From faq at mailscanner.info Sun Feb 1 00:28:01 2004
From: faq at mailscanner.info (faq@mailscanner.info)
Date: Thu Jan 12 21:22:14 2006
Subject: Faq-O-Matic Error Log
Message-ID: <200402010028.i110S1j4025597@seer.ecs.soton.ac.uk>
Errors from MailScanner Faq-O-Matic (v. 2.717):
2004-01-26-01-41-43 2.717 error editPart 23959 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.
Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.
(Sequence number in form: 2; in item: 3)
2004-01-26-02-15-42 2.717 error faq 30705 <(noID)> The file (16>) doesn't exist.
2004-01-27-19-17-17 2.717 error editPart 32359 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.
Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.
(Sequence number in form: 5; in item: 6)
2004-01-28-14-50-48 2.717 error faq 2380 <(noID)> error: Unknown command. Are you a confused robot or an 3l33t h@X0r? If neither, check with site admin to debug the problem.
2004-01-28-14-53-39 2.717 error faq 2871 <(noID)> error: Unknown command. Are you a confused robot or an 3l33t h@X0r? If neither, check with site admin to debug the problem.
2004-01-28-14-53-58 2.717 error editPart 2884 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.
Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.
(Sequence number in form: 10000; in item: 0)
2004-01-28-14-54-43 2.717 error editPart 2989 <(noID)> Part number "-1" in "211" doesn't exist.
2004-01-28-14-57-00 2.717 error editPart 3632 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.
Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.
(Sequence number in form: -1; in item: 2)
2004-01-28-14-57-45 2.717 error faq 3893 <(noID)> error: Unknown command. Are you a confused robot or an 3l33t h@X0r? If neither, check with site admin to debug the problem.
2004-01-28-14-59-40 2.717 note editPart 4227 <(noID)> Perl warning: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.6.1/FAQ/OMatic/editPart.pm line 62.
2004-01-28-14-59-40 2.717 note editPart 4227 <(noID)> Perl warning: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.6.1/FAQ/OMatic.pm line 1769.
2004-01-28-15-04-22 2.717 error editPart 5546 <(noID)> Part number "-1" in "57" doesn't exist.
2004-01-28-15-21-46 2.717 note editPart 8998 <(noID)> Perl warning: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.6.1/FAQ/OMatic/editPart.pm line 62.
2004-01-28-15-21-46 2.717 note editPart 8998 <(noID)> Perl warning: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.6.1/FAQ/OMatic.pm line 1769.
2004-01-28-15-21-46 2.717 error editPart 8998 <(noID)> Part number 0 in 136 doesn't exist.
From ejb at QL.ORG Sun Feb 1 04:44:33 2004
From: ejb at QL.ORG (Jay Berkenbilt)
Date: Thu Jan 12 21:22:15 2006
Subject: removal of "bounce" spam action in 4.26.7
Message-ID: <200402010444.i114iXif014991@soup.in.ql.org>
I see in the release announcement for 4.26.7 that the "bounce" spam
action has been removed. I'm curious about this. We use this feature
for spam that scores in the 5 to 10 range and send a bounce that
instructs the user to send mail to a special mailbox which is not
filtered. This allows us to let false positives through. We probably
get about 5 messages a week for a 50 person company, and most of the
messages are important. This is enough to convince me that this is an
important feature. I can only guess that it's been removed because
such a huge amount of spam has invalid addresses. I know our mail
queue has 500 undeliverable spam bounces in it at any given time.
Still, I doubt I will succeed in convincing the powers that be at my
company that we can do without that feature.
Have I understood this item in the announcement correctly? Is it true
that "bounce" is no longer a valid spam action? If so, has something
replaced it to achieve similar functionality? I suppose I could
always implement this my self by forwarding to an address that uses
procmail to send the bounce, but that would be a shame.
I apologize if I've missed an earlier discussion on this.
--
Jay Berkenbilt
http://www.ql.org/q/
From ugob at CAMO-ROUTE.COM Sun Feb 1 04:58:33 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:15 2006
Subject: removal of "bounce" spam action in 4.26.7
Message-ID: <54C38A0B814C8E438EF73FC76F36292741088D@mtlnt501fs.CAMOROUTE.COM>
> -----Message d'origine-----
> De : Jay Berkenbilt [mailto:ejb@QL.ORG]
> Envoy? : Saturday, January 31, 2004 11:45 PM
> ? : MAILSCANNER@JISCMAIL.AC.UK
> Objet : removal of "bounce" spam action in 4.26.7
>
>
> I see in the release announcement for 4.26.7 that the "bounce" spam
> action has been removed. I'm curious about this. We use this feature
> for spam that scores in the 5 to 10 range and send a bounce that
> instructs the user to send mail to a special mailbox which is not
> filtered. This allows us to let false positives through. We probably
> get about 5 messages a week for a 50 person company, and most of the
> messages are important. This is enough to convince me that this is an
> important feature. I can only guess that it's been removed because
> such a huge amount of spam has invalid addresses. I know our mail
> queue has 500 undeliverable spam bounces in it at any given time.
> Still, I doubt I will succeed in convincing the powers that be at my
> company that we can do without that feature.
>
> Have I understood this item in the announcement correctly? Is it true
> that "bounce" is no longer a valid spam action?
Yes
> If so, has something
> replaced it to achieve similar functionality?
No
> I suppose I could
> always implement this my self by forwarding to an address that uses
> procmail to send the bounce, but that would be a shame.
>
> I apologize if I've missed an earlier discussion on this.
Yes, there has been a long thread about this.
hth
Ugo
>
> --
> Jay Berkenbilt
> http://www.ql.org/q/
>
From kevins at BMRB.CO.UK Sun Feb 1 10:41:07 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
In-Reply-To: <200401311910.LAA12534@sheridan.sibble.net>
References: <200401311910.LAA12534@sheridan.sibble.net>
Message-ID: <1075632074.28761.69.camel@bach.kevinspicer.co.uk>
On Sat, 2004-01-31 at 18:48, Harondel J. Sibble wrote:
> The plan is to switch the primary MX to the MS box and have isp as secondary
> and the MS box will forward the test accounts to the internal server and any
> other mail with go to the isp. Telneting into the MS box, this all works
> fine. Now however I am wondering how to have the MS box send mail for the 2
> test accounts to both the internal server and isp mailserver.
>
I think you can make Non Spam actions a ruleset, with the default being
deliver and specific rule for those two accounts to be 'deliver forward
user@othermachine'
I do hope when you mentioned telneting you really meant sshing, not
telnet using the telnet command.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From kevins at BMRB.CO.UK Sun Feb 1 10:51:23 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:15 2006
Subject: removal of "bounce" spam action in 4.26.7
In-Reply-To: <200402010444.i114iXif014991@soup.in.ql.org>
References: <200402010444.i114iXif014991@soup.in.ql.org>
Message-ID: <1075632693.18054.8.camel@bach.kevinspicer.co.uk>
On Sun, 2004-02-01 at 04:44, Jay Berkenbilt wrote:
> Have I understood this item in the announcement correctly? Is it true
> that "bounce" is no longer a valid spam action? If so, has something
> replaced it to achieve similar functionality? I suppose I could
> always implement this my self by forwarding to an address that uses
> procmail to send the bounce, but that would be a shame.
>
You want to do some analysis on why the false positives are being
generated. I managed to virtually eliminate them with a combination or
whitelisting, tuning the threshold and adding rules to match the names
of our products and assign negative scores.
Typically false positive will be right at the bottom end of the score
threshold, so either a) raise the lower threshold or b) lower the high
score threshold and use the attachment deliver option for the low
scoring spam.
As someone who has recently had his address used as the forged sender of
a spam run and woke up to find hundreds of such bounce messages in his
inbox I welcome the removal of the bounce option, and would encourage
anyone thinking of finding a way around it to think again.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From drew at THEMARSHALLS.CO.UK Sun Feb 1 11:03:17 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
In-Reply-To: <200401311910.LAA12534@sheridan.sibble.net>
References: <200401311910.LAA12534@sheridan.sibble.net>
Message-ID: <401CDCF5.9060901@themarshalls.co.uk>
Harondel J. Sibble wrote:
>Is there an easy way in postfix or in MS to send mail to 2 locations?
>
>Situation, isp currently hosts dns and email accounts for client. We have an
>internal mailserver with an MS box as the mail relay for the internal server.
>We want to test with a few of the accounts that currently exist with the isp,
>so the we have the following transport map on the MS box
>
>username1@domain.com smtp:[192.168.x.x]
>username2@domain.com smtp:[192.168.x.x]
>domain.com smtp:isp mailserver (primary mx for domain)
>
>The plan is to switch the primary MX to the MS box and have isp as secondary
>and the MS box will forward the test accounts to the internal server and any
>other mail with go to the isp. Telneting into the MS box, this all works
>fine. Now however I am wondering how to have the MS box send mail for the 2
>test accounts to both the internal server and isp mailserver.
>
>
Just make an alias map some thing like:
testuser1: test1 test1@ispdomain
testuser2: test2 test2@ispdomain
Then
$ newaliases
Should do the trick
>The reason we are going this way is that we want to keep all the current mail
>running as it is while still be able to test and use the internal mailserver
>until we are satisfied that it is ready for production use. Can anyone
>suggest a better method of accomplishing the same goal?
>
>--
>Harondel J. Sibble
>Sibble Computer Consulting
>Creating solutions for the small business and home computer user.
>help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
>(604) 739-3709 (voice/fax) (604) 686-2253 (pager)
>
>
Regards
Drew
--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy
From kevins at BMRB.CO.UK Sun Feb 1 11:18:27 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
In-Reply-To: <401CDCF5.9060901@themarshalls.co.uk>
References: <200401311910.LAA12534@sheridan.sibble.net>
<401CDCF5.9060901@themarshalls.co.uk>
Message-ID: <1075634307.18054.25.camel@bach.kevinspicer.co.uk>
On Sun, 2004-02-01 at 11:03, Drew Marshall wrote:
> Just make an alias map some thing like:
>
> testuser1: test1 test1@ispdomain
> testuser2: test2 test2@ispdomain
>
This will only work if the addresses (testuser1 and testuser2) are
destined for mailboxes on the local machine.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From drew at THEMARSHALLS.CO.UK Sun Feb 1 11:32:03 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
In-Reply-To: <1075634307.18054.25.camel@bach.kevinspicer.co.uk>
References: <200401311910.LAA12534@sheridan.sibble.net>
<401CDCF5.9060901@themarshalls.co.uk>
<1075634307.18054.25.camel@bach.kevinspicer.co.uk>
Message-ID: <401CE3B3.6030305@themarshalls.co.uk>
Kevin Spicer wrote:
>On Sun, 2004-02-01 at 11:03, Drew Marshall wrote:
>
>
>>Just make an alias map some thing like:
>>
>>testuser1: test1 test1@ispdomain
>>testuser2: test2 test2@ispdomain
>>
>>
>>
>This will only work if the addresses (testuser1 and testuser2) are
>destined for mailboxes on the local machine.
>
>
>
You are right. I miss read the original post :-( but the same principle
could be used for a virtual user map I would have thought just using
full addresses.
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material. If you have received this in error, please contact the
>sender and delete this message immediately. Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited. BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
>
>
--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040201/779971ab/attachment.html
From goleotti at MISAG.IT Sun Feb 1 12:09:20 2004
From: goleotti at MISAG.IT (Gabriele Oleotti)
Date: Thu Jan 12 21:22:15 2006
Subject: Vexira AV Support in 4.26.6?
Message-ID: <1488394A34F6A0408FDA3841418D1442183D46@scorpio.auron.mi>
I have to apologize for the last patch I sent you as the autoupdate script has a little bug (I forget the --update switch, so vexira isn't really doing the update). Sorry for that.
I corrected this bug and I have adjusted the output coming from the scanner as the vexira seems to use dos/windows CR+LF new line characters which causes bad looking output to be logged on my files.
Last, I have added time-out support (for the most copied from the alarm perldoc page and from the clamav-autoupdate) which I have tested and seemed to work fine.
Buy for now,
Gabriele
-----Original Message-----
From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
Sent: venerd? 30 gennaio 2004 18.00
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Vexira AV Support in 4.26.6?
At 16:53 30/01/2004, you wrote:
>Will Support for Vexira Antivirus added in MailScanner Version 4.26.6?
No, sorry. I haven't had time to test it myself. It will have to wait for
4.27.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vexira.patch
Type: application/octet-stream
Size: 8456 bytes
Desc: vexira.patch
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040201/373b37ce/vexira.obj
From Janssen at RZ.UNI-FRANKFURT.DE Sun Feb 1 12:16:45 2004
From: Janssen at RZ.UNI-FRANKFURT.DE (Michael Janssen)
Date: Thu Jan 12 21:22:15 2006
Subject: removal of "bounce" spam action in 4.26.7
In-Reply-To: <200402010444.i114iXif014991@soup.in.ql.org>
References: <200402010444.i114iXif014991@soup.in.ql.org>
Message-ID:
On Sat, 31 Jan 2004, Jay Berkenbilt wrote:
> I see in the release announcement for 4.26.7 that the "bounce" spam
> action has been removed. I'm curious about this. We use this feature
> for spam that scores in the 5 to 10 range and send a bounce that
> instructs the user to send mail to a special mailbox which is not
> filtered. This allows us to let false positives through. We probably
> get about 5 messages a week for a 50 person company, and most of the
> messages are important. This is enough to convince me that this is an
> important feature. I can only guess that it's been removed because
> such a huge amount of spam has invalid addresses.
*valid* addresses are the worse thing: spammer faking their from-address
to the address of another person. This is why you can't bounce spam
without making a possibly huge number of persons nervous, angry,
lethargic about all the false spam-bounces they get. It's simply no good
style because you would leave the work of sorting out bounces of
true-negative and false-positive spam.
You can do this work on your own when you forward low score spam to a
special, "ugly", account and sort out false-positives by your own. Which
is lot of stupid work but can be tackled down with better whitelisting
and such.
On our site, we provide daily informations about received spam for each
account and leave it to each user to take this serious and check these
spamlists for seldom false-positves (this means instead of deleting
several spam per day you search one mail for ham list-entries). Works
quite well because a human can distinct anonymous spam from
personal important mail very fast.
Michael
From mailscanner at ecs.soton.ac.uk Sun Feb 1 13:41:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
In-Reply-To: <1075632074.28761.69.camel@bach.kevinspicer.co.uk>
References: <200401311910.LAA12534@sheridan.sibble.net>
<1075632074.28761.69.camel@bach.kevinspicer.co.uk>
Message-ID: <6.0.1.1.2.20040201133928.038d76e8@imap.ecs.soton.ac.uk>
At 10:41 01/02/2004, you wrote:
>On Sat, 2004-01-31 at 18:48, Harondel J. Sibble wrote:
> > The plan is to switch the primary MX to the MS box and have isp as
> secondary
> > and the MS box will forward the test accounts to the internal server
> and any
> > other mail with go to the isp. Telneting into the MS box, this all works
> > fine. Now however I am wondering how to have the MS box send mail for the 2
> > test accounts to both the internal server and isp mailserver.
> >
>I think you can make Non Spam actions a ruleset, with the default being
>deliver and specific rule for those two accounts to be 'deliver forward
>user@othermachine'
If you need to copy the mail to more than one address, you can specify
"forward user@address.com" more than once in the rulesets.
Don't forget to do the same thing to the Spam Actions and the High Scoring
Spam Actions settings as well, if you want to duplicate the spam too. But
you don't need 3 identical files. You can of course make all 3 settings use
the same ruleset file.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Sun Feb 1 13:49:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:15 2006
Subject: Vexira AV Support in 4.26.6?
In-Reply-To: <1488394A34F6A0408FDA3841418D1442183D46@scorpio.auron.mi>
References: <1488394A34F6A0408FDA3841418D1442183D46@scorpio.auron.mi>
Message-ID: <6.0.1.1.2.20040201134926.04480128@imap.ecs.soton.ac.uk>
Hopefully I'll get this in to 4.27.
At 12:09 01/02/2004, you wrote:
>I have to apologize for the last patch I sent you as the autoupdate script
>has a little bug (I forget the --update switch, so vexira isn't really
>doing the update). Sorry for that.
>
>I corrected this bug and I have adjusted the output coming from the
>scanner as the vexira seems to use dos/windows CR+LF new line characters
>which causes bad looking output to be logged on my files.
>
>Last, I have added time-out support (for the most copied from the alarm
>perldoc page and from the clamav-autoupdate) which I have tested and
>seemed to work fine.
>
>Buy for now,
>Gabriele
>
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
>Sent: venerd? 30 gennaio 2004 18.00
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Vexira AV Support in 4.26.6?
>
>
>At 16:53 30/01/2004, you wrote:
> >Will Support for Vexira Antivirus added in MailScanner Version 4.26.6?
>
>No, sorry. I haven't had time to test it myself. It will have to wait for
>4.27.
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Sun Feb 1 15:52:53 2004
From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk)
Date: Thu Jan 12 21:22:15 2006
Subject: NOTIFY-New Guestbook Entry
Message-ID: <200402011552.i11FqrZZ030027@seer.ecs.soton.ac.uk>
New Guestbook-Entry from Reinier
We run MailScanner plus Spamassassin with Exim, McAfee en Bitdefender.
Work greats, keep up the good work.
One wish allthough...can zip files be extracted and be checked for dangerous filetypes such as .pif and .scr ?
In case your scanner isn\'\'t up2date you don\'\'t have too worry that user\'\'s are opening zips containing .pifs and other executeble stuff.
From mike at CAMAROSS.NET Sun Feb 1 17:12:50 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
In-Reply-To: <401CDCF5.9060901@themarshalls.co.uk>
Message-ID: <200402011711.i11HBCH2025165@avwall.bladeware.com>
On the MS box, you *could* use the Archive function to send mail to more
than one user:
FromTo: user1@yourdomain.com otheruser@somedomain.org
Mike
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall
> Sent: Sunday, February 01, 2004 5:03 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: sending mail to 2 locations
>
> Harondel J. Sibble wrote:
>
> >Is there an easy way in postfix or in MS to send mail to 2 locations?
> >
> >Situation, isp currently hosts dns and email accounts for client. We
> >have an internal mailserver with an MS box as the mail relay
> for the internal server.
> >We want to test with a few of the accounts that currently exist with
> >the isp, so the we have the following transport map on the MS box
> >
> >username1@domain.com smtp:[192.168.x.x] username2@domain.com
> >smtp:[192.168.x.x]
> >domain.com smtp:isp mailserver (primary mx for domain)
> >
> >The plan is to switch the primary MX to the MS box and have isp as
> >secondary and the MS box will forward the test accounts to
> the internal
> >server and any other mail with go to the isp. Telneting into the MS
> >box, this all works fine. Now however I am wondering how to
> have the MS
> >box send mail for the 2 test accounts to both the internal
> server and isp mailserver.
> >
> >
> Just make an alias map some thing like:
>
> testuser1: test1 test1@ispdomain
> testuser2: test2 test2@ispdomain
>
> Then
>
> $ newaliases
>
> Should do the trick
>
> >The reason we are going this way is that we want to keep all the
> >current mail running as it is while still be able to test
> and use the
> >internal mailserver until we are satisfied that it is ready for
> >production use. Can anyone suggest a better method of
> accomplishing the same goal?
> >
> >--
> >Harondel J. Sibble
> >Sibble Computer Consulting
> >Creating solutions for the small business and home computer user.
> >help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
> >(604) 739-3709 (voice/fax) (604) 686-2253 (pager)
> >
> >
> Regards
>
> Drew
>
>
> --
> In line with our policy, this message has been scanned for
> viruses and dangerous content by MailScanner, and is believed
> to be clean.
> www.themarshalls.co.uk/policy
>
From dannyz at belgonet.com Sun Feb 1 16:56:28 2004
From: dannyz at belgonet.com (Danny Zak)
Date: Thu Jan 12 21:22:15 2006
Subject: join mailscanner danny zak
Message-ID: <190197488894.20040201175628@belgonet.com>
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040201/4ce6036a/attachment.html
From dannyz at belgonet.com Sun Feb 1 16:59:42 2004
From: dannyz at belgonet.com (Danny Zak)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
Message-ID: <71197683674.20040201175942@belgonet.com>
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040201/00ba0590/attachment.html
From ugob at CAMO-ROUTE.COM Sun Feb 1 18:04:26 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
Message-ID: <54C38A0B814C8E438EF73FC76F36292741088F@mtlnt501fs.CAMOROUTE.COM>
-----Message d'origine-----
De : Danny Zak [mailto:dannyz@belgonet.com]
Envoy? : Sunday, February 01, 2004 12:00 PM
? : MAILSCANNER@JISCMAIL.AC.UK
Objet : ZIP files seems not to be scanned (mydoom)
Hello MAILSCANNER list;
it seems that my mailscanner isn't scanning zip attaches for virusses.
[Ugo Bellavance]
It is the job of your anti-virus, not mailscanner's
it does filter out the mydoom virus by files that are standardly attached although.
--
Best regards,
Danny mailto:dannyz@belgonet.com
belGOnet.com a Euro-pictures division - internet solutions
place princesse elisabeth 9/11 - 1030 Brussels - Belgium
Tel : +32-(0)2-215.67.65 - Fax : +32-(0)2-215.66.65
domains - hosting - hardware - VoiP - consultancy - backuping
CISCO - HP/COMPAQ - SUN - EMC - JUNIPER - IBM - DELL - NORTEL
No legal consequences can be derived from the contents of the email
neither is belGOnet.com committed to them. The content of this email
is exclusively intended for adressee(s) and information purposes.
belGOnet.com accepts no liability for any damage resulting from the
use and/or acceptation of the content of this email.
From kevins at BMRB.CO.UK Sun Feb 1 18:10:34 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
In-Reply-To: <71197683674.20040201175942@belgonet.com>
References: <71197683674.20040201175942@belgonet.com>
Message-ID: <1075659034.21098.34.camel@bach.kevinspicer.co.uk>
On Sun, 2004-02-01 at 16:59, Danny Zak wrote: Hello MAILSCANNER list;
>it seems that my mailscanner isn't scanning zip attaches for virusses.
>it does filter out the mydoom virus by files that are standardly
>attached although.
As Ugo says this is the job of your antivirus, which one are you using.
Have you checked that the unfiltered mails actually contain the virus in
their zips (run past another virus scanner) - there are some broken
copies around sending out non infected zips.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From rwmailscanner at LACASITA.DEMON.CO.UK Sun Feb 1 20:31:19 2004
From: rwmailscanner at LACASITA.DEMON.CO.UK (Robert Richard Wallace)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
Message-ID:
Also i believe some of the bounces are comming back with the whole bounce
msg including virus set in a plain text mime type. All the clients i use
dont therefore allow me to save off the infected attachment. NOT SURE WHAT
OUTLOOK DOES ON THESE.
My INBOX is becoming spammed silly with these reject Messages with a copy of
the virus attached in MIME format. Question is should MailScanner be able to
break up the msg and find these bounces and filter them out as well ?
Anyone care to comment ?
On Sun, 1 Feb 2004 18:10:34 +0000, Kevin Spicer wrote:
>On Sun, 2004-02-01 at 16:59, Danny Zak wrote: Hello MAILSCANNER list;
>
>>it seems that my mailscanner isn't scanning zip attaches for virusses.
>
>>it does filter out the mydoom virus by files that are standardly
>>attached although.
>
>As Ugo says this is the job of your antivirus, which one are you using.
>
>Have you checked that the unfiltered mails actually contain the virus in
>their zips (run past another virus scanner) - there are some broken
>copies around sending out non infected zips.
>
>
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material. If you have received this in error, please contact the
>sender and delete this message immediately. Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited. BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
From jaearick at COLBY.EDU Sun Feb 1 20:39:31 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
Message-ID:
Julian,
I tried an upgrade from 4.25-14 to 4.26.7. Setup: Sol 9,
SA 2.63. I got gobs of:
Skipping SpamAssassin while waiting for Bayes database to rebuild
messages with 4.26.7. The zero byte file /tmp/MS.bayes.rebuild.lock
appeared after I restarted MS, and it never seems to go away. I
tried things with both "Rebuild Bayes Every = 0" and with this set
to 86400. Same deal. I'm afraid to try "Wait During Bayes Rebuild = yes"
because if it never rebuilds then no mail gets delivered, right?
A rebuild should only take a few seconds, right?
I tried stopping MS, removing /tmp/MS.bayes*, restarting -- still no
luck. I've fallen back to 4.25-14 for the moment.
BTW, I have a cron job to do bayes spam/ham learning with
$SALEARN --prefs-file=$PREFS --rebuild --force-expire
at the top. Should I still do this rebuild and force-expire in this
script?
From mailscanner at ecs.soton.ac.uk Sun Feb 1 21:33:46 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040201211323.037b9598@imap.ecs.soton.ac.uk>
At 20:39 01/02/2004, you wrote:
>Julian,
>
> I tried an upgrade from 4.25-14 to 4.26.7. Setup: Sol 9,
>SA 2.63. I got gobs of:
>
> Skipping SpamAssassin while waiting for Bayes database to rebuild
This should only happen every day or so. Depends on your setting of
"Rebuild Bayes Every".
How often do you get a bunch of these?
>messages with 4.26.7. The zero byte file /tmp/MS.bayes.rebuild.lock
>appeared after I restarted MS, and it never seems to go away.
That's fine. It's a lock file that each of the child processes will
maintain a shared lock on.
> I
>tried things with both "Rebuild Bayes Every = 0" and with this set
>to 86400. Same deal. I'm afraid to try "Wait During Bayes Rebuild = yes"
>because if it never rebuilds then no mail gets delivered, right?
You'll soon see.
>A rebuild should only take a few seconds, right?
It can take a minute or two if your Bayes database is quite large.
>I tried stopping MS, removing /tmp/MS.bayes*, restarting -- still no
>luck. I've fallen back to 4.25-14 for the moment.
>
>BTW, I have a cron job to do bayes spam/ham learning with
>
> $SALEARN --prefs-file=$PREFS --rebuild --force-expire
>
>at the top. Should I still do this rebuild and force-expire in this
>script?
No. My scheduled rebuild is there to replace this. It is designed to solve
the bayes_toks.new problem by locking out SpamAssassin during the rebuild
without causing SA to just timeout. Instead of SA timing out, it skips it
or waits for it to complete.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From dannyz at belgonet.com Sun Feb 1 21:19:46 2004
From: dannyz at belgonet.com (Danny Zak)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
In-Reply-To: <54C38A0B814C8E438EF73FC76F36292741088F@mtlnt501fs.CAMOROUTE.COM>
References: <54C38A0B814C8E438EF73FC76F36292741088F@mtlnt501fs.CAMOROUTE.COM>
Message-ID: <125213287401.20040201221946@belgonet.com>
Hello Ugo,
thanks for your reponse; as also to kevin and robert...
i use fprot antivirus with it; although its strange that it is't configured in my mailscanner config file ..
i assume it is working although; since i notice this in my maillog
Feb 1 10:51:07 ns MailScanner[24262]: New Batch: Scanning 1 messages, 1076 bytes
Feb 1 10:51:07 ns MailScanner[24262]: Spam Checks: Starting
Feb 1 10:51:12 ns update.virus.scanners: Found f-prot installed
Feb 1 10:51:12 ns update.virus.scanners: Updating f-prot
Feb 1 10:51:12 ns MailScanner[24262]: Virus and Content Scanning: Starting
Feb 1 10:51:12 ns MailScanner[24262]: Uninfected: Delivered 1 messages
--
Best regards,
Danny mailto:dannyz@belgonet.com
belGOnet.com a Euro-pictures division - internet solutions
place princesse elisabeth 9/11 - 1030 Brussels - Belgium
Tel : +32-(0)2-215.67.65 - Fax : +32-(0)2-215.66.65
domains - hosting - hardware - VoiP - consultancy - backuping
CISCO - HP/COMPAQ - SUN - EMC - JUNIPER - IBM - DELL - NORTEL
No legal consequences can be derived from the contents of the email
neither is belGOnet.com committed to them. The content of this email
is exclusively intended for adressee(s) and information purposes.
belGOnet.com accepts no liability for any damage resulting from the
use and/or acceptation of the content of this email.
