuild st > arting > Apr 28 16:24:37 kanawha MailScanner[11717]: SpamAssassin Bayes > database rebuild co > mpleted > Apr 28 16:24:37 kanawha MailScanner[11717]: Rebuilding SpamAssassin > Bayes database > > > Files in bayes directory: > -rw-rw---- 1 root apache 109284 Apr 29 15:39 bayes_journal > -rw-rw---- 1 root apache 43425792 Apr 29 15:39 bayes_seen > -rw-rw---- 1 root apache 10559488 Apr 29 15:39 bayes_toks > -rw-rw---- 1 root apache 12288 Apr 25 18:16 > bayes_toks.expire12437 > -rw-rw---- 1 root apache 532480 Apr 25 18:27 > bayes_toks.expire15561 > -rw-rw---- 1 root apache 12288 Apr 27 18:53 > bayes_toks.expire15697 > -rw-rw---- 1 root apache 270336 Apr 25 18:33 > bayes_toks.expire17012 > -rw-rw---- 1 root apache 270336 Apr 25 16:56 > bayes_toks.expire23163 > -rw-rw---- 1 root apache 1056768 Apr 25 17:07 > bayes_toks.expire25747 > -rw-rw---- 1 root apache 532480 Apr 25 17:44 > bayes_toks.expire3858 > -rw-rw---- 1 root apache 2387968 Apr 25 17:50 > bayes_toks.expire5076 > -rw-rw---- 1 root apache 12288 Apr 24 16:27 > bayes_toks.expire838 > -rw-rw---- 1 root apache 532480 Apr 25 20:04 > bayes_toks.expire9958 > > Thanks for any help? > > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Thu Apr 29 21:11:24 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner-MRTG users, a question In-Reply-To: <1083184869.22764.122.camel@bach.kevinspicer.co.uk> References: <1083184869.22764.122.camel@bach.kevinspicer.co.uk> Message-ID: <1083269484.25908.19.camel@bach.kevinspicer.co.uk> Thanks to those that replied, as I suspected I haven't found a single snmpd that has diskio support compiled in by default, therefore I'm not going to be able to to add disk IO monitoring unless someone finds some magic way that I've not thought of to get disk IO stats for a 5 minute period that is portable accross Linux, Solaris and *BSD. However I do have another favour to ask, could someone with a dual processor machine please send me the output of... snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 For safetys sake it would also be handy if someone could send me the output of that command on a Xeon system (see how snmp copes with hyperthreading!) Thanks again Kevin BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu Apr 29 21:16:26 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:55 2006 Subject: Dealing with 'Pharmacy' emails... Message-ID: <5.2.1.1.0.20040429131352.00a94b98@pop.courtesymortgage.com> Been testing my configuration here pretty thoroughly lately. The last one I just did, I sent a piece of email that I just received that had the contents of all these pills that you can buy; viagra, vicodin, xanax etc... I sent the sucker through and it did not get tagged as spam. Right now, im trying to tweak my rules to make sure stuff like this does get tagged as spam. I have d/l the anti-drug.cf rules from the SA emporium and placed them in /usr/local/etc/mail/spamassassin directory (FreeBSD here)... Anything else anyone can think of to get rid of this crud? If im posting on the wrong list I apologize. Everyone here is very helpful and very 'cool' sorta speak. I appreciate the help. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lou.baccari at HP.COM Thu Apr 29 21:16:50 2004 From: lou.baccari at HP.COM (Baccari, Lou) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner-MRTG users, a question Message-ID: Your output from a dual processor: [root@toad13 ~]# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 UCD-SNMP-MIB::ssIndex.0 = INTEGER: 1 UCD-SNMP-MIB::ssErrorName.0 = STRING: systemStats UCD-SNMP-MIB::ssSwapIn.0 = INTEGER: 0 UCD-SNMP-MIB::ssSwapOut.0 = INTEGER: 1 UCD-SNMP-MIB::ssIOSent.0 = INTEGER: 7 UCD-SNMP-MIB::ssIOReceive.0 = INTEGER: 4 UCD-SNMP-MIB::ssSysInterrupts.0 = INTEGER: 9 UCD-SNMP-MIB::ssSysContext.0 = INTEGER: 8 UCD-SNMP-MIB::ssCpuUser.0 = INTEGER: 1 UCD-SNMP-MIB::ssCpuSystem.0 = INTEGER: 1 UCD-SNMP-MIB::ssCpuIdle.0 = INTEGER: 97 UCD-SNMP-MIB::ssCpuRawUser.0 = Counter32: 4860294 UCD-SNMP-MIB::ssCpuRawNice.0 = Counter32: 4594 UCD-SNMP-MIB::ssCpuRawSystem.0 = Counter32: 5109425 UCD-SNMP-MIB::ssCpuRawIdle.0 = Counter32: 405137018 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Kevin Spicer Sent: Thursday, April 29, 2004 4:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner-MRTG users, a question Thanks to those that replied, as I suspected I haven't found a single snmpd that has diskio support compiled in by default, therefore I'm not going to be able to to add disk IO monitoring unless someone finds some magic way that I've not thought of to get disk IO stats for a 5 minute period that is portable accross Linux, Solaris and *BSD. However I do have another favour to ask, could someone with a dual processor machine please send me the output of... snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 For safetys sake it would also be handy if someone could send me the output of that command on a Xeon system (see how snmp copes with hyperthreading!) Thanks again Kevin BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Thu Apr 29 21:33:50 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner-MRTG users, a question In-Reply-To: References: Message-ID: <1083270830.25908.39.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-29 at 21:16, Baccari, Lou wrote: > Your output from a dual processor: > UCD-SNMP-MIB::ssCpuRawUser.0 = Counter32: 4860294 > UCD-SNMP-MIB::ssCpuRawNice.0 = Counter32: 4594 > UCD-SNMP-MIB::ssCpuRawSystem.0 = Counter32: 5109425 > UCD-SNMP-MIB::ssCpuRawIdle.0 = Counter32: 405137018 Thanks Lou, looks like it combines all CPU stats into one (which saves me some work). It just struck me (while updating some docs) that I'd not even considered that it might do something different on a multi CPU system, looks like my fears were unfounded. Ta. Kevin BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From hywel at BURRIS.ORG.UK Thu Apr 29 21:42:15 2004 From: hywel at BURRIS.ORG.UK (Hywel Burris) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner-MRTG users, a question In-Reply-To: <1083269484.25908.19.camel@bach.kevinspicer.co.uk> Message-ID: <200404292042.i3TKgRFY018995@mail.burris.org.uk> [root@mail-2 root]# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 UCD-SNMP-MIB::ssIndex.0 = INTEGER: 1 UCD-SNMP-MIB::ssErrorName.0 = STRING: systemStats UCD-SNMP-MIB::ssSwapIn.0 = INTEGER: 0 UCD-SNMP-MIB::ssSwapOut.0 = INTEGER: 0 UCD-SNMP-MIB::ssIOSent.0 = INTEGER: 0 UCD-SNMP-MIB::ssIOReceive.0 = INTEGER: 2 UCD-SNMP-MIB::ssSysInterrupts.0 = INTEGER: 1 UCD-SNMP-MIB::ssSysContext.0 = INTEGER: 2 UCD-SNMP-MIB::ssCpuUser.0 = INTEGER: 0 UCD-SNMP-MIB::ssCpuSystem.0 = INTEGER: 0 UCD-SNMP-MIB::ssCpuIdle.0 = INTEGER: 98 UCD-SNMP-MIB::ssCpuRawUser.0 = Counter32: 13026249 UCD-SNMP-MIB::ssCpuRawNice.0 = Counter32: 2873465 UCD-SNMP-MIB::ssCpuRawSystem.0 = Counter32: 5064801 UCD-SNMP-MIB::ssCpuRawIdle.0 = Counter32: 1773210397 UCD-SNMP-MIB::ssRawInterrupts.0 = Counter32: 482094089 UCD-SNMP-MIB::ssRawContexts.0 = Counter32: 164517313 IBM X335 dual 2.4Xeon -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer Sent: 29 April 2004 21:11 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner-MRTG users, a question Thanks to those that replied, as I suspected I haven't found a single snmpd that has diskio support compiled in by default, therefore I'm not going to be able to to add disk IO monitoring unless someone finds some magic way that I've not thought of to get disk IO stats for a 5 minute period that is portable accross Linux, Solaris and *BSD. However I do have another favour to ask, could someone with a dual processor machine please send me the output of... snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 For safetys sake it would also be handy if someone could send me the output of that command on a Xeon system (see how snmp copes with hyperthreading!) Thanks again Kevin BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3028 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/498eb280/smime.bin From jwilliams at COURTESYMORTGAGE.COM Thu Apr 29 21:58:45 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:55 2006 Subject: Dealing with 'Pharmacy' emails... In-Reply-To: <5.2.1.1.0.20040429131352.00a94b98@pop.courtesymortgage.com > Message-ID: <5.2.1.1.0.20040429135348.00b19810@pop.courtesymortgage.com> Thought i'd post a few things that I came across to help solve my situation. Since im running FreeBSD, instead of most files and directories being in /etc/, mine are in /usr/local/etc... Now, I put the anti-drug.cf file that I got from the SA emporium and dropped it into /usr/local/etc/mail/spamassassin. I'm pretty sure that is the correct place to .cf files... Now, after running spamsassasin -D --lint as well as spamassassin -D -p /usr/local/etc/Mailscanner/spam.assassin.prefs.conf Obviously, two different results, but my thinking is that I may be missing something, that I need to setup in spamassassin to get it to find the .cf rules. I'm looking through the FAQ and MAQ right now, but thought i'd post what i've found out so far. I appreciate the help. Jason >Been testing my configuration here pretty thoroughly lately. The last one I >just did, I sent a piece of email that I just received that had the >contents of all these pills that you can buy; viagra, vicodin, xanax etc... > >I sent the sucker through and it did not get tagged as spam. >Right now, im trying to tweak my rules to make sure stuff like this does >get tagged as spam. > >I have d/l the anti-drug.cf rules from the SA emporium and placed them in >/usr/local/etc/mail/spamassassin directory (FreeBSD here)... > >Anything else anyone can think of to get rid of this crud? >If im posting on the wrong list I apologize. Everyone here is very helpful >and very 'cool' sorta speak. > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Thu Apr 29 22:10:09 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:55 2006 Subject: Dealing with 'Pharmacy' emails... In-Reply-To: <5.2.1.1.0.20040429135348.00b19810@pop.courtesymortgage.com> References: <5.2.1.1.0.20040429135348.00b19810@pop.courtesymortgage.com> Message-ID: <40916F31.9080201@ucgbook.com> Jason Williams wrote: > Obviously, two different results, but my thinking is that I may be missing > something, that I need to setup in spamassassin to get it to find the .cf > rules. If you run this: # spamassassin -D --lint It will list the directories it will search for cf-files. debug: using "/usr/share/spamassassin" for default rules dir debug: using "/etc/mail/spamassassin" for site rules dir debug: using "/root/.spamassassin" for user state dir The above are the usual ones. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu Apr 29 22:18:27 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:55 2006 Subject: Dealing with 'Pharmacy' emails...SOLVED In-Reply-To: <5.2.1.1.0.20040429135348.00b19810@pop.courtesymortgage.com > References: <5.2.1.1.0.20040429131352.00a94b98@pop.courtesymortgage.com > Message-ID: <5.2.1.1.0.20040429141551.00ac12b8@pop.courtesymortgage.com> Problem solved...easy one really. :/ SpamAssassin Site Rules Dir = was blank.. put in SpamAssassin Site Rules Dir = /usr/local/etc/mail/spamassassin Sent a test message through (specifically checking the antidrug.cf rule set) *snip* SpamAssassin (score=6.051, required 5, DRUGS_ANXIETY 0.01, DRUGS_ANXIETY_EREC 1.00, DRUGS_DIET 0.01, DRUGS_DIET_EREC 1.00, DRUGS_DIET_PAIN 0.50, DRUGS_ERECTILE 1.00, DRUGS_MANYKINDS 1.00, DRUGS_MUSCLE 0.01, DRUGS_PAIN 0.01, DRUGS_PAIN_EREC 1.00, DRUGS_SLEEP 0.01, DRUGS_SLEEP_EREC 0.50, HTML_MESSAGE 0.00) Which leads to a different question: Let's say you have a whole bunch of custome rule sets. Is there way to track which ruleset blocked specific emails? This way, you can gauge which SA rule set is working better/harder than others... Thanks! Jason >Thought i'd post a few things that I came across to help solve my situation. > >Since im running FreeBSD, instead of most files and directories being in >/etc/, mine are in /usr/local/etc... > >Now, I put the anti-drug.cf file that I got from the SA emporium and >dropped it into /usr/local/etc/mail/spamassassin. I'm pretty sure that is >the correct place to .cf files... > >Now, after running spamsassasin -D --lint as well as spamassassin -D -p >/usr/local/etc/Mailscanner/spam.assassin.prefs.conf > >Obviously, two different results, but my thinking is that I may be missing >something, that I need to setup in spamassassin to get it to find the .cf >rules. > >I'm looking through the FAQ and MAQ right now, but thought i'd post what >i've found out so far. > >I appreciate the help. > >Jason > >>Been testing my configuration here pretty thoroughly lately. The last one I >>just did, I sent a piece of email that I just received that had the >>contents of all these pills that you can buy; viagra, vicodin, xanax etc... >> >>I sent the sucker through and it did not get tagged as spam. >>Right now, im trying to tweak my rules to make sure stuff like this does >>get tagged as spam. >> >>I have d/l the anti-drug.cf rules from the SA emporium and placed them in >>/usr/local/etc/mail/spamassassin directory (FreeBSD here)... >> >>Anything else anyone can think of to get rid of this crud? >>If im posting on the wrong list I apologize. Everyone here is very helpful >>and very 'cool' sorta speak. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Thu Apr 29 22:17:59 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: MailScanner-MRTG users, a question In-Reply-To: <200404292042.i3TKgRFY018995@mail.burris.org.uk> References: <200404292042.i3TKgRFY018995@mail.burris.org.uk> Message-ID: <1083273479.25903.41.