Sunday, February 1, 2004, 7:04:26 PM, you wrote:
UB> -----Message d'origine-----
UB> De : Danny Zak [mailto:dannyz@belgonet.com]
UB> Envoy? : Sunday, February 01, 2004 12:00 PM
UB> ? : MAILSCANNER@JISCMAIL.AC.UK
UB> Objet : ZIP files seems not to be scanned (mydoom)
UB> Hello MAILSCANNER list;
UB> it seems that my mailscanner isn't scanning zip attaches for virusses.
UB> [Ugo Bellavance]
UB> It is the job of your anti-virus, not mailscanner's
UB> it does filter out the mydoom virus by files that are standardly attached although.
From mailscanner at ecs.soton.ac.uk Sun Feb 1 21:37:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
In-Reply-To: <125213287401.20040201221946@belgonet.com>
References: <54C38A0B814C8E438EF73FC76F36292741088F@mtlnt501fs.CAMOROUTE.COM>
<125213287401.20040201221946@belgonet.com>
Message-ID: <6.0.1.1.2.20040201213635.037e4e40@imap.ecs.soton.ac.uk>
At 21:19 01/02/2004, you wrote:
>Hello Ugo,
>
>thanks for your reponse; as also to kevin and robert...
>
>i use fprot antivirus with it; although its strange that it is't
>configured in my mailscanner config file ..
>
>i assume it is working although; since i notice this in my maillog
No, that log section means exactly what it says. It has found it installed
and is keeping it up to date for you. Unless you mention it in
MailScanner.conf it won't be using it.
>Feb 1 10:51:07 ns MailScanner[24262]: New Batch: Scanning 1 messages,
>1076 bytes
>Feb 1 10:51:07 ns MailScanner[24262]: Spam Checks: Starting
>Feb 1 10:51:12 ns update.virus.scanners: Found f-prot installed
>Feb 1 10:51:12 ns update.virus.scanners: Updating f-prot
>Feb 1 10:51:12 ns MailScanner[24262]: Virus and Content Scanning: Starting
>Feb 1 10:51:12 ns MailScanner[24262]: Uninfected: Delivered 1 messages
>
>
>--
>Best regards,
> Danny mailto:dannyz@belgonet.com
>
>belGOnet.com a Euro-pictures division - internet solutions
>place princesse elisabeth 9/11 - 1030 Brussels - Belgium
>Tel : +32-(0)2-215.67.65 - Fax : +32-(0)2-215.66.65
>
>domains - hosting - hardware - VoiP - consultancy - backuping
>CISCO - HP/COMPAQ - SUN - EMC - JUNIPER - IBM - DELL - NORTEL
>
>
>No legal consequences can be derived from the contents of the email
>neither is belGOnet.com committed to them. The content of this email
>is exclusively intended for adressee(s) and information purposes.
>belGOnet.com accepts no liability for any damage resulting from the
>use and/or acceptation of the content of this email.
>
>
>Sunday, February 1, 2004, 7:04:26 PM, you wrote:
>
>UB> -----Message d'origine-----
>UB> De : Danny Zak [mailto:dannyz@belgonet.com]
>UB> Envoy? : Sunday, February 01, 2004 12:00 PM
>UB> ? : MAILSCANNER@JISCMAIL.AC.UK
>UB> Objet : ZIP files seems not to be scanned (mydoom)
>
>
>UB> Hello MAILSCANNER list;
>
>UB> it seems that my mailscanner isn't scanning zip attaches for virusses.
>UB> [Ugo Bellavance]
>UB> It is the job of your anti-virus, not mailscanner's
>
>UB> it does filter out the mydoom virus by files that are standardly
>attached although.
>
>
>
>
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From peter at UCGBOOK.COM Sun Feb 1 21:38:11 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
In-Reply-To: <125213287401.20040201221946@belgonet.com>
References: <54C38A0B814C8E438EF73FC76F36292741088F@mtlnt501fs.CAMOROUTE.COM>
<125213287401.20040201221946@belgonet.com>
Message-ID: <401D71C3.2080402@ucgbook.com>
Danny Zak wrote:
> Feb 1 10:51:12 ns update.virus.scanners: Found f-prot installed
> Feb 1 10:51:12 ns update.virus.scanners: Updating f-prot
This just means that it found F-prot so it could update the signatures
for it, no need to configure that. It does *not* mean that it will use
F-prot to scan messages unless you configure it to do so.
> Feb 1 10:51:12 ns MailScanner[24262]: Virus and Content Scanning: Starting
This is for all kinds of checks. Does not mean it will actually
virus scan with your virus scanner.
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
From mailscanner at pdscc.com Mon Feb 2 07:40:09 2004
From: mailscanner at pdscc.com (Harondel J. Sibble)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
In-Reply-To: <1075632074.28761.69.camel@bach.kevinspicer.co.uk>
References: <200401311910.LAA12534@sheridan.sibble.net>
Message-ID: <200402020801.AAA19480@sheridan.sibble.net>
On 1 Feb 2004 at 10:41, Kevin Spicer wrote:
> I do hope when you mentioned telneting you really meant sshing, not
> telnet using the telnet command.
no.... I meant telneting, I was testing an smtp connection, ssh is
_generally_ of no use in that situation.
--
Harondel J. Sibble
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax) (604) 686-2253 (pager)
From dannyz at belgonet.com Sun Feb 1 21:53:09 2004
From: dannyz at belgonet.com (Danny Zak)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
In-Reply-To: <6.0.1.1.2.20040201213635.037e4e40@imap.ecs.soton.ac.uk>
References: <54C38A0B814C8E438EF73FC76F36292741088F@mtlnt501fs.CAMOROUTE.COM>
<125213287401.20040201221946@belgonet.com>
<6.0.1.1.2.20040201213635.037e4e40@imap.ecs.soton.ac.uk>
Message-ID: <190215290651.20040201225309@belgonet.com>
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040201/a1d634ab/attachment.html
From nathan at TCPNETWORKS.NET Sun Feb 1 22:21:48 2004
From: nathan at TCPNETWORKS.NET (Nathan Johanson)
Date: Thu Jan 12 21:22:15 2006
Subject: many spamassassin timeouts
Message-ID:
Make sure you aren't havin Bayes locking issues. My timeouts were
attributable to this more than once. Check /var/spool/spamassassin (or
wherever your Baye's database resides) for extra bayes lock files and
delete them (you may also need to delete the *.expiry files). Try
running a manual rebuild of the database like so:
sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild
--force-expire
If this is the cause of the problem, consider taking advantage of the
bayes rebuild options available in the latest release of MailScanner (or
run the command regularly via cron).
Nathan
-----Original Message-----
From: Stephen Swaney [mailto:steve.swaney@FSL.COM]
Sent: Saturday, January 31, 2004 12:07 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: many spamassassin timeouts
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Mickey Everts
> Sent: Saturday, January 31, 2004 2:54 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: many spamassassin timeouts
>
> Here is something very weird I just noticed in trying to track this
down.
> Here is just a small sample of my logs, but notice the time outs
happen
> almost exactly every ten minutes? I am running mailscanner-4.25-14.
>
[SKS]
Do you have an event that is slowing down you network every 10 minutes.
Try a sniffer and see.
This is the typical cause for SpamAssassin timeouts.
Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
> Jan 31 05:48:41 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 05:59:05 defender MailScanner[17813]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:09:02 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:19:03 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:29:41 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:39:26 defender MailScanner[17813]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:50:14 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:00:05 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:10:43 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:20:32 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:30:42 defender MailScanner[17784]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:40:45 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:50:53 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:00:48 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:11:01 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:20:59 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
>
> Mickey
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> Of Julian Field
> Sent: Saturday, January 31, 2004 6:37 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: many spamassassin timeouts
>
> At 21:17 30/01/2004, you wrote:
> >I turned on Debug = yes and Debug SpamAssassin = yes but I am not
seeing
> >output similar to below in maillog. Should I be looking elsewhere
else?
> I
> >am trying to track down the source of some spamassassin timeouts I
have
> been
> >having. Ideally I need to log the equivalent of "spamassassin -D"
for a
> few
> >hours.
>
> Those 2 options will cause "check_mailscanner" to log all the SA
output to
> the terminal. It will process 1 batch of messages and then quit.
> I have been getting a lot of Razor timeouts recently, and have
currently
> disabled it. You can do this by adding
> use_razor2 0
> to your spam.assassin.prefs.conf and restarting MailScanner.
>
>
>
> >Thanks!
> >
> >Mickey
> >
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> >Of Piet Bos
> >Sent: Monday, January 26, 2004 3:02 AM
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: Re: many spamassassin timeouts
> >
> >a part of the debug output.
> >I find the 0 behind Net::DNS resolver unavailable rather curious
> >do you agree?
> >
> >grtz Piet
> >
> >debug: running raw-body-text per-line regexp tests; score so far=4.3
> >debug: running uri tests; score so far=4.3
> >debug: uri tests: Done uriRE
> >debug: running full-text regexp tests; score so far=4.3
> >debug: Razor2 is not available
> >debug: DCC is not available: dccproc not found
> >debug: Razor1 is not available
> >debug: Pyzor is not available: pyzor not found
> >debug: is Net::DNS::Resolver unavailable? 0
> >debug: trying (3) gwdg.de...
> >debug: looking up MX for 'gwdg.de'
> >debug: MX for 'gwdg.de' exists? 1
> >debug: MX lookup of gwdg.de succeeded => Dns available (set
dns_available
> to
> >hardcode)
> >debug: is DNS available? 1
> >debug: running meta tests; score so far=5.3
> >----- Original Message -----
> >From: "Julian Field"
> >To:
> >Sent: Monday, January 26, 2004 9:39 AM
> >Subject: Re: many spamassassin timeouts
> >
> >
> > > Run with Debug = yes and Debug SpamAssassin = yes, and see where
the
> > > slow-down is.
> > >
> > > At 08:33 26/01/2004, you wrote:
> > > >Experiencing many spamassassin timeouts lately.
> > > >Is there a valid reason for that?
> > > >I'm using version 4.26-1 starting
> > > >my settings in MailScanner.conf are:
> > > >SpamAssassin Timeout = 40
> > > >Max SpamAssassin Timeouts = 50
> > > >
> > > >Any suggestions?
> > > >brgds Piet
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
From brose at MED.WAYNE.EDU Sun Feb 1 23:42:21 2004
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
Message-ID:
I get the same thing, even if Rebuild Bayes Every is set to 0. I've
even removed by bayes and started over from scratch. The bayes files
haven't been touched at all since I recreated them. If I disabled Bayes
in the SA conf, it still says it's skipping for that reason.
I'm also on Solaris but v8 with SA 2.63
-=B
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Sunday, February 01, 2004 4:34 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: 4.26.7, bayes rebuild, confused.
At 20:39 01/02/2004, you wrote:
>Julian,
>
> I tried an upgrade from 4.25-14 to 4.26.7. Setup: Sol 9, SA 2.63.
>I got gobs of:
>
> Skipping SpamAssassin while waiting for Bayes database to rebuild
This should only happen every day or so. Depends on your setting of
"Rebuild Bayes Every".
How often do you get a bunch of these?
>messages with 4.26.7. The zero byte file /tmp/MS.bayes.rebuild.lock
>appeared after I restarted MS, and it never seems to go away.
That's fine. It's a lock file that each of the child processes will
maintain a shared lock on.
> I
>tried things with both "Rebuild Bayes Every = 0" and with this set to
>86400. Same deal. I'm afraid to try "Wait During Bayes Rebuild = yes"
>because if it never rebuilds then no mail gets delivered, right?
You'll soon see.
>A rebuild should only take a few seconds, right?
It can take a minute or two if your Bayes database is quite large.
>I tried stopping MS, removing /tmp/MS.bayes*, restarting -- still no
>luck. I've fallen back to 4.25-14 for the moment.
>
>BTW, I have a cron job to do bayes spam/ham learning with
>
> $SALEARN --prefs-file=$PREFS --rebuild --force-expire
>
>at the top. Should I still do this rebuild and force-expire in this
>script?
No. My scheduled rebuild is there to replace this. It is designed to
solve the bayes_toks.new problem by locking out SpamAssassin during the
rebuild without causing SA to just timeout. Instead of SA timing out, it
skips it or waits for it to complete.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD
E1DC 7222 11F6 5947 1415 B654
From brose at MED.WAYNE.EDU Mon Feb 2 00:25:14 2004
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
Message-ID:
It looks like MS is trying to run a rebuild on every scan.
Feb 1 18:19:02 eeyore MailScanner[13579]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:19:12 eeyore MailScanner[13587]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:19:22 eeyore MailScanner[13610]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:19:32 eeyore MailScanner[13615]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:19:42 eeyore MailScanner[13617]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:19:52 eeyore MailScanner[13630]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:20:03 eeyore MailScanner[13676]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:20:12 eeyore MailScanner[13710]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:20:22 eeyore MailScanner[13742]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:20:32 eeyore MailScanner[13748]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:20:42 eeyore MailScanner[13755]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:20:52 eeyore MailScanner[13762]: SpamAssassin Bayes database
rebuild starting
Feb 1 18:21:02 eeyore MailScanner[13771]: SpamAssassin Bayes database
rebuild starting
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Rose, Bobby
Sent: Sunday, February 01, 2004 6:42 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: 4.26.7, bayes rebuild, confused.
I get the same thing, even if Rebuild Bayes Every is set to 0. I've
even removed by bayes and started over from scratch. The bayes files
haven't been touched at all since I recreated them. If I disabled Bayes
in the SA conf, it still says it's skipping for that reason.
I'm also on Solaris but v8 with SA 2.63
-=B
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Sunday, February 01, 2004 4:34 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: 4.26.7, bayes rebuild, confused.
At 20:39 01/02/2004, you wrote:
>Julian,
>
> I tried an upgrade from 4.25-14 to 4.26.7. Setup: Sol 9, SA 2.63.
>I got gobs of:
>
> Skipping SpamAssassin while waiting for Bayes database to rebuild
This should only happen every day or so. Depends on your setting of
"Rebuild Bayes Every".
How often do you get a bunch of these?
>messages with 4.26.7. The zero byte file /tmp/MS.bayes.rebuild.lock
>appeared after I restarted MS, and it never seems to go away.
That's fine. It's a lock file that each of the child processes will
maintain a shared lock on.
> I
>tried things with both "Rebuild Bayes Every = 0" and with this set to
>86400. Same deal. I'm afraid to try "Wait During Bayes Rebuild = yes"
>because if it never rebuilds then no mail gets delivered, right?
You'll soon see.
>A rebuild should only take a few seconds, right?
It can take a minute or two if your Bayes database is quite large.
>I tried stopping MS, removing /tmp/MS.bayes*, restarting -- still no
>luck. I've fallen back to 4.25-14 for the moment.
>
>BTW, I have a cron job to do bayes spam/ham learning with
>
> $SALEARN --prefs-file=$PREFS --rebuild --force-expire
>
>at the top. Should I still do this rebuild and force-expire in this
>script?
No. My scheduled rebuild is there to replace this. It is designed to
solve the bayes_toks.new problem by locking out SpamAssassin during the
rebuild without causing SA to just timeout. Instead of SA timing out, it
skips it or waits for it to complete.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD
E1DC 7222 11F6 5947 1415 B654
From raymond at PROLOCATION.NET Mon Feb 2 00:32:00 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
In-Reply-To:
Message-ID:
Hi!
> Feb 1 18:19:02 eeyore MailScanner[13579]: SpamAssassin Bayes database
> rebuild starting
> Feb 1 18:19:12 eeyore MailScanner[13587]: SpamAssassin Bayes database
> rebuild starting
> Feb 1 18:19:22 eeyore MailScanner[13610]: SpamAssassin Bayes database
> I get the same thing, even if Rebuild Bayes Every is set to 0. I've
> even removed by bayes and started over from scratch. The bayes files
> haven't been touched at all since I recreated them. If I disabled Bayes
> in the SA conf, it still says it's skipping for that reason.
>
> I'm also on Solaris but v8 with SA 2.63
Try setting the 0 to for example 3600 to see if behaviour changes? I see
the same when setting it to 0 currently.
Bye,
Raymond.
From brose at MED.WAYNE.EDU Mon Feb 2 01:52:56 2004
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
Message-ID:
No change. It's been an hour and MailScanner is still skipping SA
checks.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Raymond Dijkxhoorn
Sent: Sunday, February 01, 2004 7:32 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: 4.26.7, bayes rebuild, confused.
Hi!
> Feb 1 18:19:02 eeyore MailScanner[13579]: SpamAssassin Bayes database
> rebuild starting Feb 1 18:19:12 eeyore MailScanner[13587]:
> SpamAssassin Bayes database rebuild starting Feb 1 18:19:22 eeyore
> MailScanner[13610]: SpamAssassin Bayes database
> I get the same thing, even if Rebuild Bayes Every is set to 0. I've
> even removed by bayes and started over from scratch. The bayes files
> haven't been touched at all since I recreated them. If I disabled
> Bayes in the SA conf, it still says it's skipping for that reason.
>
> I'm also on Solaris but v8 with SA 2.63
Try setting the 0 to for example 3600 to see if behaviour changes? I see
the same when setting it to 0 currently.
Bye,
Raymond.
From james at DENY.ORG Mon Feb 2 02:50:22 2004
From: james at DENY.ORG (James Sizemore)
Date: Thu Jan 12 21:22:15 2006
Subject: Razor and tmp files in the "In Queue"
Message-ID: <401DBAEE.8070603@deny.org>
I have noticed that in Mailscanner 4.26-5, Razor is putting some files
in the
"Incoming Queue Dir" :
drwx------ 2 postfix postfix 4096 Feb 1 20:26 r
-rw------- 1 postfix postfix 215580 Feb 1 20:48 razor-agent.log
Can this be changed? It makes it hard to get an ideal of the number of
incoming messages if the queue directory has 15-30 megs of crap in it!
From brose at MED.WAYNE.EDU Mon Feb 2 03:14:01 2004
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
Message-ID:
Also if I set the "Wait on Rebuild" to yes and the rebuild option is 0,
then the logs say "At start of SA checks could not get shared lock on
/tmp/MS.bayes.rebuild.lock, Bad file number" and it does the SA Checks
anyway. Could their be a bug in the locking or the clearing of the lock
file?
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Rose, Bobby
Sent: Sunday, February 01, 2004 8:53 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: 4.26.7, bayes rebuild, confused.
No change. It's been an hour and MailScanner is still skipping SA
checks.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Raymond Dijkxhoorn
Sent: Sunday, February 01, 2004 7:32 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: 4.26.7, bayes rebuild, confused.
Hi!
> Feb 1 18:19:02 eeyore MailScanner[13579]: SpamAssassin Bayes database
> rebuild starting Feb 1 18:19:12 eeyore MailScanner[13587]:
> SpamAssassin Bayes database rebuild starting Feb 1 18:19:22 eeyore
> MailScanner[13610]: SpamAssassin Bayes database
> I get the same thing, even if Rebuild Bayes Every is set to 0. I've
> even removed by bayes and started over from scratch. The bayes files
> haven't been touched at all since I recreated them. If I disabled
> Bayes in the SA conf, it still says it's skipping for that reason.
>
> I'm also on Solaris but v8 with SA 2.63
Try setting the 0 to for example 3600 to see if behaviour changes? I see
the same when setting it to 0 currently.
Bye,
Raymond.
From steve.swaney at FSL.COM Mon Feb 2 03:40:20 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:22:15 2006
Subject: Razor and tmp files in the "In Queue"
In-Reply-To: <401DBAEE.8070603@deny.org>
Message-ID: <20040202034020.1625A21C135@mail.fsl.com>
Look at the ~/.razor/razor-agent.conf file. This is where you
specify things like:
Where to put log files
Debug level (yours is probably too high)
On a Linux system where razor runs as root, this is typically:
/root/.razor
Very good documentation at:
http://razor.sourceforge.net/docs/
Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of James Sizemore
> Sent: Sunday, February 01, 2004 9:50 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Razor and tmp files in the "In Queue"
>
> I have noticed that in Mailscanner 4.26-5, Razor is putting some files
> in the
> "Incoming Queue Dir" :
>
> drwx------ 2 postfix postfix 4096 Feb 1 20:26 r
> -rw------- 1 postfix postfix 215580 Feb 1 20:48 razor-agent.log
>
> Can this be changed? It makes it hard to get an ideal of the number of
> incoming messages if the queue directory has 15-30 megs of crap in it!
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
From ugob at CAMO-ROUTE.COM Mon Feb 2 03:42:22 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:15 2006
Subject: ZIP files seems not to be scanned (mydoom)
Message-ID: <54C38A0B814C8E438EF73FC76F362927410891@mtlnt501fs.CAMOROUTE.COM>
-----Message d'origine-----
De : Danny Zak [mailto:dannyz@belgonet.com]
Envoy? : Sunday, February 01, 2004 4:53 PM
? : MAILSCANNER@JISCMAIL.AC.UK
Objet : Re: ZIP files seems not to be scanned (mydoom)
best;
indeed .. i did change
Virus Scanners = none
to
Virus Scanners = f-prot
and it is working :)
thanks .. i did assume that the reportign was enough
[Ugo Bellavance]
That was only the update script reporting, not mailscanner's.
hth
Ugo
.. but it wasn't thanks !
--
Best regards,
Danny mailto:dannyz@belgonet.com
belGOnet.com a Euro-pictures division - internet solutions
place princesse elisabeth 9/11 - 1030 Brussels - Belgium
Tel : +32-(0)2-215.67.65 - Fax : +32-(0)2-215.66.65
domains - hosting - hardware - VoiP - consultancy - backuping
CISCO - HP/COMPAQ - SUN - EMC - JUNIPER - IBM - DELL - NORTEL
No legal consequences can be derived from the contents of the email
neither is belGOnet.com committed to them. The content of this email
is exclusively intended for adressee(s) and information purposes.
belGOnet.com accepts no liability for any damage resulting from the
use and/or acceptation of the content of this email.
Sunday, February 1, 2004, 10:37:38 PM, you wrote:
JF> At 21:19 01/02/2004, you wrote:
>>Hello Ugo,
>>
>>thanks for your reponse; as also to kevin and robert...
>>
>>i use fprot antivirus with it; although its strange that it is't
>>configured in my mailscanner config file ..
>>
>>i assume it is working although; since i notice this in my maillog
JF> No, that log section means exactly what it says. It has found it installed
JF> and is keeping it up to date for you. Unless you mention it in
JF> MailScanner.conf it won't be using it.
>>Feb 1 10:51:07 ns MailScanner[24262]: New Batch: Scanning 1 messages,
>>1076 bytes
>>Feb 1 10:51:07 ns MailScanner[24262]: Spam Checks: Starting
>>Feb 1 10:51:12 ns update.virus.scanners: Found f-prot installed
>>Feb 1 10:51:12 ns update.virus.scanners: Updating f-prot
>>Feb 1 10:51:12 ns MailScanner[24262]: Virus and Content Scanning: Starting
>>Feb 1 10:51:12 ns MailScanner[24262]: Uninfected: Delivered 1 messages
>>
>>
>>--
>>Best regards,
>> Danny mailto:dannyz@belgonet.com
>>
>>belGOnet.com a Euro-pictures division - internet solutions
>>place princesse elisabeth 9/11 - 1030 Brussels - Belgium
>>Tel : +32-(0)2-215.67.65 - Fax : +32-(0)2-215.66.65
>>
>>domains - hosting - hardware - VoiP - consultancy - backuping
>>CISCO - HP/COMPAQ - SUN - EMC - JUNIPER - IBM - DELL - NORTEL
>>
>>
>>No legal consequences can be derived from the contents of the email
>>neither is belGOnet.com committed to them. The content of this email
>>is exclusively intended for adressee(s) and information purposes.
>>belGOnet.com accepts no liability for any damage resulting from the
>>use and/or acceptation of the content of this email.
>>
>>
>>Sunday, February 1, 2004, 7:04:26 PM, you wrote:
>>
>>UB> -----Message d'origine-----
>>UB> De : Danny Zak [mailto:dannyz@belgonet.com]
>>UB> Envoy? : Sunday, February 01, 2004 12:00 PM
>>UB> ? : MAILSCANNER@JISCMAIL.AC.UK
>>UB> Objet : ZIP files seems not to be scanned (mydoom)
>>
>>
>>UB> Hello MAILSCANNER list;
>>
>>UB> it seems that my mailscanner isn't scanning zip attaches for virusses.
>>UB> [Ugo Bellavance]
>>UB> It is the job of your anti-virus, not mailscanner's
>>
>>UB> it does filter out the mydoom virus by files that are standardly
>>attached although.
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040201/1e2fd649/attachment.html
From mickey-ml at GREENGLOW.ORG Mon Feb 2 04:02:54 2004
From: mickey-ml at GREENGLOW.ORG (Mickey Everts)
Date: Thu Jan 12 21:22:15 2006
Subject: many spamassassin timeouts
In-Reply-To:
Message-ID: <002c01c3e941$6f728cb0$630a0a0a@gyruss>
Damn...there were a ton of *lock* and *expire* files and I deleted them all.
I'll give it a couple days to see if the problem is really solved, but it
sounds likely. Thanks again for the tip!
I haven't looked in that directory for ages since I didn't even realize the
locking issue existed and every time I looked in the past, it just had the
typical files:
auto-whitelist
bayes_journal
bayes_seen
bayes_toks
I just found the "Bayesian shenanigans" thread but it sounds like people
haven't exactly gotten to the bottom of this issue yet. It sounds like the
general opinion is it is some issue with spamassassin itself...right?
Mickey
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Nathan Johanson
Sent: Sunday, February 01, 2004 2:22 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: many spamassassin timeouts
Make sure you aren't havin Bayes locking issues. My timeouts were
attributable to this more than once. Check /var/spool/spamassassin (or
wherever your Baye's database resides) for extra bayes lock files and
delete them (you may also need to delete the *.expiry files). Try
running a manual rebuild of the database like so:
sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild
--force-expire
If this is the cause of the problem, consider taking advantage of the
bayes rebuild options available in the latest release of MailScanner (or
run the command regularly via cron).
Nathan
-----Original Message-----
From: Stephen Swaney [mailto:steve.swaney@FSL.COM]
Sent: Saturday, January 31, 2004 12:07 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: many spamassassin timeouts
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Mickey Everts
> Sent: Saturday, January 31, 2004 2:54 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: many spamassassin timeouts
>
> Here is something very weird I just noticed in trying to track this
down.
> Here is just a small sample of my logs, but notice the time outs
happen
> almost exactly every ten minutes? I am running mailscanner-4.25-14.
>
[SKS]
Do you have an event that is slowing down you network every 10 minutes.
Try a sniffer and see.
This is the typical cause for SpamAssassin timeouts.
Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
> Jan 31 05:48:41 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 05:59:05 defender MailScanner[17813]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:09:02 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:19:03 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:29:41 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:39:26 defender MailScanner[17813]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:50:14 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:00:05 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:10:43 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:20:32 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:30:42 defender MailScanner[17784]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:40:45 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:50:53 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:00:48 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:11:01 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:20:59 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
>
> Mickey
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> Of Julian Field
> Sent: Saturday, January 31, 2004 6:37 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: many spamassassin timeouts
>
> At 21:17 30/01/2004, you wrote:
> >I turned on Debug = yes and Debug SpamAssassin = yes but I am not
seeing
> >output similar to below in maillog. Should I be looking elsewhere
else?
> I
> >am trying to track down the source of some spamassassin timeouts I
have
> been
> >having. Ideally I need to log the equivalent of "spamassassin -D"
for a
> few
> >hours.
>
> Those 2 options will cause "check_mailscanner" to log all the SA
output to
> the terminal. It will process 1 batch of messages and then quit.
> I have been getting a lot of Razor timeouts recently, and have
currently
> disabled it. You can do this by adding
> use_razor2 0
> to your spam.assassin.prefs.conf and restarting MailScanner.
>
>
>
> >Thanks!
> >
> >Mickey
> >
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> >Of Piet Bos
> >Sent: Monday, January 26, 2004 3:02 AM
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: Re: many spamassassin timeouts
> >
> >a part of the debug output.
> >I find the 0 behind Net::DNS resolver unavailable rather curious
> >do you agree?
> >
> >grtz Piet
> >
> >debug: running raw-body-text per-line regexp tests; score so far=4.3
> >debug: running uri tests; score so far=4.3
> >debug: uri tests: Done uriRE
> >debug: running full-text regexp tests; score so far=4.3
> >debug: Razor2 is not available
> >debug: DCC is not available: dccproc not found
> >debug: Razor1 is not available
> >debug: Pyzor is not available: pyzor not found
> >debug: is Net::DNS::Resolver unavailable? 0
> >debug: trying (3) gwdg.de...
> >debug: looking up MX for 'gwdg.de'
> >debug: MX for 'gwdg.de' exists? 1
> >debug: MX lookup of gwdg.de succeeded => Dns available (set
dns_available
> to
> >hardcode)
> >debug: is DNS available? 1
> >debug: running meta tests; score so far=5.3
> >----- Original Message -----
> >From: "Julian Field"
> >To:
> >Sent: Monday, January 26, 2004 9:39 AM
> >Subject: Re: many spamassassin timeouts
> >
> >
> > > Run with Debug = yes and Debug SpamAssassin = yes, and see where
the
> > > slow-down is.
> > >
> > > At 08:33 26/01/2004, you wrote:
> > > >Experiencing many spamassassin timeouts lately.
> > > >Is there a valid reason for that?
> > > >I'm using version 4.26-1 starting
> > > >my settings in MailScanner.conf are:
> > > >SpamAssassin Timeout = 40
> > > >Max SpamAssassin Timeouts = 50
> > > >
> > > >Any suggestions?
> > > >brgds Piet
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
From Pascal.Maes at ELEC.UCL.AC.BE Mon Feb 2 07:56:14 2004
From: Pascal.Maes at ELEC.UCL.AC.BE (Pascal Maes)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused.
Message-ID:
Hello,
I have the same behaviour with the rebuild of bayes database and I get it
every time MailScanner is launched.
To avoid the "Skipping", I have to "manually" remove the lock file
(for me it's not important since I do not use bayes !)
In SA.pm, the lock file is created before the test on "$RebuildBayes"
and the lock is removed only if the bayes database has been rebuild.
If $RebuildBayes == 0, the lock will never be removed.
if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
or don't begin ???
I see the "Skipping" line in the logfile but I don't see any line
such as "SpamAssassin Bayes database rebuild preparing" even with
$RebuildBAYES <> 0
--
-- Pascal --
--
From Kevin.Spicer at BMRB.CO.UK Mon Feb 2 08:22:07 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:22:15 2006
Subject: sending mail to 2 locations
Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649A1B@pascal.priv.bmrb.co.uk>
Harondel J. Sibble wrote:
> On 1 Feb 2004 at 10:41, Kevin Spicer wrote:
>
> no.... I meant telneting, I was testing an smtp connection, ssh is
> _generally_ of no use in that situation.
Ahh, you meant using telnet to connect to the SMTP port, rather than to login. My mistake.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From mailscanner at ecs.soton.ac.uk Mon Feb 2 09:40:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused. -- Urgent test please
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
Please could you try the attached SA.pm and see if it helps.
Changes:
- Set "Rebuild Bayes Every = 0" should disable all this code.
- Locking code changed to more closely match the virus scanner
locking code.
The trouble is, it all works for me. But that's on a Linux system, and the
underlying locking behaviour may well be different on Solaris.
At 07:56 02/02/2004, you wrote:
>Hello,
>
>I have the same behaviour with the rebuild of bayes database and I get it
>every time MailScanner is launched.
>
>To avoid the "Skipping", I have to "manually" remove the lock file
>(for me it's not important since I do not use bayes !)
>
>In SA.pm, the lock file is created before the test on "$RebuildBayes"
>and the lock is removed only if the bayes database has been rebuild.
>
>If $RebuildBayes == 0, the lock will never be removed.
>
>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
>or don't begin ???
>
> I see the "Skipping" line in the logfile but I don't see any line
> such as "SpamAssassin Bayes database rebuild preparing" even with
> $RebuildBAYES <> 0
>
>--
>-- Pascal --
> --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SA.pm
Type: application/octet-stream
Size: 19516 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040202/cec41f47/SA.obj
-------------- next part --------------
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mbm+mailscanner at colondot.net Mon Feb 2 09:50:39 2004
From: mbm+mailscanner at colondot.net (Matthew Byng-Maddick)
Date: Thu Jan 12 21:22:15 2006
Subject: mailscanner exim patch
Message-ID: <20040202095039.GA37477@colon.colondot.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The attached patch changes the behaviour of mailscanner to deal with exim4
(>4.23) queue files, where ACL variables get stored. Unfortunately, this
part of the queue files doesn't appear to be documented in the Exim
Specification (I'll be posting this to the exim-users list too). Previously,
such queue files would be rejected as invalid, due to the difference in the
way that ACL variables are handled (as a part of the "dashvars" section).
This patch seems to be happy with reading, and re-outputting such queue
files, with ACL data intact.
db93dae7eb0c34468f8324e7a9fd9c71 mailscanner-exim.patch
Although the patch is against MailScanner-4.25-14, I believe it should
also apply cleanly against 4.26.7 (with an offset of 6 lines).
Cheers
Matthew
- --
hmmm - what's the term that comes between "tweak" and "frob"?
"small, controlled change"?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQFAHh1ciGjP99nB6xERAvtNAJ40AckCXoNcI5Lkwbx/nVerYomU2QCeI6+z
X0+33XN4JeK94hyMnj5VpI8=
=zb6Y
-----END PGP SIGNATURE-----
-------------- next part --------------
diff -uNr lib/MailScanner/Exim.pm.orig lib/MailScanner/Exim.pm
--- lib/MailScanner/Exim.pm.orig 2003-11-26 16:35:29.000000000 +0000
+++ lib/MailScanner/Exim.pm 2004-02-02 09:20:54.000000000 +0000
@@ -244,7 +244,7 @@
my($RQf) = $message->{store}{inhhandle};
my %metadata;
- my($InHeader, $InSubject, $InDel, @headers, $msginfo, $from, @to, $subject);
+ my($InHeader, $InSubject, $InDel, @headers, $msginfo, $from, @to, $subject, @acl);
my($ip, $sender);
my($line);
@@ -276,12 +276,34 @@
# and tracking them in %{$metadata{dashvars}}
while (chomp($line = <$RQf>)) {
$line =~ s/^-(\w+) ?// or last;
- $metadata{dashvars}{$1} = 0;
- $line eq "" and $metadata{"dv_$1"} = 1, next;
- $metadata{"dv_$1"} = $line;
- $metadata{dashvars}{$1} = 1;
+ if($1 eq "acl") {
+ # we need to handle acl vars differently
+ if($line =~ /^(\d+) (\d+)$/) {
+ my $buf;
+ my $pos=$1;
+ my $len=$2;
+ $acl[$pos]=[];
+ (read($RQf, $buf, $len + 1)==$len+1) or last;
+ if($buf=~/\n$/) {
+ chomp $buf;
+ } else {
+ # invalid format
+ last;
+ }
+ $acl[$pos]->[0]=$buf;
+ } else {
+ # this is a weird format, and we're not sure how to handle it
+ last;
+ }
+ } else {
+ $metadata{dashvars}{$1} = 0;
+ $line eq "" and $metadata{"dv_$1"} = 1, next;
+ $metadata{"dv_$1"} = $line;
+ $metadata{dashvars}{$1} = 1;
+ }
next;
}
+ $metadata{aclvars}=\@acl;
# If it was an invalid queue file, log a warning and tell caller
unless (defined $line) {
@@ -959,6 +981,7 @@
sub CreateQf {
my($message) = @_;
+ my $i;
my $Qfile = "";
my $metadata = $message->{metadata};
@@ -986,6 +1009,15 @@
$Qfile .= "\n";
}
+ # Add the separate ACL Vars
+ my @acl=@{$metadata->{aclvars}};
+ for($i=0; $i<=$#acl; $i++) {
+ if($acl[$i]) {
+ $Qfile .= "-acl " . $i . " " . length($acl[$i]->[0]) . "\n";
+ $Qfile .= $acl[$i]->[0] . "\n";
+ }
+ }
+
# Add non-recipients
$Qfile .= BTreeString($metadata->{nonrcpts});
From mailscanner at ecs.soton.ac.uk Mon Feb 2 09:52:37 2004
From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk)
Date: Thu Jan 12 21:22:15 2006
Subject: NOTIFY-New Guestbook Entry
Message-ID: <200402020952.i129qbV3006407@seer.ecs.soton.ac.uk>
New Guestbook-Entry from sync
i\'\'ve some trouble with RH9
mail with subject like this
DiasoftCLIENT:REGFIN :rf _o0008
sended from local user to local received with subject like this
DiasoftCLIENT:REGFIN:rf
any comments???
From mailscanner at ecs.soton.ac.uk Mon Feb 2 10:23:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:15 2006
Subject: 4.26.7, bayes rebuild, confused. -- (2) Urgent test please
In-Reply-To: <6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
Message-ID: <6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
Inevitably I put a config name wrong in that one.
At 09:40 02/02/2004, you wrote:
>Please could you try the attached SA.pm and see if it helps.
>
>Changes:
> - Set "Rebuild Bayes Every = 0" should disable all this code.
> - Locking code changed to more closely match the virus scanner
>locking code.
>
>The trouble is, it all works for me. But that's on a Linux system, and the
>underlying locking behaviour may well be different on Solaris.
>
>At 07:56 02/02/2004, you wrote:
>>Hello,
>>
>>I have the same behaviour with the rebuild of bayes database and I get it
>>every time MailScanner is launched.
>>
>>To avoid the "Skipping", I have to "manually" remove the lock file
>>(for me it's not important since I do not use bayes !)
>>
>>In SA.pm, the lock file is created before the test on "$RebuildBayes"
>>and the lock is removed only if the bayes database has been rebuild.
>>
>>If $RebuildBayes == 0, the lock will never be removed.
>>
>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
>>or don't begin ???
>>
>> I see the "Skipping" line in the logfile but I don't see any line
>> such as "SpamAssassin Bayes database rebuild preparing" even with
>> $RebuildBAYES <> 0
>>
>>--
>>-- Pascal --
>> --
>
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SA.pm
Type: application/octet-stream
Size: 19511 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040202/e8490401/SA.obj
-------------- next part --------------
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From dee at ASYOUNEED.COM Mon Feb 2 10:28:49 2004
From: dee at ASYOUNEED.COM (Dee Lowndes)
Date: Thu Jan 12 21:22:15 2006
Subject: Trying to recover msg but all I get is the warning
In-Reply-To: <6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
Message-ID: <000001c3e977$58d4b1a0$0201a8c0@lappy>
Hi All,
I am trying to recover a message that had the iframe tags in it
but all I get in the folder it directs me to is the warning message why?
Dee
From mailscanner at ecs.soton.ac.uk Mon Feb 2 11:01:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:15 2006
Subject: Trying to recover msg but all I get is the warning
In-Reply-To: <000001c3e977$58d4b1a0$0201a8c0@lappy>
References: <6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<000001c3e977$58d4b1a0$0201a8c0@lappy>
Message-ID: <6.0.1.1.2.20040202110113.07ae3608@imap.ecs.soton.ac.uk>
At 10:28 02/02/2004, you wrote:
>Hi All,
>
> I am trying to recover a message that had the iframe tags in it
>but all I get in the folder it directs me to is the warning message why?
This is a bug I have not yet tracked down. I have been unable to rectify
it. If you could post me your MailScanner.conf settings, that would help.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From goleotti at MISAG.IT Mon Feb 2 11:31:07 2004
From: goleotti at MISAG.IT (Gabriele Oleotti)
Date: Thu Jan 12 21:22:15 2006
Subject: Vexira AV Support in 4.26.6?
Message-ID: <1488394A34F6A0408FDA3841418D1442183D4B@scorpio.auron.mi>
Ok, there's no problem for me!!
If I can do anything else, please let me know.
Bye,
Gabriele
-----Original Message-----
From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
Sent: domenica 1 febbraio 2004 14.50
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Vexira AV Support in 4.26.6?
Hopefully I'll get this in to 4.27.
At 12:09 01/02/2004, you wrote:
>I have to apologize for the last patch I sent you as the autoupdate script
>has a little bug (I forget the --update switch, so vexira isn't really
>doing the update). Sorry for that.
>
>I corrected this bug and I have adjusted the output coming from the
>scanner as the vexira seems to use dos/windows CR+LF new line characters
>which causes bad looking output to be logged on my files.
>
>Last, I have added time-out support (for the most copied from the alarm
>perldoc page and from the clamav-autoupdate) which I have tested and
>seemed to work fine.
>
>Buy for now,
>Gabriele
>
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
>Sent: venerd? 30 gennaio 2004 18.00
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Vexira AV Support in 4.26.6?
>
>
>At 16:53 30/01/2004, you wrote:
> >Will Support for Vexira Antivirus added in MailScanner Version 4.26.6?
>
>No, sorry. I haven't had time to test it myself. It will have to wait for
>4.27.
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From dee at ASYOUNEED.COM Mon Feb 2 12:38:28 2004
From: dee at ASYOUNEED.COM (Dee Lowndes)
Date: Thu Jan 12 21:22:15 2006
Subject: Trying to recover msg but all I get is the warning {Scanned}
In-Reply-To: <6.0.1.1.2.20040202110113.07ae3608@imap.ecs.soton.ac.uk>
Message-ID: <000001c3e989$75a0f520$0201a8c0@lappy>
Hi Julian,
I sent it to your email address rather than list did you get it?
Yours,
Dee
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 02 February 2004 11:02
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Trying to recover msg but all I get is the warning
{Scanned}
>
> At 10:28 02/02/2004, you wrote:
> >Hi All,
> >
> > I am trying to recover a message that had the iframe tags in
it
> >but all I get in the folder it directs me to is the warning message
why?
>
> This is a bug I have not yet tracked down. I have been unable to
rectify
> it. If you could post me your MailScanner.conf settings, that would
help.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From AndreaC at GOTECH.IT Mon Feb 2 12:30:27 2004
From: AndreaC at GOTECH.IT (Andrea Cogliati)
Date: Thu Jan 12 21:22:15 2006
Subject: NDR strategy
Message-ID: <463F0AFA3E2CEA4E807EC569C019E739140C9B@atlantis.gtub.corp>
We use MailScanner (with Sendmail) as a mail relay to protect our
Exchange Mail Server from Viruses, Spam and other threats.
We configured the MS+Sendmail gateway to relay all messages for our SMTP
domains to our Exchange Server. The problem is with NDRs. Every time we
receive a message for a non-existing mailbox, MailScanner still scans it
then Sendmail relays it to Exchange that generates an NDR. Now, as most
of the messages are generated by Worms/Viruses/Spammers using fake
addresses, the NDRs either remain in mail queues until timeouts or the
NDR is received by some unwilling party or, worse, another NDR is
generated and received by our gateway. Anyway, the process is not
efficient as lots of messages are needlessly processed at least twice.
We found two possible workarounds:
1. Disable NDR generation on Exchange server, which solves part of the
issue to the detriment of RFC compliancy;
2. Enable relay at mailbox level instead of domain level on Sendmail
(using access_db).
The second solution seems the best as it solves the whole problem
maintaining full RFC compliancy. Unfortunately, it's completely manual
as every time we modify a mailbox on Exchange we have to modify Sendmail
configuration accordingly.
Anybody solved the issue with a better approach?
TIA,
Andrea
From dh at UPTIME.AT Mon Feb 2 12:45:46 2004
From: dh at UPTIME.AT (=?ISO-8859-1?Q?David_H=F6hn?=)
Date: Thu Jan 12 21:22:15 2006
Subject: [OT] Re: NDR strategy
In-Reply-To: <463F0AFA3E2CEA4E807EC569C019E739140C9B@atlantis.gtub.corp>
References: <463F0AFA3E2CEA4E807EC569C019E739140C9B@atlantis.gtub.corp>
Message-ID: <401E467A.7060903@uptime.at>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Andrea Cogliati wrote:
| Anybody solved the issue with a better approach?
|
Can Exchange read its Account data from LDAP? If so, setup LDAP routing
for Sendmail, that way non existant user accounts for the domains you
serve will not even be accepted by the gateway sendmail
- -d
- --
nee amata wo mitsukete soshite midoto wasrezu
~ domma mi mumega itakutemo soba mi iru mo
~ zutto...zutto...zutto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD4DBQFAHkZ6PMoaMn4kKR4RA0VzAJ9r4g2LyUjHqln4UvFctmzwVF5XCQCVEYjD
oIWblWnFOCyIvR6M2Vd/hA==
=9eZ2
-----END PGP SIGNATURE-----
From raymond at PROLOCATION.NET Mon Feb 2 12:47:28 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:22:16 2006
Subject: Trying to recover msg but all I get is the warning {Scanned}
In-Reply-To: <000001c3e989$75a0f520$0201a8c0@lappy>
Message-ID:
Hi!
> > This is a bug I have not yet tracked down. I have been unable to
> > it. If you could post me your MailScanner.conf settings, that would
I get them daily, so capturing my mailflow for one day and processing it
most likely will give some hits.
Or is there any other debugging i could do ?
bye,
Raymond.
From martinh at SOLID-STATE-LOGIC.COM Mon Feb 2 13:44:16 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:22:16 2006
Subject: NDR strategy
In-Reply-To: <463F0AFA3E2CEA4E807EC569C019E739140C9B@atlantis.gtub.corp>
References: <463F0AFA3E2CEA4E807EC569C019E739140C9B@atlantis.gtub.corp>
Message-ID: <401E5430.2050004@solid-state-logic.com>
Andrea
There is way of setting up sendmail so it read from an Active Directory
server to validate the email address. have a google around for 'how to'.
This way the inbound sendmail will reject the email for non-existant
email addresses before it hit's MailScanner.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
From mailscanner at ecs.soton.ac.uk Mon Feb 2 14:06:40 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To: <6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
Message-ID: <6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
I have just posted version 4.26.8.
The problem did not appear on Linux, but does appear on Solaris. You can
now disable all the relevant code by setting
Rebuild Bayes Every = 0
I will look into fixing this as a priority, but it is highly OS-specific
and may even be Perl-version specific. It refuses to lock a file it has
just successfully opened, but seems happy when I do it elsewhere :-(
Jules.
P.S. thanks for your patience....
At 10:23 02/02/2004, you wrote:
>Inevitably I put a config name wrong in that one.
>
>At 09:40 02/02/2004, you wrote:
>>Please could you try the attached SA.pm and see if it helps.
>>
>>Changes:
>> - Set "Rebuild Bayes Every = 0" should disable all this code.
>> - Locking code changed to more closely match the virus scanner
>>locking code.
>>
>>The trouble is, it all works for me. But that's on a Linux system, and the
>>underlying locking behaviour may well be different on Solaris.
>>
>>At 07:56 02/02/2004, you wrote:
>>>Hello,
>>>
>>>I have the same behaviour with the rebuild of bayes database and I get it
>>>every time MailScanner is launched.
>>>
>>>To avoid the "Skipping", I have to "manually" remove the lock file
>>>(for me it's not important since I do not use bayes !)
>>>
>>>In SA.pm, the lock file is created before the test on "$RebuildBayes"
>>>and the lock is removed only if the bayes database has been rebuild.
>>>
>>>If $RebuildBayes == 0, the lock will never be removed.
>>>
>>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
>>>or don't begin ???
>>>
>>> I see the "Skipping" line in the logfile but I don't see any line
>>> such as "SpamAssassin Bayes database rebuild preparing" even with
>>> $RebuildBAYES <> 0
>>>
>>>--
>>>-- Pascal --
>>> --
>>
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From nathan at TCPNETWORKS.NET Mon Feb 2 14:44:34 2004
From: nathan at TCPNETWORKS.NET (Nathan Johanson)
Date: Thu Jan 12 21:22:16 2006
Subject: many spamassassin timeouts
Message-ID:
As I understand it, SpamAssassin opportunistically rebuilds the database
and expires old tokens. In some cases, SpamAssassin times out (as
configured in MailScanner) before the rebuilding completes. Ultimately,
this leads to more timeouts and an accumulation of *.lock and *.expiry
files. You may also see a bayes_toks.new file. It's not really a
SpamAssassin or MailScanner issue, but more of a timing issue
(presumably on slower systems).
I've been closely monitoring my database and rebuilding it manually
(with the --force-expire option). I also increased my SpamAssassin time
out, but I've still had the same problems (although not as frequently).
As mentioned below, this has been an issue for others in the list and
Julian added some code that will generate the rebuild for us. I'm
planning to upgrade in a few days.
Fortunately, it's not really an urgent problem (as it doesn't corrupt my
bayes database), just more of an inconvenience.
Nathan
-----Original Message-----
From: Mickey Everts [mailto:mickey-ml@GREENGLOW.ORG]
Sent: Sunday, February 01, 2004 8:03 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: many spamassassin timeouts
Damn...there were a ton of *lock* and *expire* files and I deleted them
all.
I'll give it a couple days to see if the problem is really solved, but
it
sounds likely. Thanks again for the tip!
I haven't looked in that directory for ages since I didn't even realize
the
locking issue existed and every time I looked in the past, it just had
the
typical files:
auto-whitelist
bayes_journal
bayes_seen
bayes_toks
I just found the "Bayesian shenanigans" thread but it sounds like people
haven't exactly gotten to the bottom of this issue yet. It sounds like
the
general opinion is it is some issue with spamassassin itself...right?
Mickey
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf
Of Nathan Johanson
Sent: Sunday, February 01, 2004 2:22 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: many spamassassin timeouts
Make sure you aren't havin Bayes locking issues. My timeouts were
attributable to this more than once. Check /var/spool/spamassassin (or
wherever your Baye's database resides) for extra bayes lock files and
delete them (you may also need to delete the *.expiry files). Try
running a manual rebuild of the database like so:
sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild
--force-expire
If this is the cause of the problem, consider taking advantage of the
bayes rebuild options available in the latest release of MailScanner (or
run the command regularly via cron).
Nathan
-----Original Message-----
From: Stephen Swaney [mailto:steve.swaney@FSL.COM]
Sent: Saturday, January 31, 2004 12:07 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: many spamassassin timeouts
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Mickey Everts
> Sent: Saturday, January 31, 2004 2:54 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: many spamassassin timeouts
>
> Here is something very weird I just noticed in trying to track this
down.
> Here is just a small sample of my logs, but notice the time outs
happen
> almost exactly every ten minutes? I am running mailscanner-4.25-14.
>
[SKS]
Do you have an event that is slowing down you network every 10 minutes.
Try a sniffer and see.
This is the typical cause for SpamAssassin timeouts.
Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
> Jan 31 05:48:41 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 05:59:05 defender MailScanner[17813]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:09:02 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:19:03 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:29:41 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:39:26 defender MailScanner[17813]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 06:50:14 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:00:05 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:10:43 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:20:32 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:30:42 defender MailScanner[17784]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:40:45 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 07:50:53 defender MailScanner[18146]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:00:48 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:11:01 defender MailScanner[17795]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
> Jan 31 08:20:59 defender MailScanner[17717]: SpamAssassin timed out
and
> was
> killed, consecutive failure 1 of 10
>
> Mickey
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> Of Julian Field
> Sent: Saturday, January 31, 2004 6:37 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: many spamassassin timeouts
>
> At 21:17 30/01/2004, you wrote:
> >I turned on Debug = yes and Debug SpamAssassin = yes but I am not
seeing
> >output similar to below in maillog. Should I be looking elsewhere
else?
> I
> >am trying to track down the source of some spamassassin timeouts I
have
> been
> >having. Ideally I need to log the equivalent of "spamassassin -D"
for a
> few
> >hours.
>
> Those 2 options will cause "check_mailscanner" to log all the SA
output to
> the terminal. It will process 1 batch of messages and then quit.
> I have been getting a lot of Razor timeouts recently, and have
currently
> disabled it. You can do this by adding
> use_razor2 0
> to your spam.assassin.prefs.conf and restarting MailScanner.
>
>
>
> >Thanks!
> >
> >Mickey
> >
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> >Of Piet Bos
> >Sent: Monday, January 26, 2004 3:02 AM
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: Re: many spamassassin timeouts
> >
> >a part of the debug output.
> >I find the 0 behind Net::DNS resolver unavailable rather curious
> >do you agree?
> >
> >grtz Piet
> >
> >debug: running raw-body-text per-line regexp tests; score so far=4.3
> >debug: running uri tests; score so far=4.3
> >debug: uri tests: Done uriRE
> >debug: running full-text regexp tests; score so far=4.3
> >debug: Razor2 is not available
> >debug: DCC is not available: dccproc not found
> >debug: Razor1 is not available
> >debug: Pyzor is not available: pyzor not found
> >debug: is Net::DNS::Resolver unavailable? 0
> >debug: trying (3) gwdg.de...
> >debug: looking up MX for 'gwdg.de'
> >debug: MX for 'gwdg.de' exists? 1
> >debug: MX lookup of gwdg.de succeeded => Dns available (set
dns_available
> to
> >hardcode)
> >debug: is DNS available? 1
> >debug: running meta tests; score so far=5.3
> >----- Original Message -----
> >From: "Julian Field"
> >To:
> >Sent: Monday, January 26, 2004 9:39 AM
> >Subject: Re: many spamassassin timeouts
> >
> >
> > > Run with Debug = yes and Debug SpamAssassin = yes, and see where
the
> > > slow-down is.
> > >
> > > At 08:33 26/01/2004, you wrote:
> > > >Experiencing many spamassassin timeouts lately.
> > > >Is there a valid reason for that?
> > > >I'm using version 4.26-1 starting
> > > >my settings in MailScanner.conf are:
> > > >SpamAssassin Timeout = 40
> > > >Max SpamAssassin Timeouts = 50
> > > >
> > > >Any suggestions?
> > > >brgds Piet
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
From mailscanner at ecs.soton.ac.uk Mon Feb 2 14:47:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: many spamassassin timeouts
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040202144605.06f7b820@imap.ecs.soton.ac.uk>
The code to do this for you currently doesn't work on Solaris, but it does
appear to work fine on Linux. It's a locking semantics problem which I
haven't got to the bottom of yet.
See the
Re: 4.26.7, bayes rebuild, confused. -- 4.26.8
thread for more discussion on this.
At 14:44 02/02/2004, you wrote:
>As I understand it, SpamAssassin opportunistically rebuilds the database
>and expires old tokens. In some cases, SpamAssassin times out (as
>configured in MailScanner) before the rebuilding completes. Ultimately,
>this leads to more timeouts and an accumulation of *.lock and *.expiry
>files. You may also see a bayes_toks.new file. It's not really a
>SpamAssassin or MailScanner issue, but more of a timing issue
>(presumably on slower systems).
>
>I've been closely monitoring my database and rebuilding it manually
>(with the --force-expire option). I also increased my SpamAssassin time
>out, but I've still had the same problems (although not as frequently).
>As mentioned below, this has been an issue for others in the list and
>Julian added some code that will generate the rebuild for us. I'm
>planning to upgrade in a few days.
>
>Fortunately, it's not really an urgent problem (as it doesn't corrupt my
>bayes database), just more of an inconvenience.
>
>Nathan
>
>
>-----Original Message-----
>From: Mickey Everts [mailto:mickey-ml@GREENGLOW.ORG]
>Sent: Sunday, February 01, 2004 8:03 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: many spamassassin timeouts
>
>
>Damn...there were a ton of *lock* and *expire* files and I deleted them
>all.
>I'll give it a couple days to see if the problem is really solved, but
>it
>sounds likely. Thanks again for the tip!
>
>I haven't looked in that directory for ages since I didn't even realize
>the
>locking issue existed and every time I looked in the past, it just had
>the
>typical files:
>
>auto-whitelist
>bayes_journal
>bayes_seen
>bayes_toks
>
>I just found the "Bayesian shenanigans" thread but it sounds like people
>haven't exactly gotten to the bottom of this issue yet. It sounds like
>the
>general opinion is it is some issue with spamassassin itself...right?
>
>Mickey
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf
>Of Nathan Johanson
>Sent: Sunday, February 01, 2004 2:22 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: many spamassassin timeouts
>
>Make sure you aren't havin Bayes locking issues. My timeouts were
>attributable to this more than once. Check /var/spool/spamassassin (or
>wherever your Baye's database resides) for extra bayes lock files and
>delete them (you may also need to delete the *.expiry files). Try
>running a manual rebuild of the database like so:
>
>sa-learn -D -p /etc/MailScanner/spam.assassin.prefs.conf --rebuild
>--force-expire
>
>If this is the cause of the problem, consider taking advantage of the
>bayes rebuild options available in the latest release of MailScanner (or
>run the command regularly via cron).
>
>Nathan
>
>
>
>-----Original Message-----
>From: Stephen Swaney [mailto:steve.swaney@FSL.COM]
>Sent: Saturday, January 31, 2004 12:07 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: many spamassassin timeouts
>
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Mickey Everts
> > Sent: Saturday, January 31, 2004 2:54 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: many spamassassin timeouts
> >
> > Here is something very weird I just noticed in trying to track this
>down.
> > Here is just a small sample of my logs, but notice the time outs
>happen
> > almost exactly every ten minutes? I am running mailscanner-4.25-14.
> >
>[SKS]
>Do you have an event that is slowing down you network every 10 minutes.
>Try a sniffer and see.
>
>This is the typical cause for SpamAssassin timeouts.
>
>Steve
>
>Stephen Swaney
>President
>Fortress Systems Ltd.
>Steve.Swaney@FSL.com
>
>
> > Jan 31 05:48:41 defender MailScanner[18146]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 05:59:05 defender MailScanner[17813]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 06:09:02 defender MailScanner[17717]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 06:19:03 defender MailScanner[18146]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 06:29:41 defender MailScanner[17795]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 06:39:26 defender MailScanner[17813]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 06:50:14 defender MailScanner[17717]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 07:00:05 defender MailScanner[18146]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 07:10:43 defender MailScanner[17795]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 07:20:32 defender MailScanner[17795]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 07:30:42 defender MailScanner[17784]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 07:40:45 defender MailScanner[17717]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 07:50:53 defender MailScanner[18146]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 08:00:48 defender MailScanner[17717]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 08:11:01 defender MailScanner[17795]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> > Jan 31 08:20:59 defender MailScanner[17717]: SpamAssassin timed out
>and
> > was
> > killed, consecutive failure 1 of 10
> >
> > Mickey
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf
> > Of Julian Field
> > Sent: Saturday, January 31, 2004 6:37 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: many spamassassin timeouts
> >
> > At 21:17 30/01/2004, you wrote:
> > >I turned on Debug = yes and Debug SpamAssassin = yes but I am not
>seeing
> > >output similar to below in maillog. Should I be looking elsewhere
>else?
> > I
> > >am trying to track down the source of some spamassassin timeouts I
>have
> > been
> > >having. Ideally I need to log the equivalent of "spamassassin -D"
>for a
> > few
> > >hours.
> >
> > Those 2 options will cause "check_mailscanner" to log all the SA
>output to
> > the terminal. It will process 1 batch of messages and then quit.
> > I have been getting a lot of Razor timeouts recently, and have
>currently
> > disabled it. You can do this by adding
> > use_razor2 0
> > to your spam.assassin.prefs.conf and restarting MailScanner.
> >
> >
> >
> > >Thanks!
> > >
> > >Mickey
> > >
> > >-----Original Message-----
> > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf
> > >Of Piet Bos
> > >Sent: Monday, January 26, 2004 3:02 AM
> > >To: MAILSCANNER@JISCMAIL.AC.UK
> > >Subject: Re: many spamassassin timeouts
> > >
> > >a part of the debug output.
> > >I find the 0 behind Net::DNS resolver unavailable rather curious
> > >do you agree?
> > >
> > >grtz Piet
> > >
> > >debug: running raw-body-text per-line regexp tests; score so far=4.3
> > >debug: running uri tests; score so far=4.3
> > >debug: uri tests: Done uriRE
> > >debug: running full-text regexp tests; score so far=4.3
> > >debug: Razor2 is not available
> > >debug: DCC is not available: dccproc not found
> > >debug: Razor1 is not available
> > >debug: Pyzor is not available: pyzor not found
> > >debug: is Net::DNS::Resolver unavailable? 0
> > >debug: trying (3) gwdg.de...
> > >debug: looking up MX for 'gwdg.de'
> > >debug: MX for 'gwdg.de' exists? 1
> > >debug: MX lookup of gwdg.de succeeded => Dns available (set
>dns_available
> > to
> > >hardcode)
> > >debug: is DNS available? 1
> > >debug: running meta tests; score so far=5.3
> > >----- Original Message -----
> > >From: "Julian Field"
> > >To:
> > >Sent: Monday, January 26, 2004 9:39 AM
> > >Subject: Re: many spamassassin timeouts
> > >
> > >
> > > > Run with Debug = yes and Debug SpamAssassin = yes, and see where
>the
> > > > slow-down is.
> > > >
> > > > At 08:33 26/01/2004, you wrote:
> > > > >Experiencing many spamassassin timeouts lately.
> > > > >Is there a valid reason for that?
> > > > >I'm using version 4.26-1 starting
> > > > >my settings in MailScanner.conf are:
> > > > >SpamAssassin Timeout = 40
> > > > >Max SpamAssassin Timeouts = 50
> > > > >
> > > > >Any suggestions?
> > > > >brgds Piet
> > > >
> > > > --
> > > > Julian Field
> > > > www.MailScanner.info
> > > > MailScanner thanks transtec Computers for their support
> > > >
> > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > Fortress Systems Ltd.
> > www.fsl.com
> >
>
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>Fortress Systems Ltd.
>www.fsl.com
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From jaearick at colby.edu Mon Feb 2 15:08:29 2004
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Thu Jan 12 21:22:16 2006
Subject: [MAILSCANNER] 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To: <6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
Message-ID:
Julian,
Popped 4.26.8 into place, let it run for a few minutes (Sol 9, SA
2.63, Razor). No more complaints about Bayes, but no SpamAssassin
messages either. I ran a batch in debug mode for both MS and SA, and
it looked like stuff in the debug batch got tagged by SA:
debug: is spam? score=10.95 required=5 tests=BAYES_20,FROM_ENDS_IN_NUMS,MIME_MISSING_BOUNDARY,MISSING_MIMEOLE,MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK
but nothing in the syslog regarding SA. I also set the log level
for razor to 4 and razor is busy. How to check it 4.26.8 is really
using SA, if nothing appears in syslog? I'm back to running 4.25-14.
Jeff Earickson
Colby College
On Mon, 2 Feb 2004, Julian Field wrote:
> Date: Mon, 2 Feb 2004 14:06:40 +0000
> From: Julian Field
> Reply-To: MailScanner mailing list
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] 4.26.7, bayes rebuild, confused. -- 4.26.8
>
> I have just posted version 4.26.8.
>
> The problem did not appear on Linux, but does appear on Solaris. You can
> now disable all the relevant code by setting
>
> Rebuild Bayes Every = 0
>
> I will look into fixing this as a priority, but it is highly OS-specific
> and may even be Perl-version specific. It refuses to lock a file it has
> just successfully opened, but seems happy when I do it elsewhere :-(
>
> Jules.
>
> P.S. thanks for your patience....
>
> At 10:23 02/02/2004, you wrote:
> >Inevitably I put a config name wrong in that one.
> >
> >At 09:40 02/02/2004, you wrote:
> >>Please could you try the attached SA.pm and see if it helps.
> >>
> >>Changes:
> >> - Set "Rebuild Bayes Every = 0" should disable all this code.
> >> - Locking code changed to more closely match the virus scanner
> >>locking code.
> >>
> >>The trouble is, it all works for me. But that's on a Linux system, and the
> >>underlying locking behaviour may well be different on Solaris.
> >>
> >>At 07:56 02/02/2004, you wrote:
> >>>Hello,
> >>>
> >>>I have the same behaviour with the rebuild of bayes database and I get it
> >>>every time MailScanner is launched.
> >>>
> >>>To avoid the "Skipping", I have to "manually" remove the lock file
> >>>(for me it's not important since I do not use bayes !)
> >>>
> >>>In SA.pm, the lock file is created before the test on "$RebuildBayes"
> >>>and the lock is removed only if the bayes database has been rebuild.
> >>>
> >>>If $RebuildBayes == 0, the lock will never be removed.
> >>>
> >>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
> >>>or don't begin ???
> >>>
> >>> I see the "Skipping" line in the logfile but I don't see any line
> >>> such as "SpamAssassin Bayes database rebuild preparing" even with
> >>> $RebuildBAYES <> 0
> >>>
> >>>--
> >>>-- Pascal --
> >>> --
> >>
> >>
> >>--
> >>Julian Field
> >>www.MailScanner.info
> >>MailScanner thanks transtec Computers for their support
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
From jaearick at COLBY.EDU Mon Feb 2 15:08:29 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To: <6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
Message-ID:
Julian,
Popped 4.26.8 into place, let it run for a few minutes (Sol 9, SA
2.63, Razor). No more complaints about Bayes, but no SpamAssassin
messages either. I ran a batch in debug mode for both MS and SA, and
it looked like stuff in the debug batch got tagged by SA:
debug: is spam? score=10.95 required=5 tests=BAYES_20,FROM_ENDS_IN_NUMS,MIME_MISSING_BOUNDARY,MISSING_MIMEOLE,MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK
but nothing in the syslog regarding SA. I also set the log level
for razor to 4 and razor is busy. How to check it 4.26.8 is really
using SA, if nothing appears in syslog? I'm back to running 4.25-14.
Jeff Earickson
Colby College
On Mon, 2 Feb 2004, Julian Field wrote:
> Date: Mon, 2 Feb 2004 14:06:40 +0000
> From: Julian Field
> Reply-To: MailScanner mailing list
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] 4.26.7, bayes rebuild, confused. -- 4.26.8
>
> I have just posted version 4.26.8.
>
> The problem did not appear on Linux, but does appear on Solaris. You can
> now disable all the relevant code by setting
>
> Rebuild Bayes Every = 0
>
> I will look into fixing this as a priority, but it is highly OS-specific
> and may even be Perl-version specific. It refuses to lock a file it has
> just successfully opened, but seems happy when I do it elsewhere :-(
>
> Jules.
>
> P.S. thanks for your patience....
>
> At 10:23 02/02/2004, you wrote:
> >Inevitably I put a config name wrong in that one.
> >
> >At 09:40 02/02/2004, you wrote:
> >>Please could you try the attached SA.pm and see if it helps.
> >>
> >>Changes:
> >> - Set "Rebuild Bayes Every = 0" should disable all this code.
> >> - Locking code changed to more closely match the virus scanner
> >>locking code.
> >>
> >>The trouble is, it all works for me. But that's on a Linux system, and the
> >>underlying locking behaviour may well be different on Solaris.
> >>
> >>At 07:56 02/02/2004, you wrote:
> >>>Hello,
> >>>
> >>>I have the same behaviour with the rebuild of bayes database and I get it
> >>>every time MailScanner is launched.
> >>>
> >>>To avoid the "Skipping", I have to "manually" remove the lock file
> >>>(for me it's not important since I do not use bayes !)
> >>>
> >>>In SA.pm, the lock file is created before the test on "$RebuildBayes"
> >>>and the lock is removed only if the bayes database has been rebuild.
> >>>
> >>>If $RebuildBayes == 0, the lock will never be removed.
> >>>
> >>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
> >>>or don't begin ???
> >>>
> >>> I see the "Skipping" line in the logfile but I don't see any line
> >>> such as "SpamAssassin Bayes database rebuild preparing" even with
> >>> $RebuildBAYES <> 0
> >>>
> >>>--
> >>>-- Pascal --
> >>> --
> >>
> >>
> >>--
> >>Julian Field
> >>www.MailScanner.info
> >>MailScanner thanks transtec Computers for their support
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
From mailscanner at ecs.soton.ac.uk Mon Feb 2 15:32:49 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To:
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
Message-ID: <6.0.1.1.2.20040202153133.06ca0ea0@imap.ecs.soton.ac.uk>
I just fell foul of not having "Log Spam = yes" so you might want to
double-check that.
It appears to be logging fine on a Solaris 2.8 box.
At 15:08 02/02/2004, you wrote:
>Julian,
>
> Popped 4.26.8 into place, let it run for a few minutes (Sol 9, SA
>2.63, Razor). No more complaints about Bayes, but no SpamAssassin
>messages either. I ran a batch in debug mode for both MS and SA, and
>it looked like stuff in the debug batch got tagged by SA:
>
>debug: is spam? score=10.95 required=5
>tests=BAYES_20,FROM_ENDS_IN_NUMS,MIME_MISSING_BOUNDARY,MISSING_MIMEOLE,MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK
>
>but nothing in the syslog regarding SA. I also set the log level
>for razor to 4 and razor is busy. How to check it 4.26.8 is really
>using SA, if nothing appears in syslog? I'm back to running 4.25-14.
>
>Jeff Earickson
>Colby College
>
>On Mon, 2 Feb 2004, Julian Field wrote:
>
> > Date: Mon, 2 Feb 2004 14:06:40 +0000
> > From: Julian Field
> > Reply-To: MailScanner mailing list
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] 4.26.7, bayes rebuild, confused. -- 4.26.8
> >
> > I have just posted version 4.26.8.
> >
> > The problem did not appear on Linux, but does appear on Solaris. You can
> > now disable all the relevant code by setting
> >
> > Rebuild Bayes Every = 0
> >
> > I will look into fixing this as a priority, but it is highly OS-specific
> > and may even be Perl-version specific. It refuses to lock a file it has
> > just successfully opened, but seems happy when I do it elsewhere :-(
> >
> > Jules.
> >
> > P.S. thanks for your patience....
> >
> > At 10:23 02/02/2004, you wrote:
> > >Inevitably I put a config name wrong in that one.
> > >
> > >At 09:40 02/02/2004, you wrote:
> > >>Please could you try the attached SA.pm and see if it helps.
> > >>
> > >>Changes:
> > >> - Set "Rebuild Bayes Every = 0" should disable all this code.
> > >> - Locking code changed to more closely match the virus scanner
> > >>locking code.
> > >>
> > >>The trouble is, it all works for me. But that's on a Linux system,
> and the
> > >>underlying locking behaviour may well be different on Solaris.
> > >>
> > >>At 07:56 02/02/2004, you wrote:
> > >>>Hello,
> > >>>
> > >>>I have the same behaviour with the rebuild of bayes database and I
> get it
> > >>>every time MailScanner is launched.
> > >>>
> > >>>To avoid the "Skipping", I have to "manually" remove the lock file
> > >>>(for me it's not important since I do not use bayes !)
> > >>>
> > >>>In SA.pm, the lock file is created before the test on "$RebuildBayes"
> > >>>and the lock is removed only if the bayes database has been rebuild.
> > >>>
> > >>>If $RebuildBayes == 0, the lock will never be removed.
> > >>>
> > >>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
> > >>>or don't begin ???
> > >>>
> > >>> I see the "Skipping" line in the logfile but I don't see any
> line
> > >>> such as "SpamAssassin Bayes database rebuild preparing" even
> with
> > >>> $RebuildBAYES <> 0
> > >>>
> > >>>--
> > >>>-- Pascal --
> > >>> --
> > >>
> > >>
> > >>--
> > >>Julian Field
> > >>www.MailScanner.info
> > >>MailScanner thanks transtec Computers for their support
> > >>
> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
> > >
> > >--
> > >Julian Field
> > >www.MailScanner.info
> > >MailScanner thanks transtec Computers for their support
> > >
> > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From jaearick at colby.edu Mon Feb 2 15:42:36 2004
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To: <6.0.1.1.2.20040202153133.06ca0ea0@imap.ecs.soton.ac.uk>
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202153133.06ca0ea0@imap.ecs.soton.ac.uk>
Message-ID:
Doh! Sorry. I had commented my change in the .conf file, then forgot
to make it.
Soooo.... With "Rebuild Bayes Every = 0", I guess we still need
to run our Bayes-rebuild cron jobs until all this gets sorted out,
right?
Jeff
On Mon, 2 Feb 2004, Julian Field wrote:
> Date: Mon, 02 Feb 2004 15:32:49 +0000
> From: Julian Field
> To: MailScanner mailing list
> Cc: Jeff A. Earickson
> Subject: Re: 4.26.7, bayes rebuild, confused. -- 4.26.8
>
> I just fell foul of not having "Log Spam = yes" so you might want to
> double-check that.
> It appears to be logging fine on a Solaris 2.8 box.
>
> At 15:08 02/02/2004, you wrote:
> >Julian,
> >
> > Popped 4.26.8 into place, let it run for a few minutes (Sol 9, SA
> >2.63, Razor). No more complaints about Bayes, but no SpamAssassin
> >messages either. I ran a batch in debug mode for both MS and SA, and
> >it looked like stuff in the debug batch got tagged by SA:
> >
> >debug: is spam? score=10.95 required=5
> >tests=BAYES_20,FROM_ENDS_IN_NUMS,MIME_MISSING_BOUNDARY,MISSING_MIMEOLE,MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK
> >
> >but nothing in the syslog regarding SA. I also set the log level
> >for razor to 4 and razor is busy. How to check it 4.26.8 is really
> >using SA, if nothing appears in syslog? I'm back to running 4.25-14.
> >
> >Jeff Earickson
> >Colby College
> >
> >On Mon, 2 Feb 2004, Julian Field wrote:
> >
> > > Date: Mon, 2 Feb 2004 14:06:40 +0000
> > > From: Julian Field
> > > Reply-To: MailScanner mailing list
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] 4.26.7, bayes rebuild, confused. -- 4.26.8
> > >
> > > I have just posted version 4.26.8.
> > >
> > > The problem did not appear on Linux, but does appear on Solaris. You can
> > > now disable all the relevant code by setting
> > >
> > > Rebuild Bayes Every = 0
> > >
> > > I will look into fixing this as a priority, but it is highly OS-specific
> > > and may even be Perl-version specific. It refuses to lock a file it has
> > > just successfully opened, but seems happy when I do it elsewhere :-(
> > >
> > > Jules.
> > >
> > > P.S. thanks for your patience....
> > >
> > > At 10:23 02/02/2004, you wrote:
> > > >Inevitably I put a config name wrong in that one.
> > > >
> > > >At 09:40 02/02/2004, you wrote:
> > > >>Please could you try the attached SA.pm and see if it helps.
> > > >>
> > > >>Changes:
> > > >> - Set "Rebuild Bayes Every = 0" should disable all this code.
> > > >> - Locking code changed to more closely match the virus scanner
> > > >>locking code.
> > > >>
> > > >>The trouble is, it all works for me. But that's on a Linux system,
> > and the
> > > >>underlying locking behaviour may well be different on Solaris.
> > > >>
> > > >>At 07:56 02/02/2004, you wrote:
> > > >>>Hello,
> > > >>>
> > > >>>I have the same behaviour with the rebuild of bayes database and I
> > get it
> > > >>>every time MailScanner is launched.
> > > >>>
> > > >>>To avoid the "Skipping", I have to "manually" remove the lock file
> > > >>>(for me it's not important since I do not use bayes !)
> > > >>>
> > > >>>In SA.pm, the lock file is created before the test on "$RebuildBayes"
> > > >>>and the lock is removed only if the bayes database has been rebuild.
> > > >>>
> > > >>>If $RebuildBayes == 0, the lock will never be removed.
> > > >>>
> > > >>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
> > > >>>or don't begin ???
> > > >>>
> > > >>> I see the "Skipping" line in the logfile but I don't see any
> > line
> > > >>> such as "SpamAssassin Bayes database rebuild preparing" even
> > with
> > > >>> $RebuildBAYES <> 0
> > > >>>
> > > >>>--
> > > >>>-- Pascal --
> > > >>> --
> > > >>
> > > >>
> > > >>--
> > > >>Julian Field
> > > >>www.MailScanner.info
> > > >>MailScanner thanks transtec Computers for their support
> > > >>
> > > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > >
> > > >
> > > >--
> > > >Julian Field
> > > >www.MailScanner.info
> > > >MailScanner thanks transtec Computers for their support
> > > >
> > > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > >
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
From jaearick at COLBY.EDU Mon Feb 2 15:42:36 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To: <6.0.1.1.2.20040202153133.06ca0ea0@imap.ecs.soton.ac.uk>
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202153133.06ca0ea0@imap.ecs.soton.ac.uk>
Message-ID:
Doh! Sorry. I had commented my change in the .conf file, then forgot
to make it.
Soooo.... With "Rebuild Bayes Every = 0", I guess we still need
to run our Bayes-rebuild cron jobs until all this gets sorted out,
right?
Jeff
On Mon, 2 Feb 2004, Julian Field wrote:
> Date: Mon, 02 Feb 2004 15:32:49 +0000
> From: Julian Field
> To: MailScanner mailing list
> Cc: Jeff A. Earickson
> Subject: Re: 4.26.7, bayes rebuild, confused. -- 4.26.8
>
> I just fell foul of not having "Log Spam = yes" so you might want to
> double-check that.
> It appears to be logging fine on a Solaris 2.8 box.
>
> At 15:08 02/02/2004, you wrote:
> >Julian,
> >
> > Popped 4.26.8 into place, let it run for a few minutes (Sol 9, SA
> >2.63, Razor). No more complaints about Bayes, but no SpamAssassin
> >messages either. I ran a batch in debug mode for both MS and SA, and
> >it looked like stuff in the debug batch got tagged by SA:
> >
> >debug: is spam? score=10.95 required=5
> >tests=BAYES_20,FROM_ENDS_IN_NUMS,MIME_MISSING_BOUNDARY,MISSING_MIMEOLE,MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK
> >
> >but nothing in the syslog regarding SA. I also set the log level
> >for razor to 4 and razor is busy. How to check it 4.26.8 is really
> >using SA, if nothing appears in syslog? I'm back to running 4.25-14.
> >
> >Jeff Earickson
> >Colby College
> >
> >On Mon, 2 Feb 2004, Julian Field wrote:
> >
> > > Date: Mon, 2 Feb 2004 14:06:40 +0000
> > > From: Julian Field
> > > Reply-To: MailScanner mailing list
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] 4.26.7, bayes rebuild, confused. -- 4.26.8
> > >
> > > I have just posted version 4.26.8.
> > >
> > > The problem did not appear on Linux, but does appear on Solaris. You can
> > > now disable all the relevant code by setting
> > >
> > > Rebuild Bayes Every = 0
> > >
> > > I will look into fixing this as a priority, but it is highly OS-specific
> > > and may even be Perl-version specific. It refuses to lock a file it has
> > > just successfully opened, but seems happy when I do it elsewhere :-(
> > >
> > > Jules.
> > >
> > > P.S. thanks for your patience....
> > >
> > > At 10:23 02/02/2004, you wrote:
> > > >Inevitably I put a config name wrong in that one.
> > > >
> > > >At 09:40 02/02/2004, you wrote:
> > > >>Please could you try the attached SA.pm and see if it helps.
> > > >>
> > > >>Changes:
> > > >> - Set "Rebuild Bayes Every = 0" should disable all this code.
> > > >> - Locking code changed to more closely match the virus scanner
> > > >>locking code.
> > > >>
> > > >>The trouble is, it all works for me. But that's on a Linux system,
> > and the
> > > >>underlying locking behaviour may well be different on Solaris.
> > > >>
> > > >>At 07:56 02/02/2004, you wrote:
> > > >>>Hello,
> > > >>>
> > > >>>I have the same behaviour with the rebuild of bayes database and I
> > get it
> > > >>>every time MailScanner is launched.
> > > >>>
> > > >>>To avoid the "Skipping", I have to "manually" remove the lock file
> > > >>>(for me it's not important since I do not use bayes !)
> > > >>>
> > > >>>In SA.pm, the lock file is created before the test on "$RebuildBayes"
> > > >>>and the lock is removed only if the bayes database has been rebuild.
> > > >>>
> > > >>>If $RebuildBayes == 0, the lock will never be removed.
> > > >>>
> > > >>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris don't finish
> > > >>>or don't begin ???
> > > >>>
> > > >>> I see the "Skipping" line in the logfile but I don't see any
> > line
> > > >>> such as "SpamAssassin Bayes database rebuild preparing" even
> > with
> > > >>> $RebuildBAYES <> 0
> > > >>>
> > > >>>--
> > > >>>-- Pascal --
> > > >>> --
> > > >>
> > > >>
> > > >>--
> > > >>Julian Field
> > > >>www.MailScanner.info
> > > >>MailScanner thanks transtec Computers for their support
> > > >>
> > > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > >
> > > >
> > > >--
> > > >Julian Field
> > > >www.MailScanner.info
> > > >MailScanner thanks transtec Computers for their support
> > > >
> > > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > >
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
From mailscanner at ecs.soton.ac.uk Mon Feb 2 16:13:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To:
References:
<6.0.1.1.2.20040202093725.03d0a668@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040202153133.06ca0ea0@imap.ecs.soton.ac.uk>
Message-ID: <6.0.1.1.2.20040202161158.03a6ee68@imap.ecs.soton.ac.uk>
At 15:42 02/02/2004, you wrote:
>Doh! Sorry. I had commented my change in the .conf file, then forgot
>to make it.
>
>Soooo.... With "Rebuild Bayes Every = 0", I guess we still need
>to run our Bayes-rebuild cron jobs until all this gets sorted out,
>right?
Correct.
>Jeff
>
>On Mon, 2 Feb 2004, Julian Field wrote:
>
> > Date: Mon, 02 Feb 2004 15:32:49 +0000
> > From: Julian Field
> > To: MailScanner mailing list
> > Cc: Jeff A. Earickson
> > Subject: Re: 4.26.7, bayes rebuild, confused. -- 4.26.8
> >
> > I just fell foul of not having "Log Spam = yes" so you might want to
> > double-check that.