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-29 at 21:42, Hywel Burris wrote: > [root@mail-2 root]# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 > UCD-SNMP-MIB::ssIndex.0 = INTEGER: 1 etc. Thanks, most reassuring! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Thu Apr 29 22:45:42 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: Outlook sucks! In-Reply-To: <409147DA.24199.4349FBBC@localhost> References: <409147DA.24199.4349FBBC@localhost> Message-ID: <1083275142.25903.57.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-29 at 22:22, Mariano Absatz wrote: > Does anyone know if there's a setting in Outlook2K to stop doing it???? I bet there isn't (I can't find one anyway). Why would you want to anyway, its there to help you, Microsoft knows best. The easiest answer is to remove the longspamreport variable (but I guess you don't want to do that?) It probably wouldn't be hard (with recourse to the code) to run the longspamreport past an RE to strip < and >. In fact I think adding the following line to Message.pm $salongreport =~ s/>| Ran the instructions listed on: http://www.sng.ecs.soton.ac.uk/mailscanner/install/ClamAVModule.shtml Things go bad with: cpan> install Mail::ClamAV **********************Begin Output********************** Starting Build Compile Stage Starting "perl Makefile.PL" Stage Writing Makefile for Mail::ClamAV Finished "perl Makefile.PL" Stage Starting "make" Stage make[1]: Entering directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.3/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/root/.cpan/build/Mail-ClamAV-0.08 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386 -mcpu=i686 -DVERSION=\"0.08\" -DXS_VERSION=\"0.08\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" ClamAV.c Running Mkbootstrap for Mail::ClamAV () chmod 644 ClamAV.bs rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so LD_RUN_PATH="/usr/lib:/usr/local/lib" gcc -shared -L/usr/local/lib ClamAV.o -o blib/arch/auto/Mail/ClamAV/ClamAV.so -lz -lbz2 -lgmp -lpthread -lclamav /usr/bin/ld: cannot find -lbz2 collect2: ld returned 1 exit status make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1 make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 150 BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 429. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 /usr/bin/make -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible **********************End Output********************** Fedora Core 1 x86. Installed Binary RPM version of ClamAV. Have "Yum"med All Packages. No clue how to proceed. Thanks! Thad -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040429/914095ef/attachment.html From kevins at BMRB.CO.UK Thu Apr 29 23:25:39 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: ClamAV.pm won't "make" In-Reply-To: <003501c42e34$4f67b430$1efea8c0@slam> References: <003501c42e34$4f67b430$1efea8c0@slam> Message-ID: <1083277538.25904.61.camel@bach.kevinspicer.co.uk> On Thu, 2004-04-29 at 22:52, Thad A. Thompson wrote: > /usr/bin/ld: cannot find -lbz2 You need libbz2 installed (specifically the development headers for it) Assuming you have an rpm based distro you probably need an rpm like libbz2-devel (possibly bzip2-devel) I'm guessing the names, but hopefully you get the idea. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Thu Apr 29 23:36:24 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:55 2006 Subject: Dealing with 'Pharmacy' emails...SOLVED In-Reply-To: <5.2.1.1.0.20040429141551.00ac12b8@pop.courtesymortgage.com> Message-ID: <200404292231.i3TMVPVf025563@monitor.blacknight.ie> You can see from the log entries which rulesets are blocking what. From using a lot of custom rulesets I don't think you will find a silver bullet solution - you need to run a combination. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams Sent: 29 April 2004 22:18 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Dealing with 'Pharmacy' emails...SOLVED Problem solved...easy one really. :/ SpamAssassin Site Rules Dir = was blank.. put in SpamAssassin Site Rules Dir = /usr/local/etc/mail/spamassassin Sent a test message through (specifically checking the antidrug.cf rule set) *snip* SpamAssassin (score=6.051, required 5, DRUGS_ANXIETY 0.01, DRUGS_ANXIETY_EREC 1.00, DRUGS_DIET 0.01, DRUGS_DIET_EREC 1.00, DRUGS_DIET_PAIN 0.50, DRUGS_ERECTILE 1.00, DRUGS_MANYKINDS 1.00, DRUGS_MUSCLE 0.01, DRUGS_PAIN 0.01, DRUGS_PAIN_EREC 1.00, DRUGS_SLEEP 0.01, DRUGS_SLEEP_EREC 0.50, HTML_MESSAGE 0.00) Which leads to a different question: Let's say you have a whole bunch of custome rule sets. Is there way to track which ruleset blocked specific emails? This way, you can gauge which SA rule set is working better/harder than others... Thanks! Jason >Thought i'd post a few things that I came across to help solve my situation. > >Since im running FreeBSD, instead of most files and directories being in >/etc/, mine are in /usr/local/etc... > >Now, I put the anti-drug.cf file that I got from the SA emporium and >dropped it into /usr/local/etc/mail/spamassassin. I'm pretty sure that is >the correct place to .cf files... > >Now, after running spamsassasin -D --lint as well as spamassassin -D -p >/usr/local/etc/Mailscanner/spam.assassin.prefs.conf > >Obviously, two different results, but my thinking is that I may be missing >something, that I need to setup in spamassassin to get it to find the .cf >rules. > >I'm looking through the FAQ and MAQ right now, but thought i'd post what >i've found out so far. > >I appreciate the help. > >Jason > >>Been testing my configuration here pretty thoroughly lately. The last one I >>just did, I sent a piece of email that I just received that had the >>contents of all these pills that you can buy; viagra, vicodin, xanax etc... >> >>I sent the sucker through and it did not get tagged as spam. >>Right now, im trying to tweak my rules to make sure stuff like this does >>get tagged as spam. >> >>I have d/l the anti-drug.cf rules from the SA emporium and placed them in >>/usr/local/etc/mail/spamassassin directory (FreeBSD here)... >> >>Anything else anyone can think of to get rid of this crud? >>If im posting on the wrong list I apologize. Everyone here is very helpful >>and very 'cool' sorta speak. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Apr 30 01:39:09 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:55 2006 Subject: How to know what rules got the most spam Message-ID: > Which leads to a different question: > > Let's say you have a whole bunch of custome rule sets. Is there way to > track which ruleset blocked specific emails? It it pretty easy in mailwatch. There is even a report of the % of the rules hit... > This way, you can gauge which > SA rule set is working better/harder than others... > > Thanks! > > Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Fri Apr 30 02:40:00 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:24:55 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <409111AD.3020200@marinocrane.com> Message-ID: <200404300139.i3U1dww02409@mx1.mailsecurity.net.au> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ryan Pitt > Sent: Friday, 30 April 2004 12:31 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem With PDF Files - SOLVED > > Wow, this now fixes the issue I have been having with certain pdfs. > It is odd to note that it wasnt ALL pdfs that were being broken by the > (now discovered) inline message. > We actually narrowed it down yesterday to PDFs being created/printed > from the latest version of QuickBooks with the latest version of Acrobat > Professional V6.01. FWIW - I think this should be registered as a bug, as Kevin Mentioned the message signing breaks a few things that users consider normal email features. Items I'm aware of: Outlook Read Reciepts Outlook Meeting Requests Outlook PDF attachments Being that Outlook is here to stay, I think that this is a reasonable bug request. Cheers! David Hooton Senior Partner Platform Networks www.platformnetworks.net ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Apr 30 03:23:40 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:55 2006 Subject: Spam Actions Issue In-Reply-To: <16362.64.118.232.46.1083290819.squirrel@www.islandb.com> References: <16362.64.118.232.46.1083290819.squirrel@www.islandb.com> Message-ID: Brooks Weisblat wrote: > I have a couple of DNS blacklists enabled with the mailscanner.... > > When I just set: > > Spam Actions = forward trash@mydomain.com > > the spam gets tagged and is still delivered to the recipient.... > > > when I set both: > > Spam Actions = forward trash@mydomain.com > High Scoring Spam Actions = forward trash@mydomain.com > > the spam does get forwarded to the trash mailbox, but the message is > scanned by spamassassin.... > > I don't want any extra load on the server, I just want to forward the > messages that are tagged as spam by mailscanner to that box.... and not > have the messages scanned by spamassassin... Tagged as spam by mailscanner, you mean with the DNSBL? Make sure this setting is at no. Check SpamAssassin If On Spam List = no > > my spamassassin config is set to not use spamassassin..... Hmmm. Pretty weird. So you've got Use SpamAssassin = no ? No rulesets? Are you sure you're not running spamassassin, spamd or spamc independently from MailScanner? > > thanks for any help.... > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From thad at THADCO.COM Fri Apr 30 04:59:58 2004 From: thad at THADCO.COM (Thad A. Thompson) Date: Thu Jan 12 21:24:55 2006 Subject: ClamAV.pm won't "make" In-Reply-To: <1083277538.25904.61.camel@bach.kevinspicer.co.uk> Message-ID: <008e01c42e67$9d8c8e00$1efea8c0@slam> Kevin, Thanks for the suggestion. It led me to do a little checking and to find that I already had the proper lib installed: [root@krell thad]# rpm -q bzip2-libs-1.0.2-10 bzip2-libs-1.0.2-10 [root@krell thad]# rpm -q bzip2 bzip2-1.0.2-10 I even did a package refresh and an ldconfig just to make sure, but still no go on install Mail::ClamAV.pm. So as a work-around, I went to the Make directory: /root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV And edited the Makefile by removing all the references to -lbz2. This allowed me to Make and Install from within the directory. Not really sure if that was the right thing to do or not, but I got no errors. That was basically the last step before actually trying MailScanner, so I gave it a go. Unfortunately, I could neither send nor receive mail after that. MailScanner did fire up without any errors, but nothing would go in or out. At this point I have temporarily given up and gone back to plain sendmail. I will have to go with the milter daemon of clam unless someone has a further suggestion. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Fri Apr 30 06:48:48 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:24:55 2006 Subject: ClamAV.pm won't "make" In-Reply-To: <008e01c42e67$9d8c8e00$1efea8c0@slam> Message-ID: <200404300548.i3U5moAH016867@avwall.bladeware.com> I had the same problem last night. You *do* need to install the -devel rpm for bz2. After installing that, my new ClamAV compiled without a hitch. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Thad A. Thompson > Sent: Thursday, April 29, 2004 11:00 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV.pm won't "make" > > Kevin, > > Thanks for the suggestion. It led me to do a little checking > and to find that I already had the proper lib installed: > > [root@krell thad]# rpm -q bzip2-libs-1.0.2-10 > bzip2-libs-1.0.2-10 [root@krell thad]# rpm -q bzip2 bzip2-1.0.2-10 > > I even did a package refresh and an ldconfig just to make > sure, but still no go on install Mail::ClamAV.pm. So as a > work-around, I went to the Make > directory: > > /root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV > > And edited the Makefile by removing all the references to -lbz2. > > This allowed me to Make and Install from within the > directory. Not really sure if that was the right thing to do > or not, but I got no errors. That was basically the last step > before actually trying MailScanner, so I gave it a go. > > Unfortunately, I could neither send nor receive mail after > that. MailScanner did fire up without any errors, but nothing > would go in or out. At this point I have temporarily given up > and gone back to plain sendmail. I will have to go with the > milter daemon of clam unless someone has a further suggestion. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Fri Apr 30 08:00:26 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:55 2006 Subject: ClamAV.pm won't "make" In-Reply-To: <008e01c42e67$9d8c8e00$1efea8c0@slam> References: <008e01c42e67$9d8c8e00$1efea8c0@slam> Message-ID: <1083308425.25904.74.camel@bach.kevinspicer.co.uk> On Fri, 2004-04-30 at 04:59, Thad A. Thompson wrote: > And edited the Makefile by removing all the references to -lbz2. > > This allowed me to Make and Install from within the directory. Not really > sure if that was the right thing to do or not, but I got no errors. No, that was the wrong thing to do. You've compiled a binary that will attempt to call functions it is not linked against. > I will > have to go with the milter daemon of clam unless someone has a further > suggestion. Two further suggestions... 