> > It appears to be logging fine on a Solaris 2.8 box.
> >
> > At 15:08 02/02/2004, you wrote:
> > >Julian,
> > >
> > > Popped 4.26.8 into place, let it run for a few minutes (Sol 9, SA
> > >2.63, Razor). No more complaints about Bayes, but no SpamAssassin
> > >messages either. I ran a batch in debug mode for both MS and SA, and
> > >it looked like stuff in the debug batch got tagged by SA:
> > >
> > >debug: is spam? score=10.95 required=5
> > >tests=BAYES_20,FROM_ENDS_IN_NUMS,MIME_MISSING_BOUNDARY,MISSING_MIMEOLE,
> MSGID_FROM_MTA_SHORT,NO_REAL_NAME,PRIORITY_NO_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK
> > >
> > >but nothing in the syslog regarding SA. I also set the log level
> > >for razor to 4 and razor is busy. How to check it 4.26.8 is really
> > >using SA, if nothing appears in syslog? I'm back to running 4.25-14.
> > >
> > >Jeff Earickson
> > >Colby College
> > >
> > >On Mon, 2 Feb 2004, Julian Field wrote:
> > >
> > > > Date: Mon, 2 Feb 2004 14:06:40 +0000
> > > > From: Julian Field
> > > > Reply-To: MailScanner mailing list
> > > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > > Subject: Re: [MAILSCANNER] 4.26.7, bayes rebuild, confused. -- 4.26.8
> > > >
> > > > I have just posted version 4.26.8.
> > > >
> > > > The problem did not appear on Linux, but does appear on Solaris.
> You can
> > > > now disable all the relevant code by setting
> > > >
> > > > Rebuild Bayes Every = 0
> > > >
> > > > I will look into fixing this as a priority, but it is highly
> OS-specific
> > > > and may even be Perl-version specific. It refuses to lock a file it has
> > > > just successfully opened, but seems happy when I do it elsewhere :-(
> > > >
> > > > Jules.
> > > >
> > > > P.S. thanks for your patience....
> > > >
> > > > At 10:23 02/02/2004, you wrote:
> > > > >Inevitably I put a config name wrong in that one.
> > > > >
> > > > >At 09:40 02/02/2004, you wrote:
> > > > >>Please could you try the attached SA.pm and see if it helps.
> > > > >>
> > > > >>Changes:
> > > > >> - Set "Rebuild Bayes Every = 0" should disable all this
> code.
> > > > >> - Locking code changed to more closely match the virus
> scanner
> > > > >>locking code.
> > > > >>
> > > > >>The trouble is, it all works for me. But that's on a Linux system,
> > > and the
> > > > >>underlying locking behaviour may well be different on Solaris.
> > > > >>
> > > > >>At 07:56 02/02/2004, you wrote:
> > > > >>>Hello,
> > > > >>>
> > > > >>>I have the same behaviour with the rebuild of bayes database and I
> > > get it
> > > > >>>every time MailScanner is launched.
> > > > >>>
> > > > >>>To avoid the "Skipping", I have to "manually" remove the lock file
> > > > >>>(for me it's not important since I do not use bayes !)
> > > > >>>
> > > > >>>In SA.pm, the lock file is created before the test on
> "$RebuildBayes"
> > > > >>>and the lock is removed only if the bayes database has been rebuild.
> > > > >>>
> > > > >>>If $RebuildBayes == 0, the lock will never be removed.
> > > > >>>
> > > > >>>if $RebuildBAYES <> 0, it seems that the rebuild on solaris
> don't finish
> > > > >>>or don't begin ???
> > > > >>>
> > > > >>> I see the "Skipping" line in the logfile but I don't see any
> > > line
> > > > >>> such as "SpamAssassin Bayes database rebuild preparing" even
> > > with
> > > > >>> $RebuildBAYES <> 0
> > > > >>>
> > > > >>>--
> > > > >>>-- Pascal --
> > > > >>> --
> > > > >>
> > > > >>
> > > > >>--
> > > > >>Julian Field
> > > > >>www.MailScanner.info
> > > > >>MailScanner thanks transtec Computers for their support
> > > > >>
> > > > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > > >
> > > > >
> > > > >--
> > > > >Julian Field
> > > > >www.MailScanner.info
> > > > >MailScanner thanks transtec Computers for their support
> > > > >
> > > > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > > >
> > > >
> > > > --
> > > > Julian Field
> > > > www.MailScanner.info
> > > > MailScanner thanks transtec Computers for their support
> > > >
> > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > > >
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From robin at PRIMUS.CA Mon Feb 2 16:50:46 2004
From: robin at PRIMUS.CA (Robin M.)
Date: Thu Jan 12 21:22:16 2006
Subject: small change in the init script
Message-ID:
Hi Julian small thing..
can you please modify the init script so that
line 234 reads
$POSTFIX -c $POSTFIXINCF stop 2>/dev/null
instead of
$POSTFIX -c /etc/postfix.in stop 2>/dev/null
and
line 263 reads
$POSTFIX -c $POSTFIXOUTCF stop 2>/dev/null
instead of
$POSTFIX -c /etc/postfix stop 2>/dev/null
I can send a patch if you prefer, but I have not much expereince with
requesting modification so I thought this would be a good place to start.
:)
From tduvally at BROWN.EDU Mon Feb 2 17:06:06 2004
From: tduvally at BROWN.EDU (Thomas DuVally)
Date: Thu Jan 12 21:22:16 2006
Subject: Silent virus delete ruleset
Message-ID: <1075741565.8224.31.camel@cis-staff-kntx90.cis.brown.edu>
I'm trying to create a ruleset for "Silent Viruses" but it isn't
working.
From what I've read I would have this:
MailScanner.conf:
Silent Viruses = /path/to/silent.virus.rules
Still Deliver Silent Viruses = no
silent.virus.rules:
To: *@* klez
To: *@* mydoom
"klez" and mydoom being what would normally be on the Silent Viruses
line if I didn't use a ruleset. Do I have this right?
--
Thomas J. DuVally
Lead Systems Prog.
CIS, Brown Univ.
GPG fingerprint = FB59 8265 0865 0CB8 94B5 FC26 F573 F09C 15F2 33F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040202/3548a78a/attachment.bin
From mailscanner at ecs.soton.ac.uk Mon Feb 2 17:07:06 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: Silent virus delete ruleset
In-Reply-To: <1075741565.8224.31.camel@cis-staff-kntx90.cis.brown.edu>
References: <1075741565.8224.31.camel@cis-staff-kntx90.cis.brown.edu>
Message-ID: <6.0.1.1.2.20040202170632.073563c8@imap.ecs.soton.ac.uk>
At 17:06 02/02/2004, you wrote:
>I'm trying to create a ruleset for "Silent Viruses" but it isn't
>working.
>
> From what I've read I would have this:
>
>MailScanner.conf:
>Silent Viruses = /path/to/silent.virus.rules
>Still Deliver Silent Viruses = no
>
>silent.virus.rules:
>To: *@* klez
>To: *@* mydoom
>
>"klez" and mydoom being what would normally be on the Silent Viruses
>line if I didn't use a ruleset. Do I have this right?
No, you have 2 "default" rules. What you mean is this:
To: default klez mydoom
*@* == default
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From steve.freegard at LBSLTD.CO.UK Mon Feb 2 17:19:05 2004
From: steve.freegard at LBSLTD.CO.UK (Steve Freegard)
Date: Thu Jan 12 21:22:16 2006
Subject: Rules_du_jour
Message-ID: <67D9E7698329D411936E00508B6590B902773E41@neelix.lbsltd.co.uk>
Hi All,
Quick question for those of you that might be using rules_du_jour for
updating your custom SA rulesets.
I've configured 'my_rules_du_jour' with an SA_RESTART command of
"/etc/init.d/MailScanner reload" - and in the back of my mind I'm not sure
if this is right - does MailScanner re-compile SpamAssassin on a reload
(thus re-reading the custom rules) or does it actually require a 'restart'
instead???
Cheers,
Steve.
--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.
This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040202/823a3de4/attachment.html
From AndreaC at GOTECH.IT Mon Feb 2 17:36:38 2004
From: AndreaC at GOTECH.IT (Andrea Cogliati)
Date: Thu Jan 12 21:22:16 2006
Subject: NDR strategy, [OT]
In-Reply-To: <401E5430.2050004@solid-state-logic.com>
Message-ID:
> From: Martin Hepworth
> Reply-To: MailScanner mailing list
> Date: Mon, 2 Feb 2004 13:44:16 +0000
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: NDR strategy
>
> There is way of setting up sendmail so it read from an Active Directory
> server to validate the email address. have a google around for 'how to'.
Martin (& David),
Thanks for the excellent suggestion. I'll definitely look into it. Just a
preliminary thought: I need to expose at least one DC onto the DMZ through
LDAP. What are the possible security risks, if any, of this approach?
Andrea
From martinh at SOLID-STATE-LOGIC.COM Mon Feb 2 17:42:29 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:22:16 2006
Subject: NDR strategy, [OT]
In-Reply-To:
References:
Message-ID: <401E8C05.5040705@solid-state-logic.com>
Andrea Cogliati wrote:
>>From: Martin Hepworth
>>Reply-To: MailScanner mailing list
>>Date: Mon, 2 Feb 2004 13:44:16 +0000
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: NDR strategy
>>
>>There is way of setting up sendmail so it read from an Active Directory
>>server to validate the email address. have a google around for 'how to'.
>
>
> Martin (& David),
>
> Thanks for the excellent suggestion. I'll definitely look into it. Just a
> preliminary thought: I need to expose at least one DC onto the DMZ through
> LDAP. What are the possible security risks, if any, of this approach?
>
> Andrea
ANdrea
pretty minimal as it only needs read access on the LDAP port. Another
idea might be to build an access file once a day from the DC, at a set
time and only open the port around that set time - (eg 1am-1.15am).
Depends on how 'risky' you decide this is, and how quickly you want
email changed to propagate.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
From mailscanner at LISTS.COM.AR Mon Feb 2 17:57:47 2004
From: mailscanner at LISTS.COM.AR (Mariano Absatz)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To: <6.0.1.1.2.20040202140416.073355e0@imap.ecs.soton.ac.uk>
References: <6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
Message-ID: <401E656B.16959.13A0CE4@localhost>
Gee...
FWIW, it happened a couple of centuries ago, but I recall having serious
trouble making Perl's flock() work on Solaris... same situation, all
development done under linux without a hitch and Solaris ignored all the
locking... and it wasn't an interoperability problem, since I was
competing against my own script...
The point is I don't quite remember what we did to solve it (we is an
understatement, since it wasn't me programming, I was just the
designer)... it must have been perl 5.6.x and Solaris 7, but I'm not sure
either...
Seems like you'll need a Solaris box to test it thoroughly... I wouldn't
even trust Solaris-x86 to behave identically to Solaris-Sparc :-(
El 2 Feb 2004 a las 14:06, Julian Field escribi?:
> I have just posted version 4.26.8.
>
> The problem did not appear on Linux, but does appear on Solaris. You can
> now disable all the relevant code by setting
--
Mariano Absatz
El Baby
----------------------------------------------------------
Oops. My brain just hit a bad sector.
From mailscanner at ecs.soton.ac.uk Mon Feb 2 18:03:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: Rules_du_jour
In-Reply-To: <67D9E7698329D411936E00508B6590B902773E41@neelix.lbsltd.co. uk>
References: <67D9E7698329D411936E00508B6590B902773E41@neelix.lbsltd.co.uk>
Message-ID: <6.0.1.1.2.20040202180219.03bc2bb0@imap.ecs.soton.ac.uk>
You should only require a reload, as that re-initialises SA. But doing a
restart has very little impact that doesn't happen when doing a restart. So
feel to restart if you prefer.
At 17:19 02/02/2004, you wrote:
>Hi All,
>
>Quick question for those of you that might be using rules_du_jour for
>updating your custom SA rulesets.
>
>I've configured 'my_rules_du_jour' with an SA_RESTART command of
>"/etc/init.d/MailScanner reload" - and in the back of my mind I'm not sure
>if this is right - does MailScanner re-compile SpamAssassin on a reload
>(thus re-reading the custom rules) or does it actually require a 'restart'
>instead???
>
>Cheers,
>Steve.
>--
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the sender and
>delete the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Mon Feb 2 18:05:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: 4.26.7, bayes rebuild, confused. -- 4.26.8
In-Reply-To: <401E656B.16959.13A0CE4@localhost>
References: <6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<401E656B.16959.13A0CE4@localhost>
Message-ID: <6.0.1.1.2.20040202180427.037198c8@imap.ecs.soton.ac.uk>
At 17:57 02/02/2004, you wrote:
>Gee...
>
>FWIW, it happened a couple of centuries ago, but I recall having serious
>trouble making Perl's flock() work on Solaris... same situation, all
>development done under linux without a hitch and Solaris ignored all the
>locking... and it wasn't an interoperability problem, since I was
>competing against my own script...
>
>The point is I don't quite remember what we did to solve it (we is an
>understatement, since it wasn't me programming, I was just the
>designer)... it must have been perl 5.6.x and Solaris 7, but I'm not sure
>either...
>
>Seems like you'll need a Solaris box to test it thoroughly... I wouldn't
>even trust Solaris-x86 to behave identically to Solaris-Sparc :-(
I've got an Ultra-5 so I can do a real test. If necessary, I can build a
Solaris-x86 box too. But as you say, the best place to try it is a real sparc.
>El 2 Feb 2004 a las 14:06, Julian Field escribi?:
>
> > I have just posted version 4.26.8.
> >
> > The problem did not appear on Linux, but does appear on Solaris. You can
> > now disable all the relevant code by setting
>
>--
>Mariano Absatz
>El Baby
>----------------------------------------------------------
>Oops. My brain just hit a bad sector.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From FCaen at CI.LAKEWOOD.WA.US Mon Feb 2 18:16:40 2004
From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen)
Date: Thu Jan 12 21:22:16 2006
Subject: NDR strategy
Message-ID:
-----Original Message-----
From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM]
> There is way of setting up sendmail so it read from an Active
> Directory server to validate the email address. have a google around
for 'how to'.
I suspect this is done by doing an LDAP lookup.
If someone gets this to work or has a URL to post, I'd be interested.
---------------------------------------------
Francois Caen
Network Information Systems Engineer - Webmaster
City of Lakewood, WA
(253) 512-2269
NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone.
City of Lakewood
From dwinkler at ALGORITHMICS.COM Mon Feb 2 18:33:42 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:22:16 2006
Subject: Rules_du_jour
Message-ID: <20CEA27AF49D7F4691F02E7ADC5D4ECD04B18A@tormail2.algorithmics.com>
Does allowing the MailScanner restart via "Restart Every" also re-initialize
SA?
Thanks,
Derek
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Julian Field
Sent: Monday, February 02, 2004 1:04 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Rules_du_jour
You should only require a reload, as that re-initialises SA. But doing a
restart has very little impact that doesn't happen when doing a restart. So
feel to restart if you prefer.
At 17:19 02/02/2004, you wrote:
>Hi All,
>
>Quick question for those of you that might be using rules_du_jour for
>updating your custom SA rulesets.
>
>I've configured 'my_rules_du_jour' with an SA_RESTART command of
>"/etc/init.d/MailScanner reload" - and in the back of my mind I'm not sure
>if this is right - does MailScanner re-compile SpamAssassin on a reload
>(thus re-reading the custom rules) or does it actually require a 'restart'
>instead???
>
>Cheers,
>Steve.
>--
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the sender and
>delete the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Mon Feb 2 18:43:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:16 2006
Subject: Rules_du_jour
In-Reply-To: <20CEA27AF49D7F4691F02E7ADC5D4ECD04B18A@tormail2.algorithmi
cs.com>
References: <20CEA27AF49D7F4691F02E7ADC5D4ECD04B18A@tormail2.algorithmics.com>
Message-ID: <6.0.1.1.2.20040202184330.03ce7f68@imap.ecs.soton.ac.uk>
Yes.
At 18:33 02/02/2004, you wrote:
>Does allowing the MailScanner restart via "Restart Every" also re-initialize
>SA?
>
>Thanks,
>
>Derek
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>Behalf Of Julian Field
>Sent: Monday, February 02, 2004 1:04 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Rules_du_jour
>
>
>You should only require a reload, as that re-initialises SA. But doing a
>restart has very little impact that doesn't happen when doing a restart. So
>feel to restart if you prefer.
>
>At 17:19 02/02/2004, you wrote:
> >Hi All,
> >
> >Quick question for those of you that might be using rules_du_jour for
> >updating your custom SA rulesets.
> >
> >I've configured 'my_rules_du_jour' with an SA_RESTART command of
> >"/etc/init.d/MailScanner reload" - and in the back of my mind I'm not sure
> >if this is right - does MailScanner re-compile SpamAssassin on a reload
> >(thus re-reading the custom rules) or does it actually require a 'restart'
> >instead???
> >
> >Cheers,
> >Steve.
> >--
> >This email and any files transmitted with it are confidential and intended
> >solely for the use of the individual or entity to whom they are addressed.
> >If you have received this email in error please notify the sender and
> >delete the message from your mailbox.
> >
> >This footnote also confirms that this email message has been swept by
> >MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From test at NEXTMILL.NET Mon Feb 2 19:05:41 2004
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:22:16 2006
Subject: CLAMAV installation instructions?
Message-ID:
I am interested in installing Mailscanner and testing it, but I would like
to implement CLAM-AV to scan for viruses as well. Has anyone documented
the procedure to install and use ClamAV with Mailscanner? Sorry I am not
a linux expert but I get around. I plan to use Redhat Fedora, will that
work?
From sysadmin at FLEETONE.COM Mon Feb 2 19:20:15 2004
From: sysadmin at FLEETONE.COM (Rob)
Date: Thu Jan 12 21:22:16 2006
Subject: CLAMAV installation instructions?
References:
Message-ID: <198601c3e9c1$96371ca0$45a610ac@fleetone.com>
First, download the latest CLAMAV and extract it. Then:
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
Now, edit your MailScanner.conf file and look for the line:
Virus Scanners =
Add clamav to the end of this line, save it, and restart MailScanner.
Rob
----- Original Message -----
From: "Brian Lewis"
To:
Sent: Monday, February 02, 2004 1:05 PM
Subject: CLAMAV installation instructions?
> I am interested in installing Mailscanner and testing it, but I would like
> to implement CLAM-AV to scan for viruses as well. Has anyone documented
> the procedure to install and use ClamAV with Mailscanner? Sorry I am not
> a linux expert but I get around. I plan to use Redhat Fedora, will that
> work?
>
From jbuda at NOTICIASARGENTINAS.COM Mon Feb 2 19:22:49 2004
From: jbuda at NOTICIASARGENTINAS.COM (Jose Julian Buda)
Date: Thu Jan 12 21:22:16 2006
Subject: CLAMAV installation instructions?
References:
Message-ID: <002101c3e9c1$f7c700c0$6000a8c0@noticiasargentinas.com>
did u see this site ?
http://clamav.sourceforge.net/doc/html-0.65/
----- Original Message -----
From: "Brian Lewis"
To:
Sent: Monday, February 02, 2004 4:05 PM
Subject: CLAMAV installation instructions?
> I am interested in installing Mailscanner and testing it, but I would like
> to implement CLAM-AV to scan for viruses as well. Has anyone documented
> the procedure to install and use ClamAV with Mailscanner? Sorry I am not
> a linux expert but I get around. I plan to use Redhat Fedora, will that
> work?
From lenaig at WANADOO.FR Mon Feb 2 19:44:07 2004
From: lenaig at WANADOO.FR (Thierry)
Date: Thu Jan 12 21:22:16 2006
Subject: questions using sendmail
Message-ID: <20040202194407.GA4752@maelenn>
hello,
I am a little bit confused with sendmail/Mailscanner ...
i just install sendmail this afternoon, i test it, everything is runnig find.
I install it on my laptop, i can send ans receive mail ...
I am using mutt, procmail and fetchmail.
I read some documentations about exim and postfix, and about the exim one, i read something very interesting, that mailscanner was moving (scanning) from /var/spool/incoming queue to /var/spool/mqueue.in queue all mails received.
How can i do the same thing with sendmail ??
I put the right path in my MailScanner.conf:
Incoming Queue Dir = /var/spool/mqueue.in
Outgoing Queue Dir = /var/spool/mqueue
Incoming Work Dir = /var/spool/incoming
Quarantine Dir = /var/spool/quarantine
But my mqueue.in still empty ... something to do with sendmai/fetchmail ?
Thx
--
Thierry
Ne faites jamais un "apt-get install new-wife" avant
un "apt-get remove --purge current-wife"
From shrek-m at GMX.DE Mon Feb 2 19:50:20 2004
From: shrek-m at GMX.DE (shrek-m@gmx.de)
Date: Thu Jan 12 21:22:16 2006
Subject: CLAMAV installation instructions?
In-Reply-To:
References:
Message-ID: <401EA9FC.9030703@gmx.de>
Brian Lewis wrote:
>ClamAV with Mailscanner? Sorry I am not
>a linux expert but I get around. I plan to use Redhat Fedora, will that
>work?
>
yes :-)
eg.
At Sun Feb 1 05:32:04 2004 the virus scanner said:
Sophos: >>> Virus 'W32/MyDoom-A' found in file test.scr
ClamAV: test.scr contains Worm.SCO.A
MailScanner: Windows Screensavers are often used to hide viruses (test.scr)
$ cat /etc/fedora-release
Fedora Core release 1 (Yarrow)
$ rhn-applet-tui
Ignoring
No package updates are needed.
$ clamscan --version
clamscan / ClamAV version 0.65
$ rpm -q mailscanner
mailscanner-4.26.5-1
$ grep "Virus Scanners" /etc/MailScanner/MailScanner.conf
# then set "Virus Scanners = none" instead.
# Virus Scanners = sophos f-prot mcafee
Virus Scanners = sophos clamav
--
shrek-m
From peter at UCGBOOK.COM Mon Feb 2 19:41:39 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:22:16 2006
Subject: CLAMAV installation instructions?
In-Reply-To: <198601c3e9c1$96371ca0$45a610ac@fleetone.com>
References:
<198601c3e9c1$96371ca0$45a610ac@fleetone.com>
Message-ID: <401EA7F3.9040408@ucgbook.com>
Try this RPM instead: http://crash.fce.vutbr.cz/crash-hat/1/clamav/
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
From kevins at BMRB.CO.UK Mon Feb 2 19:57:24 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:16 2006
Subject: questions using sendmail
In-Reply-To: <20040202194407.GA4752@maelenn>
References: <20040202194407.GA4752@maelenn>
Message-ID: <1075751844.14737.22.camel@bach.kevinspicer.co.uk>
On Mon, 2004-02-02 at 19:44, Thierry wrote:
> hello,
> I am a little bit confused with sendmail/Mailscanner ...
> i just install sendmail this afternoon, i test it, everything is runnig find.
> I install it on my laptop, i can send ans receive mail ...
> I am using mutt, procmail and fetchmail.
> I read some documentations about exim and postfix, and about the exim one, i read something very interesting, that mailscanner was moving (scanning) from /var/spool/incoming queue to /var/spool/mqueue.in queue all mails received.
> How can i do the same thing with sendmail ??
> I put the right path in my MailScanner.conf:
> But my mqueue.in still empty ... something to do with sendmai/fetchmail ?
You need to stop sendmail then start mailscanner which will start the
sendmail processes itself. Here are the commands (assuming redhat or
similar...)
service MailScanner stop
service sendmail stop
chkconfig --level 2345 sendmail off
shkconfig --level 345 MailScanner on
service MailScanner start
I can confirm this works fine with fetchmail as this is one of my
setups.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From bpumphrey at WOODMACLAW.COM Mon Feb 2 20:38:51 2004
From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey)
Date: Thu Jan 12 21:22:16 2006
Subject: Disabling scanning for one person
Message-ID:
I have a user that doesn't want his mailbox scanned. How do I go about
disabling the scanning for one or more people specifically?
From dustin.baer at IHS.COM Mon Feb 2 20:40:48 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:22:16 2006
Subject: Skip scan for viruses
References: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4B6@jessica.herefordshire.gov.uk> <401AA032.8FC7E858@ihs.com>
<401AA25B.5050801@ucgbook.com>
<1075488152.17925.7.camel@bach.kevinspicer.co.uk>
<401AAB40.856224@ihs.com>
Message-ID: <401EB5D0.411C1A6E@ihs.com>
Dustin Baer wrote:
>
> Kevin Spicer wrote:
> >
> > Wouldn't it be better to spam whitelist the IP address of the
> > MailScanner machine (which is presumably where the message would be sent
> > from)?
>
> The MailScanner machine is whitelisted, but I add the header to the
> original qf, and send the df/qf pair back through. That way, the logs
> remain consistent.
>
> Although now that you bring it up, I might mess with changing the $_
> flag in the qf file, rather than adding the header.
Which should make it:
#!/bin/ksh
sed -e 's/^.$/H??X-SpamRequested-Email: Requested\
./' \
-e 's/^\$_.*/$_[PUT YOUR WHITELISTED IP HERE]/' $emailID >
qf$emailID.$$ && mv qf$emailID.$$ qf$emailID
cp *$i /var/spool/mqueue.in
I have left the SpamRequested header in there, just for info purposes,
but removed the rule from spam.assassin.prefs.conf. That way, spammers
can't benefit from it.
Again, thanks for mentioning it, Kevin!
Dustin
--
Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836
From steve.swaney at FSL.COM Mon Feb 2 20:51:56 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:22:16 2006
Subject: questions using sendmail
In-Reply-To: <20040202194407.GA4752@maelenn>
Message-ID: <20040202205156.2382021C139@mail.fsl.com>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Thierry
> Sent: Monday, February 02, 2004 2:44 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: questions using sendmail
>
> hello,
> I am a little bit confused with sendmail/Mailscanner ...
> i just install sendmail this afternoon, i test it, everything is runnig
> find.
> I install it on my laptop, i can send ans receive mail ...
> I am using mutt, procmail and fetchmail.
> I read some documentations about exim and postfix, and about the exim one,
> i read something very interesting, that mailscanner was moving (scanning)
> from /var/spool/incoming queue to /var/spool/mqueue.in queue all mails
> received.
> How can i do the same thing with sendmail ??
> I put the right path in my MailScanner.conf:
>
> Incoming Queue Dir = /var/spool/mqueue.in
> Outgoing Queue Dir = /var/spool/mqueue
> Incoming Work Dir = /var/spool/incoming
[SKS]
Is mail being accepted by your system from other systems?
Can you telnet to port 25 from another system?
I also note that the incoming work directory should match your setting in
MailScanner.conf Typically this is
Incoming Work Dir = /var/spool/MailScanner/incoming
The directory must exist and have the right permissions, typically for
sendmail on linux:
# ls -dl /var/spool/MailScanner/incoming
drwxrwxrwt 2 root root 40 Feb 1 15:34
/var/spool/MailScanner/incoming
Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
> Quarantine Dir = /var/spool/quarantine
>
> But my mqueue.in still empty ... something to do with sendmai/fetchmail ?