1) You don't need to use the clamavmodule, you can just use the plain clamav commandline program (by setting Virus Scanners = clamav), the performance isn't vastly worse (not like the Sophos / SAVI difference) and you get the benefit of being able to use external unpackers which I don't think the module does (although I could be wrong on that last point) 2) You should be able to compile okay if you actually install the -devel rpm. The {libname} rpm only contains the dynamic libs neded by programs at runtime, the {libname}-devel rpm contains the header files needed to compile/link programs and static libraries in case you need to compile a statically linked binary. You must have the {libname}-devel package installed for any library you need to link against. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri Apr 30 08:49:53 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:55 2006 Subject: Dealing with 'Pharmacy' emails... Message-ID: On Thursday, April 29, 2004 11:10 PM Peter Bonivart wrote: > It will list the directories it will search for cf-files. > > debug: using "/usr/share/spamassassin" for default rules dir > debug: using "/etc/mail/spamassassin" for site rules dir > debug: using "/root/.spamassassin" for user state dir > > The above are the usual ones. Not on FreeBSD. On FreeBSD it should read debug: using "/usr/local/share/spamassassin" for default rules dir debug: using "/usr/local/etc/mail/spamassassin" for site rules dir debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file Jason: You should put all your additional rule-files in /usr/local/etc/mail/spamassassin, restart MailScanner and that's it. Works here like a charm. If it does not work for you please check your MailScanner settings: SpamAssassin Site Rules Dir SpamAssassin Local Rules Dir If you are using the MailScanner FreeBSD port, those settings should have the correct location automatically. Regards, Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer / COO -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri Apr 30 09:28:07 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:24:55 2006 Subject: Full spamassassin report in header? Message-ID: On Thursday, April 29, 2004 7:59 PM Ugo Bellavance wrote: >> Always Include SpamAssassin Report = yes > > oops, I guess I was wrong. Sorry... :( > Happens. I do not want to sound rude but lately I see more and more full quotes etc. here. It took me a few seconds to actually find your comment Ugo in all the quoting. :-) Would it be possible for us all to pay a bit more attention to quoting etc.? The mailing list is full enough as it is and hard to follow. I hate to say it but Julian the god himself also tends to full quote mails in order to add one or two lines at the bottom... *g* Kind regards, JP PS: I am curious how many bombs I might have triggered now... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Apr 30 08:59:38 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:55 2006 Subject: SweepViruses.pm: minor patch to 4.29.7, for 4.30 In-Reply-To: References: Message-ID: <6.0.1.1.2.20040430085832.03efd340@imap.ecs.soton.ac.uk> You can't do that without changing the parser. You got away with it as you also mistakenly changed the separator from ":: " to "::" so it didn't pick up your change. I'll fix it for you and put it in 4.30. At 15:32 29/04/2004, you wrote: >Julian, > >Attached is a minor "diff -c" patch to /lib/MailScanner/SweepViruses.pm. >The purpose of the patch is to change the syslog output for ClamAVmodule >and SophosSAVI from: > >MailScanner[29668]: INFECTED:: W32/Bagle-AA:: (pathname) >MailScanner[29668]: INFECTED:: Worm.Bagle.Z:: (pathname) > >to: > >MailScanner[24988]: INFECTED::SophosSAVI:: W32/Bagle-AA:: (pathname) >MailScanner[24988]: INFECTED::ClamAVModule:: Worm.Bagle.Z:: (pathname) > >I would like to know which anti-virus engine caused the syslog, since >I have perl scripts that track this stuff on a daily basis and >different engines call the same virus by different names. > >Could this be rolled into the 4.30 version? > >This may also be applicable to other anti-virus engine logging that >doesn't operate by way of perl APIs (I don't use any, so can't test). > >Jeff Earickson >Colby College > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >For further info about MailScanner, please see the Most Asked >Questions at http://www.mailscanner.biz/maq/ and the archives >at http://www.jiscmail.ac.uk/lists/mailscanner.html > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pmb1 at YORK.AC.UK Fri Apr 30 10:23:33 2004 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:24:55 2006 Subject: [URGENT] How to intercept a copy of virus-infected message? Message-ID: Greetings - I believe our site is being copies of a virus (probably Bagle-X or a variant) that Sophos Anti-Virus is not identifying. At present the messages are only being blocked because we have MailScanner configured not to allow attachments with filename suffixes such as ".hta" etc. Sophos (the company!) have asked me to grab a couple of these messages and send them in for analysis. Plese could someone quickly explain how to configure MailScanner (4.29.3) to intercept such a message: ideally forwarding it to a specific e-mail address or, second choice, to quarantine its Sendmail queue files? Ideally I guess I'd just like to intercept messages which are being blocked because they are failing the filename based checks; I'm not particularly interested in getting the ones infected with known viruses because, well, Sophos Anti-Virus already knows them! :-} With many thanks, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Fri Apr 30 10:36:17 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:55 2006 Subject: [URGENT] How to intercept a copy of virus-infected message? In-Reply-To: References: Message-ID: <40921E11.4020704@solid-state-logic.com> Mike I quarantine this sort of stuff, Quarantine Dir = /var/spool/MailScanner/quarantine Quarantine Infections = yes # Do you want to quarantine the original *entire* message as well as # just the infected attachments? # This can also be the filename of a ruleset. Quarantine Whole Message = yes # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = yes # Where to send the notices. # This can also be the filename of a ruleset. Notices To = postmaster@mydomain in mailscanner.conf then I zip up the files with passwd protection and send them off to Sophos support. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mike Brudenell wrote: > Greetings - > > I believe our site is being copies of a virus (probably Bagle-X or a > variant) that Sophos Anti-Virus is not identifying. At present the > messages are only being blocked because we have MailScanner configured not > to allow attachments with filename suffixes such as ".hta" etc. > > Sophos (the company!) have asked me to grab a couple of these messages and > send them in for analysis. > > Plese could someone quickly explain how to configure MailScanner (4.29.3) > to intercept such a message: ideally forwarding it to a specific e-mail > address or, second choice, to quarantine its Sendmail queue files? > > Ideally I guess I'd just like to intercept messages which are being blocked > because they are failing the filename based checks; I'm not particularly > interested in getting the ones infected with known viruses because, well, > Sophos Anti-Virus already knows them! :-} > > With many thanks, > > Mike B-) > > -- > The Computing Service, University of York, Heslington, York Yo10 5DD, UK > Tel:+44-1904-433811 FAX:+44-1904-433740 > > * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From confirm-s2-yaMTSlIn0FzO7w85YRBceoN6VlU-mailscanner=ecs.soton.ac.uk at yahoogroups.com Fri Apr 30 12:12:43 2004 From: confirm-s2-yaMTSlIn0FzO7w85YRBceoN6VlU-mailscanner=ecs.soton.ac.uk at yahoogroups.com (Yahoo! Groups) Date: Thu Jan 12 21:24:55 2006 Subject: Please confirm your request to join Cash4You Message-ID: <1083323563.56.72648.m25@yahoogroups.com> Hello mailscanner@ecs.soton.ac.uk, We have received your request to join the Cash4You group hosted by Yahoo! Groups, a free, easy-to-use community service. This request will expire in 7 days. TO BECOME A MEMBER OF THE GROUP: 1) Go to the Yahoo! Groups site by clicking on this link: http://groups.yahoo.com/i?i=yaMTSlIn0FzO7w85YRBceoN6VlU&e=mailscanner%40ecs%2Esoton%2Eac%2Euk (If clicking doesn't work, "Cut" and "Paste" the line above into your Web browser's address bar.) -OR- 2) REPLY to this email by clicking "Reply" and then "Send" in your email program If you did not request, or do not want, a membership in the Cash4You group, please accept our apologies and ignore this message. Regards, Yahoo! Groups Customer Care Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ From michele at BLACKNIGHTSOLUTIONS.COM Fri Apr 30 12:55:36 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:55 2006 Subject: OT: tao Linux Message-ID: <200404301150.i3UBocJa015486@monitor.blacknight.ie> After speaking to a couple of users we were interested in trialing this on a server or two, however the US mirrors are painfully slow for us in Ireland. I spoke to one of the local mirror providers about setting up a mirror for TAO, but they need an rsync target. Has anyone got any information on this? I already tried on the Tao list, but my query was completely ignored Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From info at VILLAGE-NET.AT Fri Apr 30 12:58:34 2004 From: info at VILLAGE-NET.AT (Rudolf Kliemstein) Date: Thu Jan 12 21:24:56 2006 Subject: Whitelist on relaying only mailserver References: <200404292310.i3TNAPuu021876@server.kabelkom.at> Message-ID: <023301c42eaa$76cd98c0$1e00a8c0@pc2> Hi all, like to do the following. Mail -----> Mail and Spam checking Mail-Server -----> Customer Mailserver Everything working fine, just one issue. Can anyone think of a solution to whitelisting on the checking mailserver? i can add to the global mailscanner whitelist file but i would like to give my customer access to a file where he can put whitelist emails for the whole domain. Thx Rudi -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliam at KCR.UKY.EDU Fri Apr 30 13:14:16 2004 From: jwilliam at KCR.UKY.EDU (John Williams) Date: Thu Jan 12 21:24:56 2006 Subject: MailScanner-MRTG users, a question In-Reply-To: <1083269484.25908.19.camel@bach.kevinspicer.co.uk> References: <1083184869.22764.122.camel@bach.kevinspicer.co.uk> <1083269484.25908.19.camel@bach.kevinspicer.co.uk> Message-ID: <6.0.0.22.2.20040430081213.01b94430@mail.kcr.uky.edu> >However I do have another favour to ask, could someone with a dual >processor machine please send me the output of... > >snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 > >For safetys sake it would also be handy if someone could send me the >output of that command on a Xeon system (see how snmp copes with >hyperthreading!) On a Xeon 3.06GHz with hyperthreading enabled. root@mail:~# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.11 UCD-SNMP-MIB::ssIndex.0 = INTEGER: 1 UCD-SNMP-MIB::ssErrorName.0 = STRING: systemStats UCD-SNMP-MIB::ssSwapIn.0 = INTEGER: 0 UCD-SNMP-MIB::ssSwapOut.0 = INTEGER: 0 UCD-SNMP-MIB::ssIOSent.0 = INTEGER: 3 UCD-SNMP-MIB::ssIOReceive.0 = INTEGER: 6 UCD-SNMP-MIB::ssSysInterrupts.0 = INTEGER: 2 UCD-SNMP-MIB::ssSysContext.0 = INTEGER: 3 UCD-SNMP-MIB::ssCpuUser.0 = INTEGER: 1 UCD-SNMP-MIB::ssCpuSystem.0 = INTEGER: 0 UCD-SNMP-MIB::ssCpuIdle.0 = INTEGER: 97 UCD-SNMP-MIB::ssCpuRawUser.0 = Counter32: 5110441 UCD-SNMP-MIB::ssCpuRawNice.0 = Counter32: 2863 UCD-SNMP-MIB::ssCpuRawSystem.0 = Counter32: 519653 UCD-SNMP-MIB::ssCpuRawIdle.0 = Counter32: 266317023 HTH John --Statement of Confidentiality-- This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Thank you. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Apr 30 13:08:22 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:56 2006 Subject: Whitelist on relaying only mailserver In-Reply-To: <023301c42eaa$76cd98c0$1e00a8c0@pc2> References: <200404292310.i3TNAPuu021876@server.kabelkom.at> <023301c42eaa$76cd98c0$1e00a8c0@pc2> Message-ID: Rudolf Kliemstein wrote: > Hi all, > > like to do the following. > > Mail -----> Mail and Spam checking Mail-Server -----> Customer Mailserver > > Everything working fine, just one issue. > > Can anyone think of a solution to whitelisting on the checking mailserver? > i can add to the global mailscanner whitelist file but i would like to give > my customer access to a file where he can put whitelist emails for the whole > domain. http://sourceforge.net/projects/phplistadmin/ Never tried it, but it says it does what you want to do, I think. Ugo > > Thx > > > Rudi > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Apr 30 13:10:41 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:56 2006 Subject: OT: tao Linux In-Reply-To: <200404301150.i3UBocJa015486@monitor.blacknight.ie> References: <200404301150.i3UBocJa015486@monitor.blacknight.ie> Message-ID: Michele Neylon :: Blacknight Solutions wrote: > After speaking to a couple of users we were interested in trialing this on a > server or two, however the US mirrors are painfully slow for us in Ireland. > I spoke to one of the local mirror providers about setting up a mirror for > TAO, but they need an rsync target. > Has anyone got any information on this? > I already tried on the Tao list, but my query was completely ignored Hmmm, weird. I'm downloading @ 300 KB/s right now (which is about the max I can get from my connection). How about if I d/l the isos, burn them and send them to you by mail? Ugo > > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Fri Apr 30 13:52:23 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:24:56 2006 Subject: tao Linux In-Reply-To: <200404301150.i3UBocJa015486@monitor.blacknight.ie> Message-ID: <20040430125225.7915E21C2AD@mail.fsl.com> Michele, > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michele Neylon :: Blacknight Solutions > Sent: Friday, April 30, 2004 7:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: tao Linux > > After speaking to a couple of users we were interested in trialing this on > a > server or two, however the US mirrors are painfully slow for us in > Ireland. I just finished a MailScanner, SpamAssassin and MailWatch install on a Tao Linux server. The yum updater made it dead easy to install missing required pieces of the operating system. You might also look at http://www.whiteboxlinux.org/. I've heard reports that this site and list are more responsive. Also appear to have mirrors closer to you. They don't have a network install available but once you have the images - who cares. One nice feature of both distros is that they include MySQL which is missing from the RH 3.0 release. > I spoke to one of the local mirror providers about setting up a mirror for > TAO, but they need an rsync target. > Has anyone got any information on this? You might try to see if and rsync server is listening on port 873 on their download server. It's possible that the have one running without a password :). > I already tried on the Tao list, but my query was completely ignored > I've heard rumors that the site in not very responsive. > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Apr 30 13:58:40 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:56 2006 Subject: OT: Re: tao Linux In-Reply-To: <20040430125225.7915E21C2AD@mail.fsl.com> References: <200404301150.i3UBocJa015486@monitor.blacknight.ie> <20040430125225.7915E21C2AD@mail.fsl.com> Message-ID: Stephen Swaney wrote: > >>I already tried on the Tao list, but my query was completely ignored >> > > > I've heard rumors that the site in not very responsive. > > I asked a question yesterday to the list and I got an answer within a reasonable amount of time. Ugo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Fri Apr 30 14:15:29 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:24:56 2006 Subject: tao Linux In-Reply-To: Message-ID: <20040430131530.C568E21C2AD@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Friday, April 30, 2004 8:59 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Re: tao Linux > > Stephen Swaney wrote: > > > > >>I already tried on the Tao list, but my query was completely ignored > >> > > > > > > I've heard rumors that the site in not very responsive. > > > > > > I asked a question yesterday to the list and I got an answer within a > reasonable amount of time. > Glad to hear that as I like the Distribution. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri Apr 30 14:16:14 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:56 2006 Subject: OT: tao Linux In-Reply-To: Message-ID: <200404301311.i3UDBKJa014379@monitor.blacknight.ie> Ugo If you could it would be fantastic :) We spoke to heanet about setting up an Irish mirror for TAO and they would be more than happy to do so if they could find a rsync target... Stephen We've been using whitebox on a number of our servers for the last couple of months, but it was your recommendation of Tao that inspired me Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: 30 April 2004 13:11 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] OT: tao Linux Michele Neylon :: Blacknight Solutions wrote: > After speaking to a couple of users we were interested in trialing this on a > server or two, however the US mirrors are painfully slow for us in Ireland. > I spoke to one of the local mirror providers about setting up a mirror for > TAO, but they need an rsync target. > Has anyone got any information on this? > I already tried on the Tao list, but my query was completely ignored Hmmm, weird. I'm downloading @ 300 KB/s right now (which is about the max I can get from my connection). How about if I d/l the isos, burn them and send them to you by mail? Ugo > > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Fri Apr 30 14:21:35 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:56 2006 Subject: OT: tao Linux In-Reply-To: <200404301311.i3UDBKJa014379@monitor.blacknight.ie> Message-ID: Hi Michelle, > We spoke to heanet about setting up an Irish mirror for TAO and they would > be more than happy to do so if they could find a rsync target... You could try: ftp://master.dto.tudelft.nl/pub/Linux/ftp.taolinux.org/ The first 3 CDs are there and the rest is comming in. You should be able to get ok speeds there. Hope that helps. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From yoloits at YCOE.ORG Fri Apr 30 14:27:18 2004 From: yoloits at YCOE.ORG (yoloits) Date: Thu Jan 12 21:24:56 2006 Subject: How to allow scripts in HTML Message-ID: <003a01c42eb6$f0acf990$98021bac@ycoe.org> Where is the setting in MailScanner so I can allow scripts in HTML? I recieve the following message from MailScanner MailScanner: Found a script in HTML message Thanks Jay -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040430/4ad672ed/attachment.html From steve.swaney at FSL.COM Fri Apr 30 14:27:54 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:24:56 2006 Subject: OT: tao Linux In-Reply-To: <200404301311.i3UDBKJa014379@monitor.blacknight.ie> Message-ID: <20040430132755.5ADCC21C2AD@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michele Neylon :: Blacknight Solutions > Sent: Friday, April 30, 2004 9:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: tao Linux > > Ugo > > If you could it would be fantastic :) > > We spoke to heanet about setting up an Irish mirror for TAO and they would > be more than happy to do so if they could find a rsync target... > > Stephen > > We've been using whitebox on a number of our servers for the last couple > of > months, but it was your recommendation of Tao that inspired me Michele, I'm still very happy with TAO Linux. Very easy to work with and update. I've also installed and had good success with the whiteboxlinux distro. It's hard to choose between them. Isn't it nice to have two good alternatives? Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > Michele > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Fri Apr 30 14:36:59 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:56 2006 Subject: How to allow scripts in HTML In-Reply-To: <003a01c42eb6$f0acf990$98021bac@ycoe.org> References: <003a01c42eb6$f0acf990$98021bac@ycoe.org> Message-ID: <4092567B.3050802@eatathome.com.au> yoloits wrote: > Where is the setting in MailScanner so I can allow scripts in HTML? > > I recieve the following message from MailScanner > > MailScanner: Found a script in HTML message > > Thanks > > Jay > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before > posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html read /etc/MailScanner/MailScanner.conf or search for the wor d"script" inside that file -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri Apr 30 14:52:30 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:56 2006 Subject: OT: tao Linux In-Reply-To: Message-ID: <200404301347.i3UDlUJa010655@monitor.blacknight.ie> Raymond That's a very handy link :) Do you have any details on how they setup the mirror or who to contact? Setting up a second European mirror would be fantastic. Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn Sent: 30 April 2004 14:22 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] OT: tao Linux Hi Michelle, > We spoke to heanet about setting up an Irish mirror for TAO and they would > be more than happy to do so if they could find a rsync target... You could try: ftp://master.dto.tudelft.nl/pub/Linux/ftp.taolinux.org/ The first 3 CDs are there and the rest is comming in. You should be able to get ok speeds there. Hope that helps. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Fri Apr 30 14:55:20 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:56 2006 Subject: OT: tao Linux In-Reply-To: <200404301347.i3UDlUJa010655@monitor.blacknight.ie> Message-ID: Hi! > That's a very handy link :) > Do you have any details on how they setup the mirror or who to contact? > Setting up a second European mirror would be fantastic. I have no idea, will send them a mail, we could also put them on out public ftp server... > ftp://master.dto.tudelft.nl/pub/Linux/ftp.taolinux.org/ > > The first 3 CDs are there and the rest is comming in. > You should be able to get ok speeds there. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marco at MUW.EDU Fri Apr 30 15:24:15 2004 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:24:56 2006 Subject: tao Linux In-Reply-To: <20040430125225.7915E21C2AD@mail.fsl.com> References: <20040430125225.7915E21C2AD@mail.fsl.com> Message-ID: <1083335055.4092618f186b7@webmail.MUW.Edu> Hi Stephen, Quoting Stephen Swaney : > One nice feature of both distros is that they include MySQL which is missing > from the RH 3.0 release. I may have misunderstood your statement above, but mysql-server *is* available for RH 3.0. It is on the "Extras" channel of RHEL. Marco -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robv at DISASTER.COM Fri Apr 30 15:24:55 2004 From: robv at DISASTER.COM (Vicchiullo, Rob) Date: Thu Jan 12 21:24:56 2006 Subject: Help with queue backup Message-ID: <8BD06A60242B4341B8919A4AC958C1D0181BC2@busted.dandd.com> OK specs first Sun E220 with 4 455 sparc processors and 2 gigs of ram. We get roughly 70k-90k emails a day. My problem is this, in the most days in the morning I get a storm of emails come through all at once. That puts my inbound queue to around 2500. Once this happens MailScanner never catches up. The inbound queue then rises until I have to manually go in and move files over to the outbound queue. This is obviously unacceptable. I have tried all the common things like lower child, raising child. I have Spamassassin off right now because when that is turned on my load go crazy (that is another problem, but this is more important). Any ideas would be appreciated. I love Mailscanner but I can't see having to manually clear my queue ever morning. Rob -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Fri Apr 30 15:33:05 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:56 2006 Subject: Help with queue backup In-Reply-To: <8BD06A60242B4341B8919A4AC958C1D0181BC2@busted.dandd.com> References: <8BD06A60242B4341B8919A4AC958C1D0181BC2@busted.dandd.com> Message-ID: <409263A1.1070502@solid-state-logic.com> Rob have you got the mailscanner tmp file on a ram disk? have you got the /var/log mounted with noatime and the MTA queue dirs on a journalised filesystem? have you lowered this setting low enough? # If more messages are found in the queue than this, then switch to an # "accelerated" mode of processing messages. This will cause it to stop # scanning messages in strict date order, but in the order it finds them # in the queue. If your queue is bigger than this size a lot of the time, # then some messages could be greatly delayed. So treat this option as # "in emergency only". Max Normal Queue Size = 1000 have you looked tried installing and runing the SEtoolkit (www.setoolkit.com?) and running the virtual_adrian.se set to see if there is any obvious O/S stuff you can tune? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Vicchiullo, Rob wrote: > OK specs first > Sun E220 with 4 455 sparc processors and 2 gigs of ram. > We get roughly 70k-90k emails a day. > > My problem is this, in the most days in the morning I get a storm of > emails come through all at once. > That puts my inbound queue to around 2500. Once this happens MailScanner > never catches up. The inbound queue then rises until I have to manually > go in and move files over to the outbound queue. This is obviously > unacceptable. > I have tried all the common things like lower child, raising child. > I have Spamassassin off right now because when that is turned on my load > go crazy (that is another problem, but this is more important). > Any ideas would be appreciated. > I love Mailscanner but I can't see having to manually clear my queue > ever morning. > > Rob > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Fri Apr 30 15:46:03 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:56 2006 Subject: Help with queue backup In-Reply-To: <8BD06A60242B4341B8919A4AC958C1D0181BC2@busted.dandd.com> References: <8BD06A60242B4341B8919A4AC958C1D0181BC2@busted.dandd.com> Message-ID: Hi, First, I would figure out where the tsunami of email is coming from, and why. I would consider using the ConnectionRateThrottle setting in sendmail (if you use sendmail) to control the inbound email rate. The IPBlock CustomConfig feature of MailScanner can also throttle things in more drastic fashion too. This assumes that the tsunami comes from one or a few sources. And, of course, tune MailScanner. See MAQ 9: http://www.mailscanner.biz/maq/#optimize You may need to add RAM to your system. Jeff Earickson Colby College On Fri, 30 Apr 2004, Vicchiullo, Rob wrote: > Date: Fri, 30 Apr 2004 10:24:55 -0400 > From: "Vicchiullo, Rob" > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Help with queue backup > > OK specs first > Sun E220 with 4 455 sparc processors and 2 gigs of ram. > We get roughly 70k-90k emails a day. > > My problem is this, in the most days in the morning I get a storm of > emails come through all at once. > That puts my inbound queue to around 2500. Once this happens MailScanner > never catches up. The inbound queue then rises until I have to manually > go in and move files over to the outbound queue. This is obviously > unacceptable. > I have tried all the common things like lower child, raising child. > I have Spamassassin off right now because when that is turned on my load > go crazy (that is another problem, but this is more important). > Any ideas would be appreciated. > I love Mailscanner but I can't see having to manually clear my queue > ever morning. > > Rob > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri Apr 30 16:03:19 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:56 2006 Subject: tao Linux In-Reply-To: <1083335055.4092618f186b7@webmail.MUW.Edu> Message-ID: <200404301458.i3UEwKJa003166@monitor.blacknight.ie> I think he means with the standard install ie. You don't have to go looking for it Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Marco Obaid Sent: 30 April 2004 15:24 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] tao Linux Hi Stephen, Quoting Stephen Swaney : > One nice feature of both distros is that they include MySQL which is missing > from the RH 3.0 release. I may have misunderstood your statement above, but mysql-server *is* available for RH 3.0. It is on the "Extras" channel of RHEL. Marco -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dnsadmin at 1BIGTHINK.COM Fri Apr 30 16:12:04 2004 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:24:56 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <200404300139.i3U1dww02409@mx1.mailsecurity.net.au> References: <409111AD.3020200@marinocrane.com> <200404300139.i3U1dww02409@mx1.mailsecurity.net.au> Message-ID: <6.1.0.6.0.20040430110903.05225ff8@mail.1bigthink.com> At 09:40 PM 4/29/2004, you wrote: > > -----Original Message----- SNIP >Being that Outlook is here to stay, I think that this is a reasonable bug >request. BOOOOOOOOOOOOOOOOOOOOOOOOOOOOO! Outlook is the most horrendously designed UI EVER! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Apr 30 17:00:16 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:56 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <200404300139.i3U1dww02409@mx1.mailsecurity.net.au> References: <409111AD.3020200@marinocrane.com> <200404300139.i3U1dww02409@mx1.mailsecurity.net.au> Message-ID: <6.0.1.1.2.20040430164737.03be4a18@imap.ecs.soton.ac.uk> At 02:40 30/04/2004, you wrote: > > Wow, this now fixes the issue I have been having with certain pdfs. > > It is odd to note that it wasnt ALL pdfs that were being broken by the > > (now discovered) inline message. > > We actually narrowed it down yesterday to PDFs being created/printed > > from the latest version of QuickBooks with the latest version of Acrobat > > Professional V6.01. > >FWIW - I think this should be registered as a bug, as Kevin Mentioned the >message signing breaks a few things that users consider normal email >features. > > Items I'm aware of: > Outlook Read Reciepts > Outlook Meeting Requests > Outlook PDF attachments > >Being that Outlook is here to stay, I think that this is a reasonable bug >request. Can we produce a list of the MIME-types that MailScanner should not sign. At the moment it will sign any in-line text/* section. I can easily put in a little list of exceptions to catch things like text/pdf. What are the MIME types used by Outlook for these messages? It would be good to get this fixed before the next release, so the next release will have to wait until we get this resolved. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Fri Apr 30 17:02:16 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:56 2006 Subject: Help with queue backup In-Reply-To: <8BD06A60242B4341B8919A4AC958C1D0181BC2@busted.dandd.com> References: <8BD06A60242B4341B8919A4AC958C1D0181BC2@busted.dandd.com> Message-ID: <40927888.2010108@ucgbook.com> Vicchiullo, Rob wrote: > Sun E220 with 4 455 sparc processors and 2 gigs of ram. The E220 only takes 2 CPU:s..? Is this the same case you posted a week ago? I think we got pretty close to the source by finding an I/O bottleneck in c0t0d0. I asked you to post output of metadb and metastat so we could look at redistributing the load. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Fri Apr 30 17:03:36 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:24:56 2006 Subject: tao Linux References: <200404301458.i3UEwKJa003166@monitor.blacknight.ie> Message-ID: <004201c42ecc$b1d74de0$a301a8c0@cnpapers.net> I had looked at White Box and Tao once. I wasn't really sure how mature they were. Can anyone offer an opinion of how complete both of these are compared to what RHEL ES presently represents, please? An off-list reply would be fine, due to the content. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Michele Neylon :: Blacknight Solutions" To: Sent: Friday, April 30, 2004 11:03 AM Subject: Re: tao Linux > I think he means with the standard install ie. You don't have to go looking > for it > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Marco Obaid > Sent: 30 April 2004 15:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] tao Linux > > Hi Stephen, > > Quoting Stephen Swaney : > > > One nice feature of both distros is that they include MySQL which is > missing > > from the RH 3.0 release. > > I may have misunderstood your statement above, but mysql-server *is* > available > for RH 3.0. It is on the "Extras" channel of RHEL. > > > Marco > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Apr 30 17:10:18 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:56 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <6.0.1.1.2.20040430164737.03be4a18@imap.ecs.soton.ac.uk> References: <409111AD.3020200@marinocrane.com> <200404300139.i3U1dww02409@mx1.mailsecurity.net.au> <6.0.1.1.2.20040430164737.03be4a18@imap.ecs.soton.ac.uk> Message-ID: <6.0.1.1.2.20040430170904.04253d00@imap.ecs.soton.ac.uk> At 17:00 30/04/2004, you wrote: >At 02:40 30/04/2004, you wrote: >> > Wow, this now fixes the issue I have been having with certain pdfs. >> > It is odd to note that it wasnt ALL pdfs that were being broken by the >> > (now discovered) inline message. >> > We actually narrowed it down yesterday to PDFs being created/printed >> > from the latest version of QuickBooks with the latest version of Acrobat >> > Professional V6.01. >> >>FWIW - I think this should be registered as a bug, as Kevin Mentioned the >>message signing breaks a few things that users consider normal email >>features. >> >> Items I'm aware of: >> Outlook Read Reciepts >> Outlook Meeting Requests >> Outlook PDF attachments >> >>Being that Outlook is here to stay, I think that this is a reasonable bug >>request. > >Can we produce a list of the MIME-types that MailScanner should not sign. >At the moment it will sign any in-line text/* section. I can easily put in >a little list of exceptions to catch things like text/pdf. What are the >MIME types used by Outlook for these messages? > >It would be good to get this fixed before the next release, so the next >release will have to wait until we get this resolved. Or would I be better off only signing text/plain and text/html? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robv at DISASTER.COM Fri Apr 30 17:21:38 2004 From: robv at DISASTER.COM (Vicchiullo, Rob) Date: Thu Jan 12 21:24:56 2006 Subject: Help with queue backup Message-ID: <8BD06A60242B4341B8919A4AC958C1D0181BC8@busted.dandd.com> # metadb flags first blk block count a m p luo 16 1034 /dev/dsk/c0t0d0s6 a p luo 1050 1034 /dev/dsk/c0t0d0s6 a p luo 2084 1034 /dev/dsk/c0t0d0s6 a p luo 3118 1034 /dev/dsk/c0t0d0s6 a p luo 4152 1034 /dev/dsk/c0t0d0s6 a p luo 16 1034 /dev/dsk/c0t1d0s6 a p luo 1050 1034 /dev/dsk/c0t1d0s6 a p luo 2084 1034 /dev/dsk/c0t1d0s6 a p luo 3118 1034 /dev/dsk/c0t1d0s6 a p luo 4152 1034 /dev/dsk/c0t1d0s6 # metastat d1: Mirror Submirror 0: d10 State: Okay Submirror 1: d11 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 2049720 blocks d10: Submirror of d1 State: Okay Size: 2049720 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t0d0s0 0 No Okay d11: Submirror of d1 State: Okay Size: 2049720 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t1d0s0 0 No Okay d2: Mirror Submirror 0: d20 State: Okay Submirror 1: d21 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 4509384 blocks d20: Submirror of d2 State: Okay Size: 4509384 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t0d0s3 0 No Okay d21: Submirror of d2 State: Okay Size: 4509384 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t1d0s3 0 No Okay d3: Mirror Submirror 0: d30 State: Okay Submirror 1: d31 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 5121944 blocks d30: Submirror of d3 State: Okay Size: 5121944 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t0d0s4 0 No Okay d31: Submirror of d3 State: Okay Size: 5121944 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t1d0s4 0 No Okay d4: Mirror Submirror 0: d40 State: Okay Submirror 1: d41 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 4099440 blocks d40: Submirror of d4 State: Okay Size: 4099440 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t0d0s5 0 No Okay d41: Submirror of d4 State: Okay Size: 4099440 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t1d0s5 0 No Okay Rob -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart Sent: Friday, April 30, 2004 12:02 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help with queue backup Vicchiullo, Rob wrote: > Sun E220 with 4 455 sparc processors and 2 gigs of ram. The E220 only takes 2 CPU:s..? Is this the same case you posted a week ago? I think we got pretty close to the source by finding an I/O bottleneck in c0t0d0. I asked you to post output of metadb and metastat so we could look at redistributing the load. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rpoe at PLATTESHERIFF.ORG Fri Apr 30 17:25:38 2004 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:24:56 2006 Subject: tao Linux Message-ID: If WhiteBox has achieved it's goal (and why not, it's OSS, right?) and is 100% binary compatible to RHEL - how can it NOT be mature? I'm struggling right now, as Im building a new master server and don't want to use an unsupported version of RedHat (and I'm holding out on suse 9 until 9.1 comes out and is easily grabbable .. the new box doesn't see the network card under Suse 9.0 (intel motherboard)). >>> campbell@CNPAPERS.COM 4/30/2004 11:03:36 AM >>> I had looked at White Box and Tao once. I wasn't really sure how mature they were. Can anyone offer an opinion of how complete both of these are compared to what RHEL ES presently represents, please? An off-list reply would be fine, due to the content. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Michele Neylon :: Blacknight Solutions" To: Sent: Friday, April 30, 2004 11:03 AM Subject: Re: tao Linux > I think he means with the standard install ie. You don't have to go looking > for it > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Marco Obaid > Sent: 30 April 2004 15:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] tao Linux > > Hi Stephen, > > Quoting Stephen Swaney : > > > One nice feature of both distros is that they include MySQL which is > missing > > from the RH 3.0 release. > > I may have misunderstood your statement above, but mysql-server *is* > available > for RH 3.0. It is on the "Extras" channel of RHEL. > > > Marco > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gebhard at EPOST.DE Fri Apr 30 10:39:57 2004 From: gebhard at EPOST.DE (Holger Gebhard) Date: Thu Jan 12 21:24:56 2006 Subject: Problem with Rulefiles Message-ID: Hi Julian, hi Group... I have a Problem with some Rulefiles. In Example with a Ruleset for "Allow Password-Protected Archives": I tried to add some rules: To: user@domain.com yes To: @domain.com no FromOrTo: default no When a Email is send to user123@domain.com the Attachment is blocked. Thats Ok... But when I send a Mail to user@domain.com the Attachment is also blocked. Why? I tested some other Rulesets like "Warning Is Attachment", or "Inline HTML Warning". The same Problem... Other Rulesets, like Filenamerules for Example, still working with the this Configuration. Thanks for Help Holger -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rpoe at PLATTESHERIFF.ORG Fri Apr 30 17:36:21 2004 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:24:57 2006 Subject: [URGENT] How to intercept a copy of virus-infected message? Message-ID: If they fail the filename rule and you have MailScanner set to quarantine the whole message, would they not then be in the /path/to/MailScanner/quarantine directory ? >>> pmb1@YORK.AC.UK 4/30/2004 4:23:33 AM >>> Greetings - I believe our site is being copies of a virus (probably Bagle-X or a variant) that Sophos Anti-Virus is not identifying. At present the messages are only being blocked because we have MailScanner configured not to allow attachments with filename suffixes such as ".hta" etc. Sophos (the company!) have asked me to grab a couple of these messages and send them in for analysis. Plese could someone quickly explain how to configure MailScanner (4.29.3) to intercept such a message: ideally forwarding it to a specific e-mail address or, second choice, to quarantine its Sendmail queue files? Ideally I guess I'd just like to intercept messages which are being blocked because they are failing the filename based checks; I'm not particularly interested in getting the ones infected with known viruses because, well, Sophos Anti-Virus already knows them! :-} With many thanks, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Fri Apr 30 17:40:09 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:24:57 2006 Subject: are HTML tags stripped before spamassasin run Message-ID: I am wondering if the MailScanner strips HTML tags before spamassassin analyzes the message. I am wondering becuase my new version of MailScanner with spamassassin does not seem to tag things such as MIME_HTML_ONLY 0.10 now that it strips html from spam. I would prefer the message goes into spamassassin unmodified and then afterwards be modified by MailScanner. Can someone clarify this for me. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Apr 30 17:43:02 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:57 2006 Subject: OT: Re: tao Linux In-Reply-To: References: Message-ID: Rob Poe wrote: > If WhiteBox has achieved it's goal (and why not, it's OSS, right?) and > is 100% binary compatible to RHEL - how can it NOT be mature? > > I'm struggling right now, as Im building a new master server and don't > want to use an unsupported version of RedHat (and I'm holding out on > suse 9 until 9.1 comes out and is easily grabbable .. the new box > doesn't see the network card under Suse 9.0 (intel motherboard)). > You can always go to fedora. My home server is running MailScanner on Fedora. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Fri Apr 30 17:54:25 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:24:57 2006 Subject: [Fwd: Re: [Mailwatch-users] New to mailwatch--Few general questions] Message-ID: <409284C1.4080502@solid-state-logic.com> Jason direct email to you bounced with a relay denied error... jwilliams@courtesymortgage.com SMTP error from remote mailer after RCPT TO:: host mx.aspadmin.com [209.126.228.31]: 550 5.7.1 ... Relaying denied so here's my responses.. To everyone else - apologies for the noise.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -------- Original Message -------- Subject: Re: [Mailwatch-users] New to mailwatch--Few general questions Date: Fri, 30 Apr 2004 17:50:34 +0100 From: Martin Hepworth To: Jason Williams References: <5.2.1.1.0.20040429091728.02d31788@pop.courtesymortgage.com> <5.2.1.1.0.20040429091728.02d31788@pop.courtesymortgage.com> <5.2.1.1.0.20040430092304.00aba240@pop.courtesymortgage.com> Jason Williams wrote: > Hi Martin, > > I appreciate your reply. I hope you dont mind me emailing you off list, > but just wanted to ask a couple quick questions. > > >> anyway I use MailWatch on FreeBSD (4.8). > > > FreeBSD 4.9 here...so just a slight difference. :) > I'll get around to upgrading some when - just need a little time one weekend when I do it. >> I built the BerkleyDB, mysql, apache and php from packages and used >> the packages version of perl (5.8) rather than the inbuilt. I >> installed SA and clamav from source. and all the prerequisite perl >> modules from CPAN or source. > > > Hmm. Was wondering if I should upgrade my version of Perl on my system. > Yet, never really built 5.8 on a FreeBSD box. Never needed to. > I also built SA and ClamAV from source as well. > I used the port version of perl 5.8 so you can switch between to two with a supplied script.. > >> as for the mailwatch you'll need to hand configure a couple of the >> conf files and a couple of the php files so they point at the right >> directories, it assumes a linux rpm location for apaches htdocs for >> example and doesn't look in the right place for the SA rules to update. > > > I've been trying to find as much info as I can, reading up on docs, > mailing lists etc. to see all what I need to do. Seems pretty straight > forward for the most part, but there is only one hiccup for me; MySQL. I > have a little bit of experience with MySQL, but not a whole lot (using > mailwatch would allow me to get my hands dirty :) )....so im a bit > confused on what exactly I need to install for MySQL...specific version? > server? client? etc...any recommendations? > install the client from ports...it will do the server as a requisite. > >> also you'll need the old version of the DBD-mysql perl module as the >> new is borken for some reason that Steve (Mr MailWatch) Freegard >> hasn't yet figured out. > > > Ya. Saw that in the INSTALL file. it shouldn't be too bad, but you never > know. :) > >> have fun.. >> >> you don't mention how much email traffic you get aday, but my 600mhz >> celeron can handle about 15,000 emails a day (85% malware/spam) before >> it starts to slow down..(running everything -mysql etc- locally). But >> I';ve moved a fews things of local rules to URI stuff so that may have >> increase by now.. > > > At this point, im setting this up and I really don't have a whole lot of > data on much email to expect. I'm expecting about 60% of our email to be > email sent within the company, which means it will never touch the mail > gateway server. I'm curious and anxious and some anxiety is mixed in as > well. Specs on machine (not sure if i posted) > > Dual 1ghz CPU's (rebuilt kernel to for SMP support) > 2gig RAM > (2) 16gig SCSI drives > I also mounted /var/spool/MailScanner/incoming as mount_mfs > I did testing on this and it made no difference on a softupdated system - YMMV as I only got 512MB ram/IDE/600mhz celeron. In fact my performance was slightly less prob due to lack of RAM. >> on the mysql db dir and /var if you turn on softupdates it helps (see >> man tunefs), as does running a local named so dns lookups cache if you >> are using RBLS/URI lookups. > > > Yep. have softupdates on. Good idea on the local named. Never thought > about that. > > >> There are also a couple of DB cleanup crontabs you might to install to >> keep only the X days of data in the DB, and also cleanup the >> quarantine dir every X days too..find these on the archive (if not on >> the MailWatch tar ball) and the MS tar ball too I think. > > > I appreciate the tip. > > Thanks Martni. I really do appreciate it. > no problems.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Fri Apr 30 17:54:41 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:24:57 2006 Subject: Problem With PDF Files - SOLVED Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0020199F0@pascal.priv.bmrb.co.uk> Julian Field wrote: >> Can we produce a list of the MIME-types that MailScanner should not >> sign. At the moment it will sign any in-line text/* section. I can >> easily put in a little list of exceptions to catch things like >> text/pdf. What are the MIME types used by Outlook for these messages? Outlook meeting requests are text/calendar PDF's can be text/pdf or text/x-pdf (although IMHO they should the application/pdf or similar) >> >> It would be good to get this fixed before the next release, so the >> next release will have to wait until we get this resolved. > > Or would I be better off only signing text/plain and text/html? I'd vote for that actually. Theres a list of official mime types here http://www.iana.org/assignments/media-types/text/ (I guess theres many more unofficial ones!) The only one other one that stands out that it might be appropriate to sign is richtext (but I wonder if just appending a bunch of text is going to work there?). I also wonder if any more modern MUAs have started to use text/xml to support xhtml ??? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri Apr 30 17:55:42 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:24:57 2006 Subject: tao Linux In-Reply-To: <004201c42ecc$b1d74de0$a301a8c0@cnpapers.net> Message-ID: <200404301650.i3UGohJa028643@monitor.blacknight.ie> Stephen We are currently using Whitebox on approx 6 servers, that are a mixture of shared and dedicated. To date we have not had any problems worth reporting and have generally found it to be an improvement on RH9. We have not used RHEL ES, so I cannot offer a comparison Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephe Campbell Sent: 30 April 2004 17:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] tao Linux I had looked at White Box and Tao once. I wasn't really sure how mature they were. Can anyone offer an opinion of how complete both of these are compared to what RHEL ES presently represents, please? An off-list reply would be fine, due to the content. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Michele Neylon :: Blacknight Solutions" To: Sent: Friday, April 30, 2004 11:03 AM Subject: Re: tao Linux > I think he means with the standard install ie. You don't have to go looking > for it > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Marco Obaid > Sent: 30 April 2004 15:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] tao Linux > > Hi Stephen, > > Quoting Stephen Swaney : > > > One nice feature of both distros is that they include MySQL which is > missing > > from the RH 3.0 release. > > I may have misunderstood your statement above, but mysql-server *is* > available > for RH 3.0. It is on the "Extras" channel of RHEL. > > > Marco > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Fri Apr 30 17:57:53 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:24:57 2006 Subject: tao Linux In-Reply-To: <004201c42ecc$b1d74de0$a301a8c0@cnpapers.net> References: <200404301458.i3UEwKJa003166@monitor.blacknight.ie> <004201c42ecc$b1d74de0$a301a8c0@cnpapers.net> Message-ID: <40928591.9060101@gmx.de> Stephe Campbell wrote: >I had looked at White Box and Tao once. I wasn't really sure how mature they >were. Can anyone offer an opinion of how complete both of these are compared >to what RHEL ES presently represents, please? > http://www.redhat.com/archives/taroon-list/2004-March/msg00240.html http://www.redhat.com/archives/taroon-list/2004-March/msg00243.html http://updates.redhat.com/enterprise/ -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Fri Apr 30 18:47:32 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:24:57 2006 Subject: tao Linux References: <200404301650.i3UGohJa028643@monitor.blacknight.ie> Message-ID: <002801c42edb$37499060$a301a8c0@cnpapers.net> Michele, Could you possibly elaborate on why you went to something other than a RH OS. This part really is the gut of the situation. Most of my servers are RH 7.3, which seems really stable. If I am to trust our future to the Open Source community, why shouldn't I trust them to keep RH 7.3, or any other RH version, up to date and safe? I do realize that old is not always best, but can you truthfully use this example to justify things like RH 8.0 versus RH 7.3? BTW, WhiteBox, as I recall, had some issues with their installation package (was there even an X interface?) How would you rate the installation process? A friend of mine at one of the US government laboratories here has highly recommended WB, but they rolled their own installation scripts for convenience., tailoring it more to their needs. They have more hands there than we do here, though. Thank you very much for your time and thoughts. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Michele Neylon :: Blacknight Solutions" To: Sent: Friday, April 30, 2004 12:55 PM Subject: Re: tao Linux > Stephen > > We are currently using Whitebox on approx 6 servers, that are a mixture of > shared and dedicated. To date we have not had any problems worth reporting > and have generally found it to be an improvement on RH9. > We have not used RHEL ES, so I cannot offer a comparison > > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Stephe Campbell > Sent: 30 April 2004 17:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] tao Linux > > I had looked at White Box and Tao once. I wasn't really sure how mature they > were. Can anyone offer an opinion of how complete both of these are compared > to what RHEL ES presently represents, please? > > An off-list reply would be fine, due to the content. > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > ----- Original Message ----- > From: "Michele Neylon :: Blacknight Solutions" > > To: > Sent: Friday, April 30, 2004 11:03 AM > Subject: Re: tao Linux > > > > I think he means with the standard install ie. You don't have to go > looking > > for it > > > > Mr Michele Neylon > > Blacknight Internet Solutions Ltd > > http://www.blacknight.ie/ > > Tel. +353 59 9137101 > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > > Of Marco Obaid > > Sent: 30 April 2004 15:24 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] tao Linux > > > > Hi Stephen, > > > > Quoting Stephen Swaney : > > > > > One nice feature of both distros is that they include MySQL which is > > missing > > > from the RH 3.0 release. > > > > I may have misunderstood your statement above, but mysql-server *is* > > available > > for RH 3.0. It is on the "Extras" channel of RHEL. > > > > > > Marco > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From thad at THADCO.COM Fri Apr 30 18:46:50 2004 From: thad at THADCO.COM (Thad A. Thompson) Date: Thu Jan 12 21:24:57 2006 Subject: ClamAV.pm won't "make" -SOLVED In-Reply-To: <200404300548.i3U5moAH016867@avwall.bladeware.com> Message-ID: <010501c42edb$1ec74d70$1efea8c0@slam> Thanks Mike! Yes, That solved it. Installed bzip2-devel-1.0.2-10.i386.rpm and it compiled perfectly. Thad -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: Friday, April 30, 2004 12:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV.pm won't "make" I had the same problem last night. You *do* need to install the -devel rpm for bz2. After installing that, my new ClamAV compiled without a hitch. Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From thad at THADCO.COM Fri Apr 30 18:51:25 2004 From: thad at THADCO.COM (Thad A. Thompson) Date: Thu Jan 12 21:24:57 2006 Subject: ClamAV.pm won't "make" In-Reply-To: <1083308425.25904.74.camel@bach.kevinspicer.co.uk> Message-ID: <010601c42edb$c3532c60$1efea8c0@slam> Thanks Kevin, Now I know not to edit my Makefile like that. :) I will try the commandline scan over the weekend. And thanks too for the heads-up on the devel libraries. Obviously I am still learning and that will no doubt help avoid many future foibles. Thad -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer Sent: Friday, April 30, 2004 2:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV.pm won't "make" On Fri, 2004-04-30 at 04:59, Thad A. Thompson wrote: > And edited the Makefile by removing all the references to -lbz2. > > This allowed me to Make and Install from within the directory. Not really > sure if that was the right thing to do or not, but I got no errors. No, that was the wrong thing to do. You've compiled a binary that will attempt to call functions it is not linked against. > I will > have to go with the milter daemon of clam unless someone has a further > suggestion. Two further suggestions... 1) You don't need to use the clamavmodule, you can just use the plain clamav commandline program (by setting Virus Scanners = clamav), the performance isn't vastly worse (not like the Sophos / SAVI difference) and you get the benefit of being able to use external unpackers which I don't think the module does (although I could be wrong on that last point) 2) You should be able to compile okay if you actually install the -devel rpm. The {libname} rpm only contains the dynamic libs neded by programs at runtime, the {libname}-devel rpm contains the header files needed to compile/link programs and static libraries in case you need to compile a statically linked binary. You must have the {libname}-devel package installed for any library you need to link against. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Fri Apr 30 20:25:32 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:57 2006 Subject: Question on the following Message-ID: <5.2.1.1.0.20040430122207.00ad25d0@pop.courtesymortgage.com> Hello everyone, Just had a question on the following on Mailscanner.conf # In every batch of virus-scanning, limit the maximum # a) number of unscanned messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of unscanned messages to deliver # d) total size of potentially infected messages to unpack and scan Max Unscanned Bytes Per Scan = 25000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 I'm not completely understanding this part. I'm assuming you set a limit on the size of the file to scan? But then I see this: Maximum Message Size = 1500000 Which tells me this is the max message size that MS will scan...so im confused on the first part I copied into here... I also see you can set the max size of an attachment to scan as well... I'm assuming that whatever you put for this specifications is dependent upon the hardware for the server? Just trying to get my guidelines straight here... I go live tonight....mixed of excitement and nervousness. :) Thanks, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Fri Apr 30 20:38:00 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:57 2006 Subject: Question on the following In-Reply-To: <5.2.1.1.0.20040430122207.00ad25d0@pop.courtesymortgage.com> References: <5.2.1.1.0.20040430122207.00ad25d0@pop.courtesymortgage.com> Message-ID: <4092AB18.8050405@ucgbook.com> Jason Williams wrote: > Max Unscanned Bytes Per Scan = 25000000 > Max Unsafe Bytes Per Scan = 50000000 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 The above can be used to tune the performance of the server depending on traffic and capacity. Everything will be processed no matter what though. > Maximum Message Size = 1500000 This is to block large messages. The default is zero, no checking. > I also see you can set the max size of an attachment to scan as well... This is to block large attachments. Zero means no attachments allowed and less than zero is no checking. The latter two are part of the available methods for blocking messages but the first is just meant to tune your server along with the number of children. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mark at TIPPINGMAR.COM Fri Apr 30 20:56:14 2004 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:24:57 2006 Subject: SweepViruses.pm: minor patch to 4.29.7, for 4.30 In-Reply-To: <6.0.1.1.2.20040430085832.03efd340@imap.ecs.soton.ac.uk> References: Message-ID: <40924CEE.4748.2E18ABD1@localhost> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040430/6df5173c/attachment.html From jaearick at COLBY.EDU Fri Apr 30 21:00:19 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:24:57 2006 Subject: SweepViruses.pm: minor patch to 4.29.7, for 4.30 In-Reply-To: <40924CEE.4748.2E18ABD1@localhost> References: <40924CEE.4748.2E18ABD1@localhost> Message-ID: Julian, This is fine by me, I can work with whatever you implement here. Jeff Earickson On Fri, 30 Apr 2004, Mark Nienberg wrote: > Date: Fri, 30 Apr 2004 12:56:14 -0700 > From: Mark Nienberg > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SweepViruses.pm: minor patch to 4.29.7, for 4.30 > > > On 30 Apr 2004 at 8:59, Julian Field wrote: > > You can't do that without changing the parser. You got away with it as > > you also mistakenly changed the separator from ":: " to "::" so it > > didn't pick up your change. I'll fix it for you and put it in 4.30. > > > > At 15:32 29/04/2004, you wrote: > > >The purpose of the patch is to > > >change the syslog output for ClamAVmodule and SophosSAVI from: > > > > > >MailScanner[29668]: INFECTED:: W32/Bagle-AA:: (pathname) > > >MailScanner[29668]: INFECTED:: Worm.Bagle.Z:: (pathname) > > > > > >to: > > > > > >MailScanner[24988]: INFECTED::SophosSAVI:: W32/Bagle-AA:: (pathname) > > >MailScanner[24988]: INFECTED::ClamAVModule:: Worm.Bagle.Z:: > > >(pathname) > I wonder if it would be better to change it to something like: > MailScanner[24988]: SophosSAVI::INFECTED:: W32/Bagle-AA:: (pathname) > so it wouldn't break all of the log parsing scripts that currently search for > INFECTED and expect to find the virus name immediately after. > -- > Mark W. Nienberg, SE > Tipping Mar + associates > 1906 Shattuck Ave, Berkeley, CA 94704 > (510) 549-1906 > visit our website www.tippingmar.com > -------------------------- MailScanner list ---------------------- To leave, > send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see > the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cslyon at QXZI.NET Fri Apr 30 21:10:26 2004 From: cslyon at QXZI.NET (c lyon) Date: Thu Jan 12 21:24:57 2006 Subject: Tagging subject lines like {SPAM} but w/ MCP Message-ID: I have seen a few posts on this subject but nothing consulsive. So, any ideas on how to get this working? So something like this in the conf file: MCP SpamAssassin Modify Subject = {MCP} This would just be for the messages that get forwarded to the admin person but the orginal sender and recipent wouldn't have there subject changed. Is that doable? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martyn at INVICTAWIZ.COM Fri Apr 30 23:24:34 2004 From: martyn at INVICTAWIZ.COM (InvictaWiz Customer Support) Date: Thu Jan 12 21:24:57 2006 Subject: Quarantined attachments Message-ID: Hi I wrote a script to deliver quarantined attachments. Easy I thought..... MS re-stripped the attachment - Bother! I whitelisted my From: address - quarantine@blahblah - Surely that will fix it... No! What seems to happen is that MS doesn't strip the attachment on the way in because quarantine@blahblah is whitelisted. However, what seems to happen is the message gets re-scanned on it's way to the destination address - also on this server of course. MS then thinks "Ah Ha, I must strip this dodgi attachment" Have I made a fundamental mistake? How do others deliver dodgi attachments out of quarantine? Martyn Routley ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.anti84787.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Apr 30 23:46:52 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:57 2006 Subject: Quarantined attachments In-Reply-To: References: Message-ID: InvictaWiz Customer Support wrote: > Hi > > I wrote a script to deliver quarantined attachments. > Easy I thought..... > > MS re-stripped the attachment - Bother! > > I whitelisted my From: address - quarantine@blahblah - Surely that will fix it... > No! > What seems to happen is that MS doesn't strip the attachment on the way in because > quarantine@blahblah is whitelisted. However, what seems to happen is the message gets re-scanned on > it's way to the destination address - also on this server of course. MS then thinks "Ah Ha, I must > strip this dodgi attachment" Whitelist is only for spam. > > Have I made a fundamental mistake? > How do others deliver dodgi attachments out of quarantine? You must use rulesets to make sure it is not virus-scanned or filetype/filename checked when it comes from 127.0.0.1 http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/233.html > > > > Martyn Routley > > > > ----------------------------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by the http://www.anti84787.com > MailScanner, and is believed to be clean. > ----------------------------------------------------------------------------- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From scs at uwb.edu.pl Wed Apr 7 10:47:20 2004 From: scs at uwb.edu.pl (Grzegorz Staleńczyk) Date: Thu Jan 12 21:25:41 2006 Subject: footer in each mail,how? Message-ID: <247884509.20040407114720@uwb.edu.pl> Hey There! How can I add a footer to each e-mail? I want warn users about zip wiruses, and want add som text to footer each mail. I've got a text file with my text each i want add, but I can't find option in ms config file in which i can add a footer. Thanks for your help. -- Pozdrawiam. Mi?ego dnia. ____________________________________________________________________________ Grzesiek scss@poczta.of.pl lub scs@uwb.edu.pl From roger at RUDNICK.COM.BR Thu Apr 8 10:47:05 2004 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:25:41 2006 Subject: Zip files checking References: <015e01c41cd1$9aaa2140$0600a8c0@rudnick.com.br> <6.0.1.1.2.20040408090635.03e70c30@imap.ecs.soton.ac.uk> Message-ID: <01e801c41d4e$73c59640$0600a8c0@rudnick.com.br> I put the two messages in http://www.alpesmoveis.com.br/messages The "Test Message.eml" is the first one, and "Fw_ Test Message.eml" is the forwarded... The first was blocked by MailScanner, and the second passed through. ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, April 08, 2004 5:07 AM Subject: Re: Zip files checking > Can you put the two messages on a web server somewhere and send me the URL > please. Then I'll take a look at the problem. > > At 20:20 07/04/2004, you wrote: > >I would say this is a problem. I looked my exim logs and everything was the > >same for both files. I listed the MailScanner logs and you can see same/same > >except for the unpacking and I also trapped both messages as they passed > >into the MailScanner queue and copied them elsewhere to look at them and > >there was nothing different about the two emails (Both were attachments to a > >text only message). I tried the same thing sending a virus and it caught the > >virus in the forwarded message. It's an odd ball thing but I won't have time > >to trace it through MS until the weekend. I see no possible configuration > >setting that should cause attachments to a forwarded message to be handled > >differently than a normal message and neither the header or body parts had > >any differences except what you would expect to see for a forwarded message > >(Subject, MsgId, etc). My virus.scanning.rules during the forward test were > >quite simple > > > >FromOrTo: default yes > > > >the same as when I sent the zip normally and it was caught (as the log shows > >they were only a second or so apart) > > > >Rick > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Roger Jochem > > > Sent: Wednesday, April 07, 2004 1:53 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Zip files checking > > > > > > > > > Then it is really a problem? Or some misconfiguration in both our systems? > > > > > > ----- Original Message ----- > > > From: "Rick Cooper" > > > To: > > > Sent: Wednesday, April 07, 2004 12:47 PM > > > Subject: Re: Zip files checking > > > > > > > > > > I did the same test, first one through with checking turned off for the > > > host > > > > I sent from so I could receive the zip with the exe in it. > > > returned rules > > > to > > > > normal so all check would be on and it passed the forwarded exe > > > in the zip > > > > file. Then tried to send the same file to same address without > > > forwarding > > > > and it was blocked. My MailScanner log for the two events: > > > > > > > > Forwarded message: > > > > > > > > Apr 7 10:32:07 srv2 MailScanner[23024]: New Batch: Scanning 1 messages, > > > > 974634 bytes > > > > Apr 7 10:32:07 srv2 MailScanner[23024]: Spam Checks: Starting > > > > Apr 7 10:32:09 srv2 MailScanner[23024]: Virus and Content Scanning: > > > > Starting > > > > Apr 7 10:32:13 srv2 MailScanner[23024]: Uninfected: Delivered 1 > > > > messagesNormal message: > > > > > > > > Normal Message: > > > > > > > > Apr 7 10:33:31 srv2 MailScanner[23120]: New Batch: Scanning 1 messages, > > > > 974473 bytes > > > > Apr 7 10:33:31 srv2 MailScanner[23120]: Spam Checks: Starting > > > > Apr 7 10:33:32 srv2 MailScanner[23120]: Virus and Content Scanning: > > > > Starting > > > > Apr 7 10:33:37 srv2 MailScanner[23139]: MailScanner E-Mail > > > Virus Scanner > > > > version 4.29.7 starting... > > > > Apr 7 10:33:38 srv2 MailScanner[23139]: Using Custom Function file > > > > /opt/MailScanner/lib/MailScanner/CustomFunctions/MyExample.pm > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Filename Checks: Windows/DOS > > > > Executable (1BBF3B-00060P-9A McAfeestinger.exe) > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Filetype Checks: No executables > > > > (1BBF3B-00060P-9A McAfeestinger.exe) > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Other Checks: Found 2 problems > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Cleaned: Delivered 1 cleaned > > > > messages > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Notices: Warned about > > > 1 messages > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > > > Behalf Of Julian Field > > > > > Sent: Wednesday, April 07, 2004 8:48 AM > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Subject: Re: Zip files checking > > > > > > > > > > > > > > > Please can you double check this and your mail setup to ensure mail is > > > > > taking the route you think it is. MailScanner neither knows nor cares > > > > > whether a message is forwarded unless you are using rulesets on the > > > > > relevant configuration options. > > > > > > > > > > At 20:49 06/04/2004, you wrote: > > > > > >I'm sending this e-mail again because my configuration on > > > the list was > > > > > >incorrect, and I don't know if it already was sended or > > > because of this > > > > > >"misconfiguration" the email didn't gone at the first time.. (sorry) > > > > > > > > > > > >I found a strange problem in MailScanner. I just updated my > > > > > MailScanner to > > > > > >version 4.29-7, and now I was testing the zip file checking. > > > > > > > > > > > >I send an e-mail with an .exe file inside an .zip file, and > > > mailscanner > > > > > >blocked it. Great! It worked! > > > > > > > > > > > >And then I forwarded this .zip file, and this time the .zip > > > file passet > > > > > >through mailscanner. > > > > > > > > > > > >Then I made several other tests, and found out that every > > > .zip file in > > > > > >e-mails are checked and blocked, but if the e-mail is forwarded, the > > > .zip > > > > > >file always passes through. > > > > > > > > > > > >Any ideas to correct this problem? > > > > > > > > > > > >Roger Jochem > > > > > >SBS - SC > > > > > >Brazil > > > > > > > > > > -- > > > > > Julian Field > > > > > www.MailScanner.info > > > > > Professional Support Services at www.MailScanner.biz > > > > > MailScanner thanks transtec Computers for their support > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > > -- > > > > > This message has been scanned for viruses and > > > > > dangerous content by MailScanner, and is > > > > > believed to be clean. > > > > > > > > > > > > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > > > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From rcooper at DWFORD.COM Thu Apr 8 11:27:03 2004 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:25:41 2006 Subject: Zip files checking In-Reply-To: <6.0.1.1.2.20040408090635.03e70c30@imap.ecs.soton.ac.uk> Message-ID: You can look at them online at http://dwford.com/julian or download all four (they are the same queue files as MailScanner found) http://dwford.com/julian/Julian.tar.gz Thanks Rick > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Thursday, April 08, 2004 3:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Zip files checking > > > Can you put the two messages on a web server somewhere and send me the URL > please. Then I'll take a look at the problem. > > At 20:20 07/04/2004, you wrote: > >I would say this is a problem. I looked my exim logs and > everything was the > >same for both files. I listed the MailScanner logs and you can > see same/same > >except for the unpacking and I also trapped both messages as they passed > >into the MailScanner queue and copied them elsewhere to look at them and > >there was nothing different about the two emails (Both were > attachments to a > >text only message). I tried the same thing sending a virus and > it caught the > >virus in the forwarded message. It's an odd ball thing but I > won't have time > >to trace it through MS until the weekend. I see no possible configuration > >setting that should cause attachments to a forwarded message to > be handled > >differently than a normal message and neither the header or body > parts had > >any differences except what you would expect to see for a > forwarded message > >(Subject, MsgId, etc). My virus.scanning.rules during the > forward test were > >quite simple > > > >FromOrTo: default yes > > > >the same as when I sent the zip normally and it was caught (as > the log shows > >they were only a second or so apart) > > > >Rick > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Roger Jochem > > > Sent: Wednesday, April 07, 2004 1:53 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Zip files checking > > > > > > > > > Then it is really a problem? Or some misconfiguration in both > our systems? > > > > > > ----- Original Message ----- > > > From: "Rick Cooper" > > > To: > > > Sent: Wednesday, April 07, 2004 12:47 PM > > > Subject: Re: Zip files checking > > > > > > > > > > I did the same test, first one through with checking turned > off for the > > > host > > > > I sent from so I could receive the zip with the exe in it. > > > returned rules > > > to > > > > normal so all check would be on and it passed the forwarded exe > > > in the zip > > > > file. Then tried to send the same file to same address without > > > forwarding > > > > and it was blocked. My MailScanner log for the two events: > > > > > > > > Forwarded message: > > > > > > > > Apr 7 10:32:07 srv2 MailScanner[23024]: New Batch: > Scanning 1 messages, > > > > 974634 bytes > > > > Apr 7 10:32:07 srv2 MailScanner[23024]: Spam Checks: Starting > > > > Apr 7 10:32:09 srv2 MailScanner[23024]: Virus and Content Scanning: > > > > Starting > > > > Apr 7 10:32:13 srv2 MailScanner[23024]: Uninfected: Delivered 1 > > > > messagesNormal message: > > > > > > > > Normal Message: > > > > > > > > Apr 7 10:33:31 srv2 MailScanner[23120]: New Batch: > Scanning 1 messages, > > > > 974473 bytes > > > > Apr 7 10:33:31 srv2 MailScanner[23120]: Spam Checks: Starting > > > > Apr 7 10:33:32 srv2 MailScanner[23120]: Virus and Content Scanning: > > > > Starting > > > > Apr 7 10:33:37 srv2 MailScanner[23139]: MailScanner E-Mail > > > Virus Scanner > > > > version 4.29.7 starting... > > > > Apr 7 10:33:38 srv2 MailScanner[23139]: Using Custom Function file > > > > /opt/MailScanner/lib/MailScanner/CustomFunctions/MyExample.pm > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Filename Checks: > Windows/DOS > > > > Executable (1BBF3B-00060P-9A McAfeestinger.exe) > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Filetype Checks: > No executables > > > > (1BBF3B-00060P-9A McAfeestinger.exe) > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Other Checks: > Found 2 problems > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Cleaned: Delivered > 1 cleaned > > > > messages > > > > Apr 7 10:33:40 srv2 MailScanner[23120]: Notices: Warned about > > > 1 messages > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > > > Behalf Of Julian Field > > > > > Sent: Wednesday, April 07, 2004 8:48 AM > > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Subject: Re: Zip files checking > > > > > > > > > > > > > > > Please can you double check this and your mail setup to > ensure mail is > > > > > taking the route you think it is. MailScanner neither > knows nor cares > > > > > whether a message is forwarded unless you are using > rulesets on the > > > > > relevant configuration options. > > > > > > > > > > At 20:49 06/04/2004, you wrote: > > > > > >I'm sending this e-mail again because my configuration on > > > the list was > > > > > >incorrect, and I don't know if it already was sended or > > > because of this > > > > > >"misconfiguration" the email didn't gone at the first > time.. (sorry) > > > > > > > > > > > >I found a strange problem in MailScanner. I just updated my > > > > > MailScanner to > > > > > >version 4.29-7, and now I was testing the zip file checking. > > > > > > > > > > > >I send an e-mail with an .exe file inside an .zip file, and > > > mailscanner > > > > > >blocked it. Great! It worked! > > > > > > > > > > > >And then I forwarded this .zip file, and this time the .zip > > > file passet > > > > > >through mailscanner. > > > > > > > > > > > >Then I made several other tests, and found out that every > > > .zip file in > > > > > >e-mails are checked and blocked, but if the e-mail is > forwarded, the > > > .zip > > > > > >file always passes through. > > > > > > > > > > > >Any ideas to correct this problem? > > > > > > > > > > > >Roger Jochem > > > > > >SBS - SC > > > > > >Brazil > > > > > > > > > > -- > > > > > Julian Field > > > > > www.MailScanner.info > > > > > Professional Support Services at www.MailScanner.biz > > > > > MailScanner thanks transtec Computers for their support > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > > -- > > > > > This message has been scanned for viruses and > > > > > dangerous content by MailScanner, and is > > > > > believed to be clean. > > > > > > > > > > > > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > > > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > From raymond at prolocation.net Fri Apr 16 22:00:45 2004 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:41 2006 Subject: ANNOUNCE: Unstable 4.30.1 In-Reply-To: Message-ID: Hi! > > - Fixed problem with some systems not rewinding file extraction directory > > properly. > > - Fix to get rid of zombie processes quickly and cleanly. > > I dont know if it has to do with the zombie code, but i have it running on > two of my exim boxes currently, 4.30.1 and both show the same behaviour. I > have 10 mailscanner children normally, but they just die after some time > and wont come back. Its all running ok, for hours, but then they drop out > and i have to restart mailscanner to get it going again. Noticed this on > my 2nd box, and seeing this on my 1st one also now. In addition to this, also get this on the one other box. With other linux version. So this is happening with both RH9 and Fedora CORE-1. [root@vmx50 root]# pstree init-+-MailScanner---MailScanner Where i get this after a restart: [root@vmx50 root]# pstree init-+-MailScanner---14*[MailScanner] Since normally 14 are running, so thats ok. And alos there: Apr 16 22:56:04 vmx50 MailScanner: succeeded Apr 16 22:56:25 vmx50 application bug: MailScanner(7572) has SIGCHLD set to SIG_IGN but calls wait(). Apr 16 22:57:25 vmx50 application bug: MailScanner(9744) has SIGCHLD set to SIG_IGN but calls wait(). Apr 16 22:58:25 vmx50 application bug: MailScanner(11175) has SIGCHLD set to SIG_IGN but calls wait(). Apr 16 22:59:26 vmx50 application bug: MailScanner(10800) has SIGCHLD set to SIG_IGN but calls wait(). I have this on all 4 boxes i am running the beta on, 3 are running with exim, one with sendmail. Looks like some structural problem in the new version, anyone noticed, or am i the only one running it :) Bye, Raymond. From linux at karel.com.tr Mon Apr 19 07:58:03 2004 From: linux at karel.com.tr (Volkan Evrin) Date: Thu Jan 12 21:25:41 2006 Subject: how to bypass some "foundscript" Message-ID: <009c01c425db$b69a2f40$0a02a8c0@toranaga> At Mon Apr 19 09:07:37 2004 the content filters said: foundscript Note to Help Desk: Look on KAREL MailScanner in /var/spool/MailScanner/quarantine/20040419 (message i3J66g2W024825). -- Postmaster MailScanner thanks transtec Computers for their support Some of our mails blocked because of "foundscript" should be sent to users. I have configured the MS Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Object Codebase Tags = disarm Convert Dangerous HTML to Text = Yes and add these e-mail address to spamassassin, MS whitelists, but no change! How can I manage the delivering the "foundscript mails" according to their address? thanks. Volkan Evrin RH9.0 Sendmail 8.12 MS 4.29.1 SA 2.63 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040419/1e123b4b/attachment.html From imiller at bsd.uchicago.edu Fri Apr 23 17:17:28 2004 From: imiller at bsd.uchicago.edu (Ian Miller) Date: Thu Jan 12 21:25:41 2006 Subject: SPAM Notify problem in 4.28.6 In-Reply-To: <6.0.1.1.2.20040421232319.048d38e8@imap.ecs.soton.ac.uk> References: <1082481553.40855b91b3342@webemail.bsd.uchicago.edu> <408564B7.3050405@USherbrooke.ca> <1082490717.40857f5d0fa18@webemail.bsd.uchicago.edu> <6.0.1.1.2.20040421232319.048d38e8@imap.ecs.soton.ac.uk> Message-ID: <1082737048.408941981f587@webemail.bsd.uchicago.edu> Quoting Julian Field : > Did you specify the "store" spam action, or only "notify". If you want it > stored as well, you need to say so. > > At 20:51 20/04/2004, you wrote: > >Hundred 100% positive > > > >Quoting Denis Beauchemin : > > > > > Ian Miller wrote: > > > > I am running MailScanner 4.28.6 on a solaris 9 box with spamassassin > and > > > > some RBL's. > > > > > > > > I have had this happen before but it was never a problem until now. > > > > A user has requested a email marked as high scoring spam but I can > > not find > > > the > > > > Message id file anyway. I have search the whole hard drive and found > > > nothing ... > > > > is there a problem with 4.28.6 not storing spam with the notify > feature > > > enabled? > > > > -Ian > > > > > > > > > > Ian, > > > > > > Are you sure the message was quarantined by YOUR MailScanner? > > > > > > Something along those lines happened here a while ago... Turned out the > > > message was quarantined by some other host... > > > > > > Denis > > > > > > -- > > > _ > > > ?v? Denis Beauchemin, analyste > > > /(_)\ Universit? de Sherbrooke, S.T.I. > > > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > > > > > > > > > >Hundred 100% positive > > > >-- > >Ian Miller > >Sr. Systems Engineer > >University of Chicago > >imiller@bsd.uchicago.edu > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > So if I put notify and store on the same line for the High Scoring Spam = (action) I think it is called that .... {example} High Scoring Spam = notify store -Ian