>
> Thx
>
> --
> Thierry
> Ne faites jamais un "apt-get install new-wife" avant
> un "apt-get remove --purge current-wife"
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
From merkel at METALINK.NET Mon Feb 2 21:01:11 2004
From: merkel at METALINK.NET (Eric J Merkel)
Date: Thu Jan 12 21:22:16 2006
Subject: Performance problems...(SOLVED)
References: <54C38A0B814C8E438EF73FC76F362927410885@mtlnt501fs.CAMOROUTE.COM>
Message-ID: <010701c3e9cf$b06e8140$22c8a8c0@staff.metalink.net>
After loading caching DNS servers on all of our mail-relay's and changing
the sendmail queue runner to about an hour, the servers were able to catch
up. They're all running a load around 1.0-3.0 and only a few emails in the
mqueue.in at any time.
Thanks to everyone who gave me suggestions. MailScanner is now rocking along
with no lag! :)
Eric
----- Original Message -----
From: "Jeff A. Earickson"
To:
Sent: Friday, January 30, 2004 4:24 PM
Subject: Re: Performance problems...
> I *really* recommend running a caching DNS server on your
> box (and adding the physical memory to support it). Between the
> MTA, RBLs, MailScanner, SA, etc, etc, you will do a bzillion DNS
> lookups to get the mail delivered. Local caching is vital.
>
> Jeff Earickson
> Colby College
>
>
From mike at CAMAROSS.NET Mon Feb 2 21:10:33 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:22:16 2006
Subject: Disabling scanning for one person
In-Reply-To:
Message-ID: <200402022108.i12L8pH2008141@avwall.bladeware.com>
You can do this for virus scans AND spam. Just point the directive in
MailScanner.conf at a ruleset. In the ruleset:
FromTo: user@nottoscan.org no
FromTo: default yes
Reload MailScanner and you are done.
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Billy A. Pumphrey
Sent: Monday, February 02, 2004 2:39 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Disabling scanning for one person
I have a user that doesn't want his mailbox scanned. How do I go about
disabling the scanning for one or more people specifically?
From ycayer at 3WEBMEDIA.COM Mon Feb 2 22:47:30 2004
From: ycayer at 3WEBMEDIA.COM (Yannick Cayer)
Date: Thu Jan 12 21:22:16 2006
Subject: MailScanner suddently taking all the CPU and a lot of memory.
Message-ID: <4915A8E67C498D42BAB5CB1351FD026E14AC36@3webad1.3WebMedia.int>
Greetings,
I have the following configuration:
mailscanner-4.25-14
with spamassassin 2.61
sendmail 8.11.6-27
on an IBM x235
2 2.4GHZ Processors
1.25 GHZ of RAM
Hot swapable raid 5 config.
We have about a 100 small sites configured for mail mostly and some,
web.
This is running on RedHat Linux 7.3 Kernel 2.4.18-27.7.xsmp
We have been running MailScanner on that machine for almost 2 years now
without any problems.
Since last week, MailScanner has been bringing the server almost to a
complete halt, loads are skyrocking very suddently to 200! It is also
taking at that time about 25MB per MailScanner process.
It does this for several minutes to a few hours and then suddently comes
back.
I really don't know what can be causing this.
I have read the mail archives for this problem but the solutions I found
were not appropriate to my specific problem/condition.
My config has the max attachments set to 5 and the MailScanner processes
set to 10 (5 per CPU).
Can anyone help?
Thank you in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040202/e9cf6bdc/attachment.html
From kevins at BMRB.CO.UK Mon Feb 2 23:11:10 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:16 2006
Subject: MailScanner suddently taking all the CPU and a lot of memory.
In-Reply-To: <4915A8E67C498D42BAB5CB1351FD026E14AC36@3webad1.3WebMedia.int>
References: <4915A8E67C498D42BAB5CB1351FD026E14AC36@3webad1.3WebMedia.int>
Message-ID: <1075763470.21194.53.camel@bach.kevinspicer.co.uk>
On Mon, 2004-02-02 at 22:47, Yannick Cayer wrote:
> We have about a 100 small sites configured for mail mostly and some,
> web.
>
> This is running on RedHat Linux 7.3 Kernel 2.4.18-27.7.xsmp
>
> We have been running MailScanner on that machine for almost 2 years now
> without any problems.
>
> Since last week, MailScanner has been bringing the server almost to a
> complete halt, loads are skyrocking very suddently to 200! It is also
> taking at that time about 25MB per MailScanner process.
>
> It does this for several minutes to a few hours and then suddently comes
> back.
>
'Since Last Week' - are you sure this isn't anything to do with the
MyDoom outbreak and its associated bounce messages (the load on my
production server doubled and it struggled to keep up at times). If
you're not already doing so I suggest taking steps to block subjects/
email addresses used by this virus at your MTA (sendmail rulesets have
ben posted several times in the last week - search the archives for
'LOCAL RULESET')
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From ycayer at 3webmedia.com Mon Feb 2 23:13:55 2004
From: ycayer at 3webmedia.com (Yannick Cayer)
Date: Thu Jan 12 21:22:16 2006
Subject: MailScanner suddently taking all the CPU and a lot of memory.
In-Reply-To: A<1075763470.21194.53.camel@bach.kevinspicer.co.uk>
Message-ID: <200402022314.i12NE6O16221@3webserv2.3webmedia.com>
I guess I could set a rule with spamassassin to block the subjects....
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer
> Sent: Monday, February 02, 2004 6:11 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner suddently taking all the CPU and a
> lot of memory.
>
> On Mon, 2004-02-02 at 22:47, Yannick Cayer wrote:
>
> > We have about a 100 small sites configured for mail mostly
> and some,
> > web.
> >
> > This is running on RedHat Linux 7.3 Kernel 2.4.18-27.7.xsmp
> >
> > We have been running MailScanner on that machine for almost 2 years
> > now without any problems.
> >
> > Since last week, MailScanner has been bringing the server
> almost to a
> > complete halt, loads are skyrocking very suddently to 200!
> It is also
> > taking at that time about 25MB per MailScanner process.
> >
> > It does this for several minutes to a few hours and then suddently
> > comes back.
> >
>
> 'Since Last Week' - are you sure this isn't anything to do
> with the MyDoom outbreak and its associated bounce messages
> (the load on my production server doubled and it struggled to
> keep up at times). If you're not already doing so I suggest
> taking steps to block subjects/ email addresses used by this
> virus at your MTA (sendmail rulesets have ben posted several
> times in the last week - search the archives for 'LOCAL RULESET')
>
>
>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material. If you have received this in error, please contact
> the sender and delete this message immediately. Disclosure,
> copying or other action taken in respect of this email or in
> reliance on it is prohibited. BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our business.
>
From kevins at BMRB.CO.UK Mon Feb 2 23:21:07 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:16 2006
Subject: MailScanner suddently taking all the CPU and a lot of memory.
In-Reply-To: <200402022314.i12NE6O16221@3webserv2.3webmedia.com>
References: <200402022314.i12NE6O16221@3webserv2.3webmedia.com>
Message-ID: <1075764071.21509.5.camel@bach.kevinspicer.co.uk>
On Mon, 2004-02-02 at 23:13, Yannick Cayer wrote:
> > 'Since Last Week' - are you sure this isn't anything to do
> > with the MyDoom outbreak and its associated bounce messages
> > (the load on my production server doubled and it struggled to
> > keep up at times). If you're not already doing so I suggest
> > taking steps to block subjects/ email addresses used by this
> > virus at your MTA (sendmail rulesets have ben posted several
> > times in the last week - search the archives for 'LOCAL RULESET')
>
> I guess I could set a rule with spamassassin to block the subjects....
>
That won't make much difference to the load on your system, you need to
do it at the MTA, so that the mail is rejected at the rcpt or data stage
of the SMTP transaction. That will save your mail server the trouble of
scanning it for viruses and spam and the hassle of attempting delivery
to non-existent users/domains. If you post which MTA you are using
maybe someone could help.
Have you established that this is what is causing your problem? (If
you don't have any monitoring in place even just doing a wc -l on your
daily maillog over the last couple of weeks should give you a flavour of
what your mail load is like.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From ycayer at 3webmedia.com Mon Feb 2 23:25:07 2004
From: ycayer at 3webmedia.com (Yannick Cayer)
Date: Thu Jan 12 21:22:16 2006
Subject: MailScanner suddently taking all the CPU and a lot of memory.
In-Reply-To: A<1075764071.21509.5.camel@bach.kevinspicer.co.uk>
Message-ID: <200402022325.i12NPIO17614@3webserv2.3webmedia.com>
My MTA is sendmail
I guess I could use some help in setting it up to block this...
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer
> Sent: Monday, February 02, 2004 6:21 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner suddently taking all the CPU and a
> lot of memory.
>
> On Mon, 2004-02-02 at 23:13, Yannick Cayer wrote:
> > > 'Since Last Week' - are you sure this isn't anything to
> do with the
> > > MyDoom outbreak and its associated bounce messages (the
> load on my
> > > production server doubled and it struggled to keep up at
> times). If
> > > you're not already doing so I suggest taking steps to block
> > > subjects/ email addresses used by this virus at your MTA
> (sendmail
> > > rulesets have ben posted several times in the last week -
> search the
> > > archives for 'LOCAL RULESET')
> >
> > I guess I could set a rule with spamassassin to block the
> subjects....
> >
>
> That won't make much difference to the load on your system,
> you need to do it at the MTA, so that the mail is rejected at
> the rcpt or data stage of the SMTP transaction. That will
> save your mail server the trouble of scanning it for viruses
> and spam and the hassle of attempting delivery to
> non-existent users/domains. If you post which MTA you are
> using maybe someone could help.
>
> Have you established that this is what is causing your problem? (If
> you don't have any monitoring in place even just doing a wc
> -l on your daily maillog over the last couple of weeks should
> give you a flavour of what your mail load is like.
>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material. If you have received this in error, please contact
> the sender and delete this message immediately. Disclosure,
> copying or other action taken in respect of this email or in
> reliance on it is prohibited. BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our business.
>
From gareth at BIM7.COM Mon Feb 2 23:29:23 2004
From: gareth at BIM7.COM (Gareth)
Date: Thu Jan 12 21:22:16 2006
Subject: incomingworkdir does not exist
Message-ID: <023d01c3e9e4$63c2c530$0a11a8c0@dijon>
Hi Guys
I've installed MailScanner on Debain Woody, and configured Postfix to work
with it using instructions at
http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml.
Everything seemed to go okay, and I am still receiving mail, but nothing is
been filtered for spam and I have the following entries in /var/log/mail.log
(about every 10 seconds!)
Feb 2 23:20:04 lyon MailScanner[25810]: MailScanner E-Mail Virus Scanner
version 4.26.7 starting...
Feb 2 23:20:04 lyon MailScanner[25810]: Could not read directory
/var/spool/MailScanner/incoming
Feb 2 23:20:04 lyon MailScanner[25810]: Error in configuration file line
115, directory /var/spool/MailScanner/incoming for incomingworkdir does not
exist (or is not readable)
/var/spool/MailScanner/incoming does exist, and is owned by postfix and the
group postfix. Permissions are 750.
drwxr-x--- 2 mail mail 48 Feb 1 17:12 archive
drwxr-x--- 2 postfix postfix 48 Feb 1 17:12 incoming
drwxr-x--- 2 postfix postfix 48 Feb 1 17:12 quarantine
Can anyone tell me what's going wrong? I've googled, and can't find anyone
else with this problem.
Thanks
Gareth
From rzewnickie at RFA.ORG Mon Feb 2 23:49:04 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:22:16 2006
Subject: incomingworkdir does not exist
In-Reply-To: <023d01c3e9e4$63c2c530$0a11a8c0@dijon>
References: <023d01c3e9e4$63c2c530$0a11a8c0@dijon>
Message-ID: <20040202234904.GC4984@rfa.org>
did you remember to set:
Run As User = postfix
Run As Group = postfix
?
-Eric Rz.
On Mon, Feb 02, 2004 at 11:29:23PM -0000, Gareth wrote:
> Hi Guys
>
> I've installed MailScanner on Debain Woody, and configured Postfix to work
> with it using instructions at
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml.
>
> Everything seemed to go okay, and I am still receiving mail, but nothing is
> been filtered for spam and I have the following entries in /var/log/mail.log
> (about every 10 seconds!)
>
> Feb 2 23:20:04 lyon MailScanner[25810]: MailScanner E-Mail Virus Scanner
> version 4.26.7 starting...
> Feb 2 23:20:04 lyon MailScanner[25810]: Could not read directory
> /var/spool/MailScanner/incoming
> Feb 2 23:20:04 lyon MailScanner[25810]: Error in configuration file line
> 115, directory /var/spool/MailScanner/incoming for incomingworkdir does not
> exist (or is not readable)
>
> /var/spool/MailScanner/incoming does exist, and is owned by postfix and the
> group postfix. Permissions are 750.
>
> drwxr-x--- 2 mail mail 48 Feb 1 17:12 archive
> drwxr-x--- 2 postfix postfix 48 Feb 1 17:12 incoming
> drwxr-x--- 2 postfix postfix 48 Feb 1 17:12 quarantine
>
> Can anyone tell me what's going wrong? I've googled, and can't find anyone
> else with this problem.
>
> Thanks
>
>
> Gareth
From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 3 00:17:27 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:22:16 2006
Subject: Perl modules in rpm
Message-ID: <08146035CA49D6119A36009027AC822A0264ED9B@CITY-EXCH-NTS>
I know from a previous inquiry months ago that the perl security patches are
included in the .rpm package, but I'm not sure if all the other Perl modules
(listed on the .tar page) are. I'm trying to document our setup so others
can build/upgrade as seamlessly as possible; do I need to download/install
the Perl modules prior to installing the rpm package or is it one stop
shopping? Thanks much...
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Administrator, Mail
Administrator
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
From test at NEXTMILL.NET Tue Feb 3 00:44:51 2004
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:22:16 2006
Subject: Redirecting multiple domains to multiple mail servers
Message-ID:
Ok, I have installed Fedora Core 1, MailScanner 4.26, SpamAssassin 2.63,
and ClamAV .065, what I want to do is configure it so I can change the MX
record on multiple domains to point to this server, and then after a
message passes the spam/virus check, its sent on to the real server.
domain1.com ----> server1.whatever.com
domain2.com ----> server6.whatever.com
domainsoandso.com ----> server2.whatever.com
domainwhatnot.com ----> 192.168.0.101
How would I do this?
From steve.freegard at LBSLTD.CO.UK Tue Feb 3 00:44:45 2004
From: steve.freegard at LBSLTD.CO.UK (Steve Freegard)
Date: Thu Jan 12 21:22:16 2006
Subject: Announce: MailWatch for MailScanner 0.5
Message-ID: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
Hi All,
I'm pleased to finally release 0.5 which you can download from
http://www.sourceforge.net/projects/mailwatch.
CHANGE LOG
- Updated indexes for much greater performance (again!).
- Added preliminary support for per-user filters (see USER_FILTERS file).
- Added the ability to view quarantined items.
- All tables now enable a pager when returning more than 50 rows and allow
ordering by any of the displayed columns.
- New tool to run SpamAssassin --lint and time the output for debugging SA.
- New F-Secure status page (like Sophos).
- Required PEAR modules now included.
- Added reporting of Blacklisted mails.
- Integrated the reporting of SpamAssassin Blacklisted/Whitelisted e-mails.
- Quoted printable strings are now automatically decoded before display.
- Configuration options moved from functions.php into conf.php
- Automatically works out VIRUS_REGEX by using the first value in
MailScanner.conf - e.g. 'Virus Scanners = sophossavi clamavmodule' would
activate the regexp for SophosSAVI.
- New 'Virus Report' allows comparison of multiple scanners (if you run
more than one) and allows you to see 1st detection date/time of each
virus by each scanner.
- Integration with Fortress Systems Secure Mail Gateway.
FIXES
- Multiple clean-ups of mailq.php to make it more robust.
- Greatly improved debugging of SQL statments.
- Quarantine now correctly looks in the non-spam quarantine directories.
- SA Rules Description Update now reads custom rules as well.
- sendmail_relay.php now works across log rotations.
- Increased memory_limit to 128M for quarantine functions.
Kind regards,
Steve.
--
MailWatch for MailScanner
http://mailwatch.sourceforge.net
--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.
This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.
From ugob at CAMO-ROUTE.COM Tue Feb 3 00:52:36 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:16 2006
Subject: questions using sendmail
Message-ID: <54C38A0B814C8E438EF73FC76F362927410897@mtlnt501fs.CAMOROUTE.COM>
> -----Message d'origine-----
> De : Kevin Spicer [mailto:kevins@BMRB.CO.UK]
> Envoy? : Monday, February 02, 2004 2:57 PM
> ? : MAILSCANNER@JISCMAIL.AC.UK
> Objet : Re: questions using sendmail
>
>
> On Mon, 2004-02-02 at 19:44, Thierry wrote:
> > hello,
> > I am a little bit confused with sendmail/Mailscanner ...
> > i just install sendmail this afternoon, i test it,
> everything is runnig find.
> > I install it on my laptop, i can send ans receive mail ...
> > I am using mutt, procmail and fetchmail.
> > I read some documentations about exim and postfix, and
> about the exim one, i read something very interesting, that
> mailscanner was moving (scanning) from /var/spool/incoming
> queue to /var/spool/mqueue.in queue all mails received.
> > How can i do the same thing with sendmail ??
> > I put the right path in my MailScanner.conf:
>
> > But my mqueue.in still empty ... something to do with
> sendmai/fetchmail ?
>
> You need to stop sendmail then start mailscanner which will start the
> sendmail processes itself. Here are the commands (assuming redhat or
> similar...)
> service MailScanner stop
> service sendmail stop
> chkconfig --level 2345 sendmail off
> shkconfig --level 345 MailScanner on
> service MailScanner start
>
> I can confirm this works fine with fetchmail as this is one of my
> setups.
I use fetchmail as well. No prob.
>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material. If you have received this in error, please contact the
> sender and delete this message immediately. Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited. BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
>
From ugob at CAMO-ROUTE.COM Tue Feb 3 00:54:13 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:16 2006
Subject: Disabling scanning for one person
Message-ID: <54C38A0B814C8E438EF73FC76F362927410898@mtlnt501fs.CAMOROUTE.COM>
> -----Message d'origine-----
> De : Billy A. Pumphrey [mailto:bpumphrey@WOODMACLAW.COM]
> Envoy? : Monday, February 02, 2004 3:39 PM
> ? : MAILSCANNER@JISCMAIL.AC.UK
> Objet : Disabling scanning for one person
>
>
> I have a user that doesn't want his mailbox scanned. How do
> I go about
> disabling the scanning for one or more people specifically?
You can see the rules tutorial in the faqs.
>
From ugob at CAMO-ROUTE.COM Tue Feb 3 00:56:19 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:16 2006
Subject: Redirecting multiple domains to multiple mail servers
Message-ID: <54C38A0B814C8E438EF73FC76F362927410899@mtlnt501fs.CAMOROUTE.COM>
> -----Message d'origine-----
> De : Brian Lewis [mailto:test@NEXTMILL.NET]
> Envoy? : Monday, February 02, 2004 7:45 PM
> ? : MAILSCANNER@JISCMAIL.AC.UK
> Objet : Redirecting multiple domains to multiple mail servers
>
>
> Ok, I have installed Fedora Core 1, MailScanner 4.26,
> SpamAssassin 2.63,
> and ClamAV .065, what I want to do is configure it so I can
> change the MX
> record on multiple domains to point to this server, and then after a
> message passes the spam/virus check, its sent on to the real server.
>
> domain1.com ----> server1.whatever.com
> domain2.com ----> server6.whatever.com
> domainsoandso.com ----> server2.whatever.com
> domainwhatnot.com ----> 192.168.0.101
>
> How would I do this?
What mta? sendmail and postfix tutorial are available in the faqs.
>
From g.pentland at SOTON.AC.UK Tue Feb 3 00:52:42 2004
From: g.pentland at SOTON.AC.UK (Pentland G.)
Date: Thu Jan 12 21:22:16 2006
Subject: NDR strategy
Message-ID:
I'm looking at this issue and some other routing problems at the
moment...
For now go to sendmail.org and search for "LDAP" it describes the LASER
schema extension, sadly it appears that getting sendmail to work with
the "mail" attribute is a little hard. If you are not the AD admin at
your site then they might be concerned... in AD 2000 you cannot remove a
schema change! 2003 allegedly fixes that.
I'll post a howto when I have it all in place and working...
Good luck
-----Original Message-----
From: Francois Caen [mailto:FCaen@CI.LAKEWOOD.WA.US]
Sent: 02 February 2004 18:17
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: NDR strategy
-----Original Message-----
From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM]
> There is way of setting up sendmail so it read from an Active
> Directory server to validate the email address. have a google around
for 'how to'.
I suspect this is done by doing an LDAP lookup.
If someone gets this to work or has a URL to post, I'd be interested.
---------------------------------------------
Francois Caen
Network Information Systems Engineer - Webmaster
City of Lakewood, WA
(253) 512-2269
NOTICE: The Information contained in this transmission is privileged
and confidential. It is intended for the use of the individual or entity
named above. If the reader of this message is not the intended addressee
or other legitimate recipient, the reader is hereby notified that any
consideration, dissemination or duplication of this communication is
strictly prohibited. If the addressee has received this communication in
error, please return it to the above address by mail and notify this
office by telephone.
City of Lakewood
From gdoris at ROGERS.COM Tue Feb 3 03:48:17 2004
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:22:16 2006
Subject: Announce: MailWatch for MailScanner 0.5
In-Reply-To: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
References: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
Message-ID: <1075780097.5978.9.camel@jaguar.dorfam.ca>
On Mon, 2004-02-02 at 19:44, Steve Freegard wrote:
> Hi All,
>
> I'm pleased to finally release 0.5 which you can download from
> http://www.sourceforge.net/projects/mailwatch.
>
> CHANGE LOG
> - Updated indexes for much greater performance (again!).
> - Added preliminary support for per-user filters (see USER_FILTERS file).
> - Added the ability to view quarantined items.
> - All tables now enable a pager when returning more than 50 rows and allow
> ordering by any of the displayed columns.
> - New tool to run SpamAssassin --lint and time the output for debugging SA.
> - New F-Secure status page (like Sophos).
> - Required PEAR modules now included.
> - Added reporting of Blacklisted mails.
> - Integrated the reporting of SpamAssassin Blacklisted/Whitelisted e-mails.
> - Quoted printable strings are now automatically decoded before display.
> - Configuration options moved from functions.php into conf.php
> - Automatically works out VIRUS_REGEX by using the first value in
> MailScanner.conf - e.g. 'Virus Scanners = sophossavi clamavmodule' would
> activate the regexp for SophosSAVI.
> - New 'Virus Report' allows comparison of multiple scanners (if you run
> more than one) and allows you to see 1st detection date/time of each
> virus by each scanner.
> - Integration with Fortress Systems Secure Mail Gateway.
>
> FIXES
> - Multiple clean-ups of mailq.php to make it more robust.
> - Greatly improved debugging of SQL statments.
> - Quarantine now correctly looks in the non-spam quarantine directories.
> - SA Rules Description Update now reads custom rules as well.
> - sendmail_relay.php now works across log rotations.
> - Increased memory_limit to 128M for quarantine functions.
>
> Kind regards,
> Steve.
I've just upgraded from 0.4 on a Fedora system. All seems to be working
as advertised!
--
Gerry Doris
From gareth at BIM7.COM Tue Feb 3 08:15:32 2004
From: gareth at BIM7.COM (Gareth)
Date: Thu Jan 12 21:22:16 2006
Subject: incomingworkdir does not exist
References: <023d01c3e9e4$63c2c530$0a11a8c0@dijon>
<20040202234904.GC4984@rfa.org>
Message-ID: <027801c3ea2d$e4b6d0c0$0a11a8c0@dijon>
> did you remember to set:
>
> Run As User = postfix
> Run As Group = postfix
>
> > Feb 2 23:20:04 lyon MailScanner[25810]: MailScanner E-Mail Virus
Scanner
> > version 4.26.7 starting...
> > Feb 2 23:20:04 lyon MailScanner[25810]: Could not read directory
> > /var/spool/MailScanner/incoming
> > Feb 2 23:20:04 lyon MailScanner[25810]: Error in configuration file
line
> > 115, directory /var/spool/MailScanner/incoming for incomingworkdir does
not
> > exist (or is not readable)
> >
> > /var/spool/MailScanner/incoming does exist, and is owned by postfix and
the
> > group postfix. Permissions are 750.
> >
Yeah.. I did that in /etc/MailScanner/MailScanner.conf
Any other suggestions much appreciated.
Gareth
From steve at INTELIPORT.COM Tue Feb 3 08:05:40 2004
From: steve at INTELIPORT.COM (Stephen Lane)
Date: Thu Jan 12 21:22:16 2006
Subject: Need some help Hijacked Returned domain
Message-ID: <02af01c3ea2c$88b50090$f90010ac@iplanet2385>
Hi everyone,
We have in recent days been the recipient of spammers using our domain name as a return address. They use all kinds of names etc..
I could really use some assistance in trying to stop this or at least handle the bounce mail better, we are also getting a extreme amount
of mail from null senders logs are filled with from=<> on one of our server we have 20,000 entries in the last 15 hours.
Any hints, comments, ideas on stopping this I just added dnsbl.sorbs.net to sendmail and it's already starting to help (BTW great job Matthew)
are others having this problem also? it seems this started up a couple of days ago after MyDoom hit. Is anyone else having this happen or has
seen this before.
below is an example of the a org message that was returned I left off the information from where it was bounced.
Thanks in advance
Steve
--- Start
Content-Type: message/rfc822
Message-ID:
From: Roseanna Escalante
To: webmaster@northernbus.com
Subject: FWD: Available All. X@nax , v|agR@ _ \ Va:l:ium = S0ma , Pn:t:er
min 4v5tR
Date: Wed, 4 Feb 2004 02:23:41 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
X-MS-Embedded-Report:
Content-Type: text/plain;
charset="iso-8859-1"
We believe ordering medication should be as simple as ordering anything else
on the Internet: Private, secure, and easy.
On stock: \ Xan|a|x ) Val/i/um = So+m+a = Pntermin $ V1Agr@
Plus: A'cyc|0vir, Pr0z@.c, P@`xil, Bus:p@r, Ad|p&.x, I0`nam|n, M3ri:dia,
X3nic.a|, Am`bi3n, S0na.Ta, F`l3xeril, Ce|3br'ex, Fi0ri`c3t, T'ram@do|,
U|t`r@m, L3:v|tra, Pr0p3ci`a
Most trusted name brands.
Enjoy deep discount meds here
------_=_NextPart_000_01C3EA29.1039B262--
---End
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040203/dbffa802/attachment.html
From jdbautista at IWSPC.COM Tue Feb 3 08:38:38 2004
From: jdbautista at IWSPC.COM (Joseph C. Bautista)
Date: Thu Jan 12 21:22:16 2006
Subject: Announce: MailWatch for MailScanner 0.5
References: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
Message-ID: <00e601c3ea31$255aa360$4c04a8c0@Plnt3domain>
Hi All,
I think i followed the instruction correct. My Mailscanner is logging to
mysql database. But everytime i point my browser to
http://localhost/mailscanner it gives me an error:
Fatal error: Call to undefined function: mysql_pconnect() in
/home/httpd/html/mailscanner/functions.php on line 273
Anyone knows how to fixed this?
Thnx.
----- Original Message -----
From: "Steve Freegard"
To:
Sent: Tuesday, February 03, 2004 8:44 AM
Subject: Announce: MailWatch for MailScanner 0.5
> Hi All,
>
> I'm pleased to finally release 0.5 which you can download from
> http://www.sourceforge.net/projects/mailwatch.
>
> CHANGE LOG
> - Updated indexes for much greater performance (again!).
> - Added preliminary support for per-user filters (see USER_FILTERS file).
> - Added the ability to view quarantined items.
> - All tables now enable a pager when returning more than 50 rows and allow
> ordering by any of the displayed columns.
> - New tool to run SpamAssassin --lint and time the output for debugging
SA.
> - New F-Secure status page (like Sophos).
> - Required PEAR modules now included.
> - Added reporting of Blacklisted mails.
> - Integrated the reporting of SpamAssassin Blacklisted/Whitelisted
e-mails.
> - Quoted printable strings are now automatically decoded before display.
> - Configuration options moved from functions.php into conf.php
> - Automatically works out VIRUS_REGEX by using the first value in
> MailScanner.conf - e.g. 'Virus Scanners = sophossavi clamavmodule' would
> activate the regexp for SophosSAVI.
> - New 'Virus Report' allows comparison of multiple scanners (if you run
> more than one) and allows you to see 1st detection date/time of each
> virus by each scanner.
> - Integration with Fortress Systems Secure Mail Gateway.
>
> FIXES
> - Multiple clean-ups of mailq.php to make it more robust.
> - Greatly improved debugging of SQL statments.
> - Quarantine now correctly looks in the non-spam quarantine directories.
> - SA Rules Description Update now reads custom rules as well.
> - sendmail_relay.php now works across log rotations.
> - Increased memory_limit to 128M for quarantine functions.
>
> Kind regards,
> Steve.
>
> --
> MailWatch for MailScanner
> http://mailwatch.sourceforge.net
>
> --
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender and delete the message from your mailbox.
>
> This footnote also confirms that this email message has been swept by
> MailScanner (www.mailscanner.info) for the presence of computer viruses.
From steve.freegard at LBSLTD.CO.UK Tue Feb 3 09:06:37 2004
From: steve.freegard at LBSLTD.CO.UK (Steve Freegard)
Date: Thu Jan 12 21:22:17 2006
Subject: Announce: MailWatch for MailScanner 0.5
Message-ID: <67D9E7698329D411936E00508B6590B902773E43@neelix.lbsltd.co.uk>
Hi Joseph,
You're getting this error because your copy of PHP doesn't have the MySQL
module installed or compiled in.
If you are running RedHat install the php-mysql RPM from your installation
CD's and restart apache and it will start working.
Kind regards,
Steve.
> -----Original Message-----
> From: Joseph C. Bautista [mailto:jdbautista@IWSPC.COM]
> Sent: 03 February 2004 08:39
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Announce: MailWatch for MailScanner 0.5
>
>
> Hi All,
>
> I think i followed the instruction correct. My
> Mailscanner is logging to mysql database. But everytime i
> point my browser to
>
> http://localhost/mailscanner it gives me an error:
>
> Fatal error: Call to undefined function:
> mysql_pconnect() in
> /home/httpd/html/mailscanner/functions.php on line 273
>
> Anyone knows how to fixed this?
>
> Thnx.
>
>
> ----- Original Message -----
> From: "Steve Freegard"
> To:
> Sent: Tuesday, February 03, 2004 8:44 AM
> Subject: Announce: MailWatch for MailScanner 0.5
>
>
> > Hi All,
> >
> > I'm pleased to finally release 0.5 which you can download from
> > http://www.sourceforge.net/projects/mailwatch.
> >
> > CHANGE LOG
> > - Updated indexes for much greater performance (again!).
> > - Added preliminary support for per-user filters (see USER_FILTERS
> > file).
> > - Added the ability to view quarantined items.
> > - All tables now enable a pager when returning more than 50
> rows and allow
> > ordering by any of the displayed columns.
> > - New tool to run SpamAssassin --lint and time the output
> for debugging
> SA.
> > - New F-Secure status page (like Sophos).
> > - Required PEAR modules now included.
> > - Added reporting of Blacklisted mails.
> > - Integrated the reporting of SpamAssassin Blacklisted/Whitelisted
> e-mails.
> > - Quoted printable strings are now automatically decoded before
> > display.
> > - Configuration options moved from functions.php into conf.php
> > - Automatically works out VIRUS_REGEX by using the first value in
> > MailScanner.conf - e.g. 'Virus Scanners = sophossavi
> clamavmodule' would
> > activate the regexp for SophosSAVI.
> > - New 'Virus Report' allows comparison of multiple scanners
> (if you run
> > more than one) and allows you to see 1st detection
> date/time of each
> > virus by each scanner.
> > - Integration with Fortress Systems Secure Mail Gateway.
> >
> > FIXES
> > - Multiple clean-ups of mailq.php to make it more robust.
> > - Greatly improved debugging of SQL statments.
> > - Quarantine now correctly looks in the non-spam quarantine
> > directories.
> > - SA Rules Description Update now reads custom rules as well.
> > - sendmail_relay.php now works across log rotations.
> > - Increased memory_limit to 128M for quarantine functions.
> >
> > Kind regards,
> > Steve.
> >
> > --
> > MailWatch for MailScanner
> > http://mailwatch.sourceforge.net
> >
> > --
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to
> whom they
> > are addressed. If you have received this email in error
> please notify
> > the sender and delete the message from your mailbox.
> >
> > This footnote also confirms that this email message has
> been swept by
> > MailScanner (www.mailscanner.info) for the presence of computer
> > viruses.
>
--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.
This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.
From stephane.branchoux at UNIV-PERP.FR Tue Feb 3 09:41:10 2004
From: stephane.branchoux at UNIV-PERP.FR (stephane BRANCHOUX)
Date: Thu Jan 12 21:22:17 2006
Subject: scan zip files
Message-ID: <467301c3ea39$db6216e0$0688a7c2@belleile>
Hello,
i use mailscanner 4.12 with mcafee.
Zip files are authorized but is there a way to scan zip files ?
Last virus is sent in a zip file and i would like to scan it without
blocking all zip files.
Many thanks in advance.
stephane BRANCHOUX
Centre de Ressources Informatiques de l'Universit? de Perpignan.
Syst?mes/R?seaux
mailto:stephane.branchoux@univ-perp.fr
04 68 66 21 24
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3827 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040203/183c9afd/smime.bin
From prandal at HEREFORDSHIRE.GOV.UK Tue Feb 3 10:13:42 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:22:17 2006
Subject: CLAMAV installation instructions?
Message-ID: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4D3@jessica.herefordshire.gov.uk>
Or:
Virus Scanners = clamavmodule
Cheers,
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of shrek-m@gmx.de
> Sent: 02 February 2004 19:50
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: CLAMAV installation instructions?
>
>
> Brian Lewis wrote:
>
> >ClamAV with Mailscanner? Sorry I am not
> >a linux expert but I get around. I plan to use Redhat
> Fedora, will that
> >work?
> >
>
> yes :-)
>
> eg.
>
> At Sun Feb 1 05:32:04 2004 the virus scanner said:
> Sophos: >>> Virus 'W32/MyDoom-A' found in file test.scr
> ClamAV: test.scr contains Worm.SCO.A
> MailScanner: Windows Screensavers are often used to hide
> viruses (test.scr)
>
>
>
>
> $ cat /etc/fedora-release
> Fedora Core release 1 (Yarrow)
>
> $ rhn-applet-tui
> Ignoring
> No package updates are needed.
>
> $ clamscan --version
> clamscan / ClamAV version 0.65
>
> $ rpm -q mailscanner
> mailscanner-4.26.5-1
>
> $ grep "Virus Scanners" /etc/MailScanner/MailScanner.conf
> # then set "Virus Scanners = none" instead.
> # Virus Scanners = sophos f-prot mcafee
> Virus Scanners = sophos clamav
>
>
> --
> shrek-m
>
From mailscanner at ecs.soton.ac.uk Tue Feb 3 09:07:30 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:17 2006
Subject: Perl modules in rpm
In-Reply-To: <08146035CA49D6119A36009027AC822A0264ED9B@CITY-EXCH-NTS>
References: <08146035CA49D6119A36009027AC822A0264ED9B@CITY-EXCH-NTS>
Message-ID: <6.0.1.1.2.20040203090707.073a8680@imap.ecs.soton.ac.uk>
At 00:17 03/02/2004, you wrote:
>I know from a previous inquiry months ago that the perl security patches are
>included in the .rpm package, but I'm not sure if all the other Perl modules
>(listed on the .tar page) are. I'm trying to document our setup so others
>can build/upgrade as seamlessly as possible; do I need to download/install
>the Perl modules prior to installing the rpm package or is it one stop
>shopping? Thanks much...
The RPM distributions of MailScanner include everything you need. Just
unpack them and "./install.sh".
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Tue Feb 3 09:09:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:17 2006
Subject: Need some help Hijacked Returned domain
In-Reply-To: <02af01c3ea2c$88b50090$f90010ac@iplanet2385>
References: <02af01c3ea2c$88b50090$f90010ac@iplanet2385>
Message-ID: <6.0.1.1.2.20040203090855.073aba60@imap.ecs.soton.ac.uk>
Take a look at using the "access database" in sendmail to block unknown
recipients at the SMTP level. It's all documented at www.sendmail.org.
At 08:05 03/02/2004, you wrote:
>Hi everyone,
>
>We have in recent days been the recipient of spammers using our domain
>name as a return address. They use all kinds of names etc..
>I could really use some assistance in trying to stop this or at least
>handle the bounce mail better, we are also getting a extreme amount
>of mail from null senders logs are filled with from=<> on one of our
>server we have 20,000 entries in the last 15 hours.
>
>Any hints, comments, ideas on stopping this I just added dnsbl.sorbs.net
>to sendmail and it's already starting to help (BTW great job Matthew)
>are others having this problem also? it seems this started up a couple of
>days ago after MyDoom hit. Is anyone else having this happen or has
>seen this before.
>
>below is an example of the a org message that was returned I left off the
>information from where it was bounced.
>
>Thanks in advance
>Steve
>--- Start
>
>Content-Type: message/rfc822
>
>Message-ID:
><QVMEELMZZSXALGDVYHSPYZ@fidalgo.net>
>From: Roseanna Escalante
><webmaster@inteliport.com>
>To: webmaster@northernbus.com
>Subject: FWD: Available All. X@nax , v|agR@ _ \ Va:l:ium =
>S0ma , Pn:t:er
> min 4v5tR
>Date: Wed, 4 Feb 2004 02:23:41 -0500
>MIME-Version: 1.0
>X-Mailer: Internet Mail Service (5.5.2656.59)
>X-MS-Embedded-Report:
>Content-Type: text/plain;
> charset="iso-8859-1"
>
>We believe ordering medication should be as simple as ordering anything else
>on the Internet: Private, secure, and easy.
>On stock: \ Xan|a|x ) Val/i/um = So+m+a = Pntermin $ V1Agr@
>Plus: A'cyc|0vir, Pr0z@.c, P@`xil, Bus:p@r,
>Ad|p&.x, I0`nam|n, M3ri:dia,
>X3nic.a|, Am`bi3n, S0na.Ta, F`l3xeril, Ce|3br'ex, Fi0ri`c3t,
>T'ram@do|,
>U|t`r@m, L3:v|tra, Pr0p3ci`a
>
>Most trusted name brands.
>Enjoy deep discount meds here
><http://www.affordablemeds.biz>
>------_=_NextPart_000_01C3EA29.1039B262--
>
>---End
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From gareth at BIM7.COM Tue Feb 3 10:42:57 2004
From: gareth at BIM7.COM (Gareth)
Date: Thu Jan 12 21:22:17 2006
Subject: incomingworkdir does not exist
In-Reply-To: <027801c3ea2d$e4b6d0c0$0a11a8c0@dijon>
References: <023d01c3e9e4$63c2c530$0a11a8c0@dijon>
<20040202234904.GC4984@rfa.org>
<027801c3ea2d$e4b6d0c0$0a11a8c0@dijon>
Message-ID: <4160.62.49.205.2.1075804977.squirrel@squirrelmail.bim7.com>
>> did you remember to set:
>>
>> Run As User = postfix
>> Run As Group = postfix
>>
> Yeah.. I did that in /etc/MailScanner/MailScanner.conf
>
I've just changed the owernship /var/spool/MailScanner/ to 'postfix' and
this seems to have stopped the error messages in mail.log.
However, none of my incoming email has any MailScanner headers appended...
how can I test everything is work? Email is still sent and received okay,
and MailScanner is running if I do a ps -edf | grep MailScanner.
Gareth
From Tim.Hadlow at BL.UK Tue Feb 3 10:59:51 2004
From: Tim.Hadlow at BL.UK (Hadlow, Tim)
Date: Thu Jan 12 21:22:17 2006
Subject: JANET RBL+ time-outs
Message-ID: <5D6AD0E24C704645A0F1F1431B9F21610433A034@NT-LONEX2>
Hello,
Since yesterday (I think) our MailScanner has been reporting rather a lot of
"RBL Check MAPS-RBL+ timed out and was killed" messages. This is the
rbl-plus.mail-abuse.ja.net service used by the UK Academic Community.
Has anyone else noticed if they are having the same problem?
Regards,
Tim.
**************************************************************************
Experience the British Library online at www.bl.uk
Adopt a Book this season ! Help the British Library conserve the world's
knowledge. www.bl.uk/adoptabook
*************************************************************************
The information contained in this e-mail is confidential and may be legally
privileged. It is intended for the addressee(s) only. If you are not the
intended recipient, please delete this e-mail and notify the
postmaster@bl.uk : The contents of this e-mail must not be disclosed or
copied without the sender's consent.
The statements and opinions expressed in this message are those of the
author and do not necessarily reflect those of the British Library. The
British Library does not take any responsibility for the views of the
author.
*************************************************************************
From mailscanner at ecs.soton.ac.uk Tue Feb 3 10:55:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:17 2006
Subject: incomingworkdir does not exist
In-Reply-To: <4160.62.49.205.2.1075804977.squirrel@squirrelmail.bim7.com >
References: <023d01c3e9e4$63c2c530$0a11a8c0@dijon>
<20040202234904.GC4984@rfa.org>
<027801c3ea2d$e4b6d0c0$0a11a8c0@dijon>
<4160.62.49.205.2.1075804977.squirrel@squirrelmail.bim7.com>
Message-ID: <6.0.1.1.2.20040203105459.04148758@imap.ecs.soton.ac.uk>
At 10:42 03/02/2004, you wrote:
> >> did you remember to set:
> >>
> >> Run As User = postfix
> >> Run As Group = postfix
> >>
> > Yeah.. I did that in /etc/MailScanner/MailScanner.conf
> >
>
>I've just changed the owernship /var/spool/MailScanner/ to 'postfix' and
>this seems to have stopped the error messages in mail.log.
Can someone add that to the FAQ please?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From steve at INTELIPORT.COM Tue Feb 3 11:23:38 2004
From: steve at INTELIPORT.COM (Stephen Lane)
Date: Thu Jan 12 21:22:17 2006
Subject: Need some help Hijacked Returned domain
Message-ID:
If I do use the access list or sendmail.cf won't that break the DSN rule,
and if so what will the affect of doing so be.
From steve at INTELIPORT.COM Tue Feb 3 11:23:38 2004
From: steve at INTELIPORT.COM (Stephen Lane)
Date: Thu Jan 12 21:22:17 2006
Subject: Need some help Hijacked Returned domain
Message-ID:
If I do use the access list or sendmail.cf won't that break the DSN rule,
and if so what will the affect of doing so be.
From Jan-Peter.Koopmann at SECEIDOS.DE Tue Feb 3 11:45:40 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:17 2006
Subject: NDR strategy
Message-ID:
> I suspect this is done by doing an LDAP lookup.
Correct which is why we are not using it. I would like to have my
Exim/Sendmail only talk to Exchange via SMTP. Therefore we push this
information towards Exim. We wrote a little script that exports all
valid e-mail adresses to the unix box, convert this to a cdb and have
exim look this up. Works automatically and flawlessly.
Regards,
JP
From martinh at SOLID-STATE-LOGIC.COM Tue Feb 3 11:50:27 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:22:17 2006
Subject: NDR strategy
In-Reply-To:
References:
Message-ID: <401F8B03.7040802@solid-state-logic.com>
Jan-Peter Koopmann wrote:
>>I suspect this is done by doing an LDAP lookup.
>
>
> Correct which is why we are not using it. I would like to have my
> Exim/Sendmail only talk to Exchange via SMTP. Therefore we push this
> information towards Exim. We wrote a little script that exports all
> valid e-mail adresses to the unix box, convert this to a cdb and have
> exim look this up. Works automatically and flawlessly.
>
> Regards,
> JP
JP
have you got this script and the exim settings? I'd love to setup this
on our exim system.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
From Jan-Peter.Koopmann at SECEIDOS.DE Tue Feb 3 11:53:15 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:17 2006
Subject: BSD pb running MailScanner
Message-ID:
Thierry,
as you know I answered to your question and in turn asked you several.
Again: From what you told me off list I am pretty sure your MTA setup is
wrong. Your mail is probably received by ssmtp and delivered right away
instead of being stored in a queue. Therefore MailScanner never sees it.
Again: Please check if you receive mail if mailscanner is not running.
If you do, my assumption is correct.
Moreover: Why do you not use sendmail/exim/postfix but ssmtp? That is
really not the MTA you would like to use for this kind of purpose.
Thanks,
JP
From Jan-Peter.Koopmann at SECEIDOS.DE Tue Feb 3 12:05:05 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:17 2006
Subject: SPF and MailScanner
Message-ID:
> I have yet to see a solution to the problem that actually
> will work in real life. SPF requires me to keep track of all
> the IP addresses of every outgoing-mail-server used by
> BTInternet, for example.They change their setup (for
> maintenance or whatever) and all of a sudden all my mail is
> rejected. Yeah, great idea :-(
Not necessarily true. First of all this is voluntarily. If you decide
not to give your domain SPF records nothing will change. If you do you
could use things like ptr, mx or include directive:
Mx: Allow mail being sent from all hosts that also accept mail for this
domain
Ptr: Allow mail for this host from all IPs that resolve to your domain.
Include: If BTInternet support SPF simply include btinternet and you do
not need to worry.
I fail to see why BTInternet is a problem for you? Are you behind a
dial-up like connection and run your own mailserver? That might be a
problem I agree. Companies tend to run their MTAs behind a static IP
though and have their remote users use SMTP AUTH to make sure, outgoing
mail is proberly scanned etc.
Personally I think SPF is a good concept. Not perfect, but good!
Regards,
JP
From ronan at NOC.ULCC.AC.UK Tue Feb 3 12:00:28 2004
From: ronan at NOC.ULCC.AC.UK (Ronan Flood)
Date: Thu Jan 12 21:22:17 2006
Subject: JANET RBL+ time-outs
In-Reply-To: <5D6AD0E24C704645A0F1F1431B9F21610433A034@NT-LONEX2> from
"Hadlow, Tim" at Feb 03, 2004 10:59:51 AM
Message-ID:
Tim Hadlow wrote:
> Since yesterday (I think) our MailScanner has been reporting rather a lot of
> "RBL Check MAPS-RBL+ timed out and was killed" messages. This is the
> rbl-plus.mail-abuse.ja.net service used by the UK Academic Community.
That's probably because one of the servers is currently in transit;
sorry about that. Should be back in service tomorrow afternoon.
Perhaps I should have taken it out of the zone, but I thought the DNS
would cope ...
---**---
Ronan Flood
Tel: +44 20 7692 1432 Fax: +44 20 7692 1234
Network Services, University of London Computer Centre
From christo at IT4AFRICA.CO.ZA Tue Feb 3 11:16:28 2004
From: christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout)
Date: Thu Jan 12 21:22:17 2006
Subject: Announce: MailWatch for MailScanner 0.5 {Virus Scanned}
In-Reply-To: <67D9E7698329D411936E00508B6590B902773E43@neelix.lbsltd.co.uk>
Message-ID: <015d01c3ea47$2b0b6310$660210ac@christoxp>
After I upgraded my Mailwatch I get the following error in my log and no
mail is delivered. My queues are filling up.
My config RH9 MS latest stable
Feb 3 13:17:51 mailtest MailScanner[22842]: Cannot insert row: Column
count doesn't match value count at row 1
From spamtrap71892316634 at ANIME.NET Tue Feb 3 12:27:19 2004
From: spamtrap71892316634 at ANIME.NET (Dan Hollis)
Date: Thu Jan 12 21:22:17 2006
Subject: SPF and MailScanner
In-Reply-To:
Message-ID:
On Tue, 3 Feb 2004, Jan-Peter Koopmann wrote:
> Personally I think SPF is a good concept. Not perfect, but good!
Exactly. *my* domain, *my* rules. Period. That's all SPF does, it lets
*me* enforce *my* rules on usage of *my* domain.
-Dan
From Jan-Peter.Koopmann at SECEIDOS.DE Tue Feb 3 12:38:40 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:17 2006
Subject: NDR strategy
Message-ID:
Hi Martin,
> JP
>
> have you got this script and the exim settings? I'd love to
> setup this on our exim system.
sure. On the DC we use the following vbs script:
const FILENAME= "whitelist-adresses.txt" 'File
name for exporting data from AD
const LDAPQUERY=
"LDAP://yourserver/DC=intern,DC=youractivedirectory,DC=de" 'LDAP query
to Active Directory, where
Dim con, com, rs, fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.OpenTextFile(FILENAME, 2, True) ' ForReading = 1,
ForWriting = 2, ForAppending = 8
Set con = CreateObject("ADODB.Connection")
Set com = CreateObject("ADODB.Command")
con.Provider = "ADsDSOObject"
con.Open "Active Directory Provider"
Set com.ActiveConnection = con
com.CommandText = "select proxyAddresses from '" & LDAPQUERY & "'
where objectClass= 'user' or objectClass='group' order by sn "
com.Properties("Page Size") = 1000
Set rs = com.Execute
rs.MoveFirst
While Not rs.EOF
TProxyAddresses = rs.Fields("proxyAddresses")
If Not IsNull(TProxyAddresses) Then
TProxyAddressesCount = UBound(TProxyAddresses)
For i = 0 To TProxyAddressesCount
If LCase(Left(TProxyAddresses(i),4))="smtp" Then
f.Write lcase(trim(Mid(TProxyAddresses(i),6))) &
VBLf
End If
Next
End iF
rs.MoveNext
Wend
rs.Close
f.Close
wscript.quit
This script is running every 30 minutes. You will have to adjust the
LDAPQUERY to suit your DC structure of course. If whitelist-adresses.txt
differs from the old version we scp it to our exim server in the DMZ.
On that server we check for a new version, convert the .txt into a .map
and then convert that to a cdb. The .txt file has the format
Validemail@yourdomain.com
We simply change that to
validemail@yourdomain.com 1
and then convert this to a cdb using this little script (which we use
for all kinds of cdbs...)
#! /usr/bin/perl
while(<>) {
# skip comments
next if /^\s*#/;
# skip empty lines
next if /^\s*$/;
# chop off trailing newline
chop;
# delete leading whitespace
s/^\s+//;
# retrieve key and value from the input line
($key, $value) = split(/:\s*/, $_, 2);
# emit cdbmake input line
printf "+%d,%d:%s->%s\n", length($key), length($value), $key,
$value;
}
print "\n";
After this all you need to do is run cdbmake and store the cdb to the
location you want it.
In Exims configure (the incoming one obvisously) we define a domainlist
domainlist check_rcpt_domains = yourdomain1 : yourdomain2
Only mails for domains in this list will be checked against the
whitelist. In the rcpt_acl you need to put
accept domains = +check_rcpt_domains
endpass
message = user unknown
recipients = cdb;/usr/local/etc/exim/whitelist-rcpt.cdb
And that's it. Moreover we manually maintain a blacklist for the e-mails
that exist in the company but should not be able to receive mails from
the internet.
I hope this gives you a kick start.
Regards,
JP
From m.sapsed at BANGOR.AC.UK Tue Feb 3 12:53:08 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:22:17 2006
Subject: Enterprise Library + MailScanner
References: <00ad01c3e5b8$6a7a77e0$0501a8c0@darkside>
<6.0.1.1.2.20040128165239.03bf91e0@imap.ecs.soton.ac.uk>
Message-ID: <401F99B4.9090108@bangor.ac.uk>
Julian Field wrote:
>> Sophos has a replacement for their Enterprise Manager called
>> Enterprise Library, and it now supports Linux (and other
>> *nix and Novell) instead of just Windows clients. How
>> difficult would it be to have MailScanner update Sophos
>> from a CID or a web CID?
>>
>> Or is it a bad idea to automaticaly upgrade the engine?
>
> The only time I ever automatically upgraded the engine, it broke SAVI. I
> had to rebuild the perl SAVI module to get it to work again.
> So I'm a little wary of going down that path.
I've been using EM Library to update the copy of Sophos I use on my
Linux MailScanner testbed for some time now as I was trying out the beta
version. It appears to run ok and has upgraded the engine at least once
while I've been using it.
I cobbled a perl script to use the same lock file as Julian's autoupdate
prog while the update ran (or at least I think I did!) but it could
probably do with more error checking.
Basically there is a script in the EM distribution of Sophos for *ix
which maintains a copy of the CID and if anything changes, it updates
the cache and then runs Sophos' install.sh. The script reads some
settings from a config file in /etc so you can "MailScanner-ise" the
folders it uses and it appears to work ok but this is on a lightly
loaded server. I'm contemplating setting it up on our 3 Solaris mail
hubs but haven't had the bottle yet!
Given Julian's comments about SAVI, maybe using EM in conjunction with
SAVI isn't wise but if you're just using sweep then it might be of
interest, if you're already running EM anyway. We seem to have had a
couple of cases where the mail hubs didn't get their engine upgraded
promptly enough and hence were unable to get the latest updates with
Julian's script - I could do without that happening again...!
Julian - have you looked at this stuff at all?? Would you be interested
in looking at the scripts etc?
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
From steve.freegard at LBSLTD.CO.UK Tue Feb 3 12:56:13 2004
From: steve.freegard at LBSLTD.CO.UK (Steve Freegard)
Date: Thu Jan 12 21:22:17 2006
Subject: Announce: MailWatch for MailScanner 0.5 {Virus Scanned}
Message-ID: <67D9E7698329D411936E00508B6590B902773E46@neelix.lbsltd.co.uk>
Hi Christo,
Make sure that you have copied MailWatch.pm from the mailwatch-0.5 tarball
into /usr/lib/MailScanner/MailScanner as this could cause the symptons you
report.
Kind regards,
Steve.
> -----Original Message-----
> From: Christo Bezuidenhout [mailto:christo@IT4AFRICA.CO.ZA]
> Sent: 03 February 2004 11:16
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Announce: MailWatch for MailScanner 0.5 {Virus Scanned}
>
>
> After I upgraded my Mailwatch I get the following error in my
> log and no mail is delivered. My queues are filling up.
>
> My config RH9 MS latest stable
>
> Feb 3 13:17:51 mailtest MailScanner[22842]: Cannot insert
> row: Column count doesn't match value count at row 1
>
--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.
This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.
From carles at UNLIMITEDMAIL.ORG Tue Feb 3 13:11:08 2004
From: carles at UNLIMITEDMAIL.ORG (Carles Xavier Munyoz =?iso-8859-15?q?Bald=F3?=)
Date: Thu Jan 12 21:22:17 2006
Subject: 2 MailScanners, 1 Bayes DataBase.
Message-ID: <200402031411.08171.carles@unlimitedmail.org>
Hi,
I must use two MailScanners for two differents Sendmails installed in the same
computer (one for the MX server and the other used as RELAY SMTP for my
internet users).
I would like that the two MailScanners use the same Bayes DataBase for the
SpamAssassin.
I will use the bayes_path configuration option in the spam.assassin.prefs.conf
file to point to the same bayes database in the two MailScanner instances:
bayes_path /var/spool/spamassassin/bayes
Is there any problem in this ?
Any race condition ?
Any suggestion about this 2 MailScanners setup ?
May I install only one MailScanner and then run two MailScanner instances
using a different MailScanner.conf file for each one (I need two MailScanner
because each Sendmail uses its own email queue) ?
Which configuration parameters mut I take in account ?
Greetings.
---
Carles Xavier Munyoz Bald?
carles@unlimitedmail.org
http://www.unlimitedmail.net/
---
From martinh at SOLID-STATE-LOGIC.COM Tue Feb 3 13:44:27 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:22:17 2006
Subject: 2 MailScanners, 1 Bayes DataBase.
In-Reply-To: <200402031411.08171.carles@unlimitedmail.org>
References: <200402031411.08171.carles@unlimitedmail.org>
Message-ID: <401FA5BB.7090409@solid-state-logic.com>
Carles Xavier Munyoz Bald? wrote:
> Hi,
> I must use two MailScanners for two differents Sendmails installed in the same
> computer (one for the MX server and the other used as RELAY SMTP for my
> internet users).
>
> I would like that the two MailScanners use the same Bayes DataBase for the
> SpamAssassin.
> I will use the bayes_path configuration option in the spam.assassin.prefs.conf
> file to point to the same bayes database in the two MailScanner instances:
> bayes_path /var/spool/spamassassin/bayes
>
> Is there any problem in this ?
> Any race condition ?
>
> Any suggestion about this 2 MailScanners setup ?
> May I install only one MailScanner and then run two MailScanner instances
> using a different MailScanner.conf file for each one (I need two MailScanner
> because each Sendmail uses its own email queue) ?
> Which configuration parameters mut I take in account ?
>
> Greetings.
> ---
> Carles Xavier Munyoz Bald?
> carles@unlimitedmail.org
> http://www.unlimitedmail.net/
> ---
Carles
there was some talk on this on the spamassassin email list a couple of
weeks ago. basically you should be OK provided only of the SA instances
(or MS in this case) is writing to the bayes DB for autolearning and
manual spam training. Also the MailScanner doing the writing should be
the one which has the bayes DB locally.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
From Ulysees at ULYSEES.COM Tue Feb 3 13:53:44 2004
From: Ulysees at ULYSEES.COM (Ulysees)
Date: Thu Jan 12 21:22:17 2006
Subject: [OT ish] converting charsets
Message-ID: <000501c3ea5d$2364e9e0$3201010a@nimitz>
Running 4.25-14 with sendmail on Fedora passing through to exchange and I've
been getting a few funky messages & I'm not sure if it's the MTA or
mailscanner that's to blame
Mails come through to the exchange box with the following message:
This message uses a character set that is not supported by the Internet
Service. To view the original message content, open the attached message.
If the text doesn't display correctly, save the attachment to disk, and then
open it using a viewer that can display the original character set.
<>
message.txt appears to be the actual email + headers
interesting bit is below, any ideas ?
Content-Type: text/plain; charset=unknown-8bit
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by
mailscanner.ulysees.com id i0S9MQxp027610
From steve at INTELIPORT.COM Tue Feb 3 14:05:48 2004
From: steve at INTELIPORT.COM (Stephen Lane)
Date: Thu Jan 12 21:22:17 2006
Subject: Located issue Joe-Job attack Was Hijacked Returned domain
Message-ID:
I've located what this is attack is called "Joe-Job" and I'm trying to
figure out how to accept from=<> then discard it at the MTA. Does anyone
have a sendmail.cf config rule that shows how to do this.
Thanks in advance
Steve
From ugob at CAMO-ROUTE.COM Tue Feb 3 14:05:55 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:17 2006
Subject: scan zip files
Message-ID: <54C38A0B814C8E438EF73FC76F36292741089E@mtlnt501fs.CAMOROUTE.COM>
> -----Message d'origine-----
> De : stephane BRANCHOUX [mailto:stephane.branchoux@UNIV-PERP.FR]
> Envoy? : Tuesday, February 03, 2004 4:41 AM
> ? : MAILSCANNER@JISCMAIL.AC.UK
> Objet : scan zip files
>
>
> Hello,
>
> i use mailscanner 4.12 with mcafee.
>
> Zip files are authorized but is there a way to scan zip files ?
The zip files are usually scanned by your virus scanner.
>
> Last virus is sent in a zip file and i would like to scan it without
>
> blocking all zip files.
>
> Many thanks in advance.
>
> stephane BRANCHOUX
> Centre de Ressources Informatiques de l'Universit? de Perpignan.
> Syst?mes/R?seaux
> mailto:stephane.branchoux@univ-perp.fr
> 04 68 66 21 24
>
>
From Jan-Peter.Koopmann at SECEIDOS.DE Tue Feb 3 14:07:16 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:17 2006
Subject: [OT ish] converting charsets
Message-ID:
> exchange and I've been getting a few funky messages & I'm not
> sure if it's the MTA or mailscanner that's to blame
Most probably not mailscanner and perhaps not your MTA. Is the sender
MUA/MTA corretly configured? Is this happening for all mails or just for
one sender?
Regards,
JP
From mailscanner at ecs.soton.ac.uk Tue Feb 3 13:51:28 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:17 2006
Subject: 200,000 downloads of MailScanner
Message-ID: <6.0.1.1.2.20040203134736.07c3d298@imap.ecs.soton.ac.uk>
MailScanner has just passed the 200,000 downloads milestone!
Many thanks to all of you for helping to spread the word and make my little
bit of code possibly the most widely-used combined email virus scanner and
spam detector in the world.
Let's see how fast the web site can munch through the next 200,000 :-)
Jules.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Tue Feb 3 13:33:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:17 2006
Subject: Enterprise Library + MailScanner
In-Reply-To: <401F99B4.9090108@bangor.ac.uk>
References: <00ad01c3e5b8$6a7a77e0$0501a8c0@darkside>
<6.0.1.1.2.20040128165239.03bf91e0@imap.ecs.soton.ac.uk>
<401F99B4.9090108@bangor.ac.uk>
Message-ID: <6.0.1.1.2.20040203133154.07c3d7b8@imap.ecs.soton.ac.uk>
At 12:53 03/02/2004, you wrote:
>Julian Field wrote:
>>>Sophos has a replacement for their Enterprise Manager called
>>>Enterprise Library, and it now supports Linux (and other
>>>*nix and Novell) instead of just Windows clients. How
>>>difficult would it be to have MailScanner update Sophos
>>>from a CID or a web CID?
>>>
>>>Or is it a bad idea to automaticaly upgrade the engine?
>>
>>The only time I ever automatically upgraded the engine, it broke SAVI. I
>>had to rebuild the perl SAVI module to get it to work again.
>>So I'm a little wary of going down that path.
>
>I've been using EM Library to update the copy of Sophos I use on my
>Linux MailScanner testbed for some time now as I was trying out the beta
>version. It appears to run ok and has upgraded the engine at least once
>while I've been using it.
>
>I cobbled a perl script to use the same lock file as Julian's autoupdate
>prog while the update ran (or at least I think I did!) but it could
>probably do with more error checking.
>
>Basically there is a script in the EM distribution of Sophos for *ix
>which maintains a copy of the CID and if anything changes, it updates
>the cache and then runs Sophos' install.sh. The script reads some
>settings from a config file in /etc so you can "MailScanner-ise" the
>folders it uses and it appears to work ok but this is on a lightly
>loaded server. I'm contemplating setting it up on our 3 Solaris mail
>hubs but haven't had the bottle yet!
>
>Given Julian's comments about SAVI, maybe using EM in conjunction with
>SAVI isn't wise but if you're just using sweep then it might be of
>interest, if you're already running EM anyway. We seem to have had a
>couple of cases where the mail hubs didn't get their engine upgraded
>promptly enough and hence were unable to get the latest updates with
>Julian's script - I could do without that happening again...!
>
>Julian - have you looked at this stuff at all?? Would you be interested
>in looking at the scripts etc?
No, I haven't looked into it myself, I just do the upgrade by hand every 3
months. My experience with the SAVI perl problem was enough to put me off
doing this for a while. I guess I could automate the build and installation
of the perl module too.
Would be good to take a quick look at the scripts though.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From jaearick at COLBY.EDU Tue Feb 3 14:34:31 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:22:17 2006
Subject: a ghost in filetype.rules.conf
Message-ID:
Julian,
I've been scratching my head on this one for several versions
of MailScanner now. The head of our athletics dept (who uses a
Mac) will send emails to other coaches, plain text. Two coaches
who reply (they use Windows) sporadically get their replies rejected
with:
No programs allowed (msg-8402-111.txt)
^^^^^^^^
numbers differ
This same rejection message pops up with other users on rare
occasions, but mostly with these two coaches and the Athletic
Director. I've had our PC staff look at all three machines for
viruses, nothing.
I've put my system into quarantine mode, with
"Quarantine Whole Message = yes", and stared at the result.
There is no attachment. I've run the entire message thru clam and
sophos, clean. Nothing there but plain text reply to a plain
text message. My only oddball change in MS relating to text
is my specification of ISO-8859-1 charset instead of ascii.
I've modified my filetype.rules.conf so that I can figure out
which rule causes the rejection (ELF or executable). Any ideas
or suggestions on this one? I can provide an example if need
be. (setup: Sol9, MS 4.26.8, SA 2.63, razor).
Jeff Earickson
Colby College
From christo at IT4AFRICA.CO.ZA Tue Feb 3 13:53:50 2004
From: christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout)
Date: Thu Jan 12 21:22:17 2006
Subject: Announce: MailWatch for MailScanner 0.5 {Virus Scanned}
In-Reply-To: <67D9E7698329D411936E00508B6590B902773E46@neelix.lbsltd.co.uk>
Message-ID: <017501c3ea5d$2754c1b0$660210ac@christoxp>
Thanx I missed the part of copying the file.
Working like a charm now.
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Freegard
> Sent: 03 February 2004 02:56 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Announce: MailWatch for MailScanner 0.5 {Virus Scanned}
>
>
> Hi Christo,
>
> Make sure that you have copied MailWatch.pm from the
> mailwatch-0.5 tarball into /usr/lib/MailScanner/MailScanner
> as this could cause the symptons you report.
>
> Kind regards,
> Steve.
>
> > -----Original Message-----
> > From: Christo Bezuidenhout [mailto:christo@IT4AFRICA.CO.ZA]
> > Sent: 03 February 2004 11:16
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Announce: MailWatch for MailScanner 0.5 {Virus Scanned}
> >
> >
> > After I upgraded my Mailwatch I get the following error in
> my log and
> > no mail is delivered. My queues are filling up.
> >
> > My config RH9 MS latest stable
> >
> > Feb 3 13:17:51 mailtest MailScanner[22842]: Cannot insert
> > row: Column count doesn't match value count at row 1
> >
>
> --
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual or entity
> to whom they are addressed. If you have received this email
> in error please notify the sender and delete the message from
> your mailbox.
>
> This footnote also confirms that this email message has been
> swept by MailScanner (www.mailscanner.info) for the presence
> of computer viruses.
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> Mailscanner thanks IT For Africa for their support.
>
From ryan at MARINOCRANE.COM Tue Feb 3 14:42:41 2004
From: ryan at MARINOCRANE.COM (Ryan Pitt)
Date: Thu Jan 12 21:22:17 2006
Subject: Announce: MailWatch for MailScanner 0.5
In-Reply-To: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
References: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
Message-ID: <401FB361.3030500@marinocrane.com>
Thanks Steve,
Awesome job, as always!
Ryan Pitt
Steve Freegard wrote:
>Hi All,
>
>I'm pleased to finally release 0.5 which you can download from
>http://www.sourceforge.net/projects/mailwatch.
>
>CHANGE LOG
>- Updated indexes for much greater performance (again!).
>- Added preliminary support for per-user filters (see USER_FILTERS file).
>- Added the ability to view quarantined items.
>- All tables now enable a pager when returning more than 50 rows and allow
> ordering by any of the displayed columns.
>- New tool to run SpamAssassin --lint and time the output for debugging SA.
>- New F-Secure status page (like Sophos).
>- Required PEAR modules now included.
>- Added reporting of Blacklisted mails.
>- Integrated the reporting of SpamAssassin Blacklisted/Whitelisted e-mails.
>- Quoted printable strings are now automatically decoded before display.
>- Configuration options moved from functions.php into conf.php
>- Automatically works out VIRUS_REGEX by using the first value in
> MailScanner.conf - e.g. 'Virus Scanners = sophossavi clamavmodule' would
> activate the regexp for SophosSAVI.
>- New 'Virus Report' allows comparison of multiple scanners (if you run
> more than one) and allows you to see 1st detection date/time of each
> virus by each scanner.
>- Integration with Fortress Systems Secure Mail Gateway.
>
>FIXES
>- Multiple clean-ups of mailq.php to make it more robust.
>- Greatly improved debugging of SQL statments.
>- Quarantine now correctly looks in the non-spam quarantine directories.
>- SA Rules Description Update now reads custom rules as well.
>- sendmail_relay.php now works across log rotations.
>- Increased memory_limit to 128M for quarantine functions.
>
>Kind regards,
>Steve.
>
>--
>MailWatch for MailScanner
>http://mailwatch.sourceforge.net
>
>--
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the sender and delete the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>
>
--
This message has been scanned for viruses and dangerous content by MailScanner,
and is believed to be clean.
From taz at AZTEK-ENG.COM Tue Feb 3 15:15:33 2004
From: taz at AZTEK-ENG.COM (taz)
Date: Thu Jan 12 21:22:17 2006
Subject: Dual-headed email servers
Message-ID: <00f001c3ea68$91c43840$270100bf@backlab>
Please don't overpost on this one. You can just email me directly. I would like to know if anyone knows where I can find information about dual-heading an email server, if that is what it is called. (two or more email servers with users spread across them for load-balancing, speed and such). We are needing something like this or similar to test a new email server that is going into the DMZ, but not online yet. We want it to function like a normal email server, but only with 5-10 users on it. This would be in a sendmail configuration. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040203/25a729a8/attachment.html
From mkettler at EVI-INC.COM Tue Feb 3 16:01:00 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:22:17 2006
Subject: scan zip files
In-Reply-To: <467301c3ea39$db6216e0$0688a7c2@belleile>
References: <467301c3ea39$db6216e0$0688a7c2@belleile>
Message-ID: <6.0.0.22.0.20040203105953.0270cf60@xanadu.evi-inc.com>
At 04:41 AM 2/3/2004, stephane BRANCHOUX wrote:
>i use mailscanner 4.12 with mcafee.
>
>Zip files are authorized but is there a way to scan zip files ?
>
>Last virus is sent in a zip file and i would like to scan it without
>
>blocking all zip files.
That should work out-of-the-box without any additional configuration..
Have you tested it (ie: email yourself a zipfile containing EICAR or
something of the sort?)
From email at ace.net.au Tue Feb 3 15:59:57 2004
From: email at ace.net.au (Peter Nitschke)
Date: Thu Jan 12 21:22:17 2006
Subject: Located issue Joe-Job attack Was Hijacked Returned domain
In-Reply-To:
References:
Message-ID: <200402040229570674.0049AF19@smtp1.ace.net.au>
I don't think there is any simple way to defeat this.
If you want to get brutal, there was some stuff posted last year to add to
sendmail.mc that allowed you to block by various words in the subject, so
you could for eg block the following
undeliverable mail
undelivered mail returned
mail delivery fail
etc etc, breaks the rules though.
I got lucky as most of these return addresses had numbers in them, eg
joe25r@domain.com and I have never allowed numbers in the first part of the
email address - due to a limitation in the opriginal accounting system I
used. I managed to make an entry that rejected any To: address here that
had a number in it, and that has virtually eliminated the problem.
Peter
*********** REPLY SEPARATOR ***********
On 3/02/2004 at 2:05 PM Stephen Lane wrote:
>I've located what this is attack is called "Joe-Job" and I'm trying to
>figure out how to accept from=<> then discard it at the MTA. Does anyone
>have a sendmail.cf config rule that shows how to do this.
>
>Thanks in advance
>
>Steve
From jwilliam at KCR.UKY.EDU Tue Feb 3 16:04:52 2004
From: jwilliam at KCR.UKY.EDU (John Williams)
Date: Thu Jan 12 21:22:18 2006
Subject: 200,000 downloads of MailScanner
In-Reply-To: <6.0.1.1.2.20040203134736.07c3d298@imap.ecs.soton.ac.uk>
References: <6.0.1.1.2.20040203134736.07c3d298@imap.ecs.soton.ac.uk>
Message-ID: <6.0.0.22.2.20040203105723.01b97460@mail.kcr.uky.edu>
Congrats! Just this morning I was talking to Sendmail.com about upgrading our
version of Sendmail. While on the phone I was curious and asked them about
their anti-spam package. She said it would cost a little over $8000, the
minimum
500 user license. I said that being a University and facing budget cuts we
couldn't
afford it and told her we would continue to use MailScanner and
Sophos. She said
that she had heard of MailScanner and many of her customers told her the
same thing.
Just thought you might want to know. Thanks for filling such a great need!
With gratitude,
John
At 08:51 AM 2/3/2004, you wrote:
>MailScanner has just passed the 200,000 downloads milestone!
>
>Many thanks to all of you for helping to spread the word and make my little
>bit of code possibly the most widely-used combined email virus scanner and
>spam detector in the world.
>
>Let's see how fast the web site can munch through the next 200,000 :-)
>
>Jules.
John P. Williams, MA
Systems Analyst, Sr.
University of Kentucky/Kentucky Cancer Registry
2365 Harrodsburg Rd, Suite A230
Lexington, KY 40504-3381
Telephone: (859)219-0773 x283 Fax: (859)219-0557
mailto:jwilliam@kcr.uky.edu http://www.kcr.uky.edu
--Statement of Confidentiality--
This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the sender and delete this message immediately. Thank you.
From Eric.Doutreleau at INT-EVRY.FR Tue Feb 3 16:26:09 2004
From: Eric.Doutreleau at INT-EVRY.FR (Eric Doutreleau)
Date: Thu Jan 12 21:22:18 2006
Subject: Announce: MailWatch for MailScanner 0.5
In-Reply-To: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
References: <67D9E7698329D411936E00508B6590B902773E42@neelix.lbsltd.co.uk>
Message-ID: <1075825568.6884.9.camel@rezo.int-evry.fr>
Does we still have to use the perl-DBD-MySQL 2.1028 version or
can we switch to the latest version available?
Le mar 03/02/2004 ? 01:44, Steve Freegard a ?crit :
> Hi All,
>
> I'm pleased to finally release 0.5 which you can download from
> http://www.sourceforge.net/projects/mailwatch.
>
> CHANGE LOG
> - Updated indexes for much greater performance (again!).
> - Added preliminary support for per-user filters (see USER_FILTERS file).
> - Added the ability to view quarantined items.
> - All tables now enable a pager when returning more than 50 rows and allow
> ordering by any of the displayed columns.
> - New tool to run SpamAssassin --lint and time the output for debugging SA.
> - New F-Secure status page (like Sophos).
> - Required PEAR modules now included.
> - Added reporting of Blacklisted mails.
> - Integrated the reporting of SpamAssassin Blacklisted/Whitelisted e-mails.
> - Quoted printable strings are now automatically decoded before display.
> - Configuration options moved from functions.php into conf.php
> - Automatically works out VIRUS_REGEX by using the first value in
> MailScanner.conf - e.g. 'Virus Scanners = sophossavi clamavmodule' would
> activate the regexp for SophosSAVI.
> - New 'Virus Report' allows comparison of multiple scanners (if you run
> more than one) and allows you to see 1st detection date/time of each
> virus by each scanner.
> - Integration with Fortress Systems Secure Mail Gateway.
>
> FIXES
> - Multiple clean-ups of mailq.php to make it more robust.
> - Greatly improved debugging of SQL statments.
> - Quarantine now correctly looks in the non-spam quarantine directories.
> - SA Rules Description Update now reads custom rules as well.
> - sendmail_relay.php now works across log rotations.
> - Increased memory_limit to 128M for quarantine functions.
>
> Kind regards,
> Steve.
>
> --
> MailWatch for MailScanner
> http://mailwatch.sourceforge.net
>
> --
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender and delete the message from your mailbox.
>
> This footnote also confirms that this email message has been swept by
> MailScanner (www.mailscanner.info) for the presence of computer viruses.
From Ulysees at ULYSEES.COM Tue Feb 3 16:32:53 2004
From: Ulysees at ULYSEES.COM (Ulysees)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT ish] converting charsets
References:
Message-ID: <000701c3ea73$5f951410$3201010a@nimitz>
The mails that cause this always come from the same group of sites.
I've also found that it happens if I turn on full headers in the virus
reports.
This doesn't happen on a 4.23-11 on rh7.2 box that I'm retiring.
Uly
----- Original Message -----
From: "Jan-Peter Koopmann"
To:
Sent: Tuesday, February 03, 2004 2:07 PM
Subject: Re: [MAILSCANNER] [OT ish] converting charsets
> exchange and I've been getting a few funky messages & I'm not
> sure if it's the MTA or mailscanner that's to blame
Most probably not mailscanner and perhaps not your MTA. Is the sender
MUA/MTA corretly configured? Is this happening for all mails or just for
one sender?
Regards,
JP
From gdoris at rogers.com Tue Feb 3 16:48:52 2004
From: gdoris at rogers.com (Gerry Doris)
Date: Thu Jan 12 21:22:18 2006
Subject: 200,000 downloads of MailScanner
In-Reply-To: <6.0.1.1.2.20040203134736.07c3d298@imap.ecs.soton.ac.uk>
References: <6.0.1.1.2.20040203134736.07c3d298@imap.ecs.soton.ac.uk>
Message-ID: <62310.129.80.22.143.1075826932.squirrel@tiger.dorfam.ca>
> MailScanner has just passed the 200,000 downloads milestone!
>
> Many thanks to all of you for helping to spread the word and make my
> little
> bit of code possibly the most widely-used combined email virus scanner and
> spam detector in the world.
>
> Let's see how fast the web site can munch through the next 200,000 :-)
>
> Jules.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
Congratulations!
However, I heard a rumour that it was really your mother that downloaded
most of those copies...is that true?
Gerry
From dwinkler at ALGORITHMICS.COM Tue Feb 3 16:50:27 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:22:18 2006
Subject: MAPS-RBL
Message-ID: <20CEA27AF49D7F4691F02E7ADC5D4ECD04B197@tormail2.algorithmics.com>
We're considering paying for MAPS-RBL services.
Any comments on it's effectiveness?
Thanks,
Derek Winkler
Security Administrator
Algorithmics
185 Spadina Ave
Toronto, Ontario
Canada
M5T 2C6
Phone: 416-217-4107
Fax: 416-971-6100
From bpumphrey at WOODMACLAW.COM Tue Feb 3 17:07:28 2004
From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey)
Date: Thu Jan 12 21:22:18 2006
Subject: MailScanner.conf questions
Message-ID:
1. In the web site about the MailScanner.conf it says (with some text
taking out) talking about spam.whitelist.rules:
Is Definitely Not Spam
You will probably want to include your own site (or your own site's IP
addresses) in this ruleset.
Does that mean put:
From: *@domain.com or
FromOrTo *@domain.com
It would seem that if it said FromOrTo, that it would treat all mail as
not spam and "not" perform any blocking.
2. Is this how to disable blocking for a user ID:
FromOrTo: user@domain.com yes
3. Do you have to configure the spamassassin white list also, being that
you have to configure the whitelist in 2 places?
Spam.whitelist.rules and spam.assassin.prefs.conf?
Thank you for any answers.
Billy Pumphrey
From test at NEXTMILL.NET Tue Feb 3 17:20:05 2004
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:22:18 2006
Subject: Getting SpamAssassin installation could not be found error
Message-ID:
Fresh Install
Fedora Core 1 (Perl 5.8.1 selected at installation)
MailScanner: mailscanner-4.26.8-1.rpm.tar
SpamAssassin: spamassassin-2.63-1.i386.rpm & perl-mail-spamassassin-2.63-
1.i386.rpm
Antivirus: clamav-0.65-4.i386.rpm
Installed via CPAN - Net::DNS, Time::HiRes, Pod::Usage
/var/log/maillog shows every 10 seconds:
Feb 4 09:11:10 mailcheck MailScanner[2840]: MailScanner E-Mail Virus
Scanner version 4.26.8 starting...
Feb 4 09:11:10 mailcheck MailScanner[2840]: SpamAssassin installation
could not be found
Listed all RPMs, there was only one Perl (5.8.1) and SpamAssassin (2.63),
uninstalled SpamAssassin and its perl-mail rpms, reinstalled, rebooted
server, still does not help.
Copied /usr/lib/perl5/site_perl/5.8.1/ to /usr/lib/perl5/site_perl/5.6.1/
as the FAQ states and it didn't help.
Don't have a /usr/lib/perl5/site_perl/5.8.1/Mail FOLDER as mentioned in
the FAQ under SpamAssassin:installation could not be found
Any advise on what next to troubleshoot would be greatly appreciated
From marco at MUW.EDU Tue Feb 3 17:42:49 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:22:18 2006
Subject: Getting SpamAssassin installation could not be found error
In-Reply-To:
References:
Message-ID: <1075830169.401fdd9998bdc@webmail.MUW.Edu>
Uninstall the SpamAssassin RPMS and install SA from CPAN:
perl -MCPAN -e shell
o con prerequisites_policy ask
install Mail::SpamAssassin
This is guaranteed to work !!!
Quoting Brian Lewis :
> Fresh Install
> Fedora Core 1 (Perl 5.8.1 selected at installation)
> MailScanner: mailscanner-4.26.8-1.rpm.tar
> SpamAssassin: spamassassin-2.63-1.i386.rpm & perl-mail-spamassassin-2.63-
> 1.i386.rpm
> Antivirus: clamav-0.65-4.i386.rpm
> Installed via CPAN - Net::DNS, Time::HiRes, Pod::Usage
>
> /var/log/maillog shows every 10 seconds:
> Feb 4 09:11:10 mailcheck MailScanner[2840]: MailScanner E-Mail Virus
> Scanner version 4.26.8 starting...
> Feb 4 09:11:10 mailcheck MailScanner[2840]: SpamAssassin installation
> could not be found
>
> Listed all RPMs, there was only one Perl (5.8.1) and SpamAssassin (2.63),
> uninstalled SpamAssassin and its perl-mail rpms, reinstalled, rebooted
> server, still does not help.
>
> Copied /usr/lib/perl5/site_perl/5.8.1/ to /usr/lib/perl5/site_perl/5.6.1/
> as the FAQ states and it didn't help.
>
> Don't have a /usr/lib/perl5/site_perl/5.8.1/Mail FOLDER as mentioned in
> the FAQ under SpamAssassin:installation could not be found
>
> Any advise on what next to troubleshoot would be greatly appreciated
>
From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 3 17:27:33 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:22:18 2006
Subject: 200,000 downloads of MailScanner
Message-ID: <08146035CA49D6119A36009027AC822A0264ED9F@CITY-EXCH-NTS>
>Let's see how fast the web site can munch through the next 200,000 :-)
It'll be no time at all once we get you knighted!
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Administrator, Mail
Administrator
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
From marco at MUW.EDU Tue Feb 3 17:44:35 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:22:18 2006
Subject: Getting SpamAssassin installation could not be found error
In-Reply-To:
References:
Message-ID: <1075830274.401fde0303cf4@webmail.MUW.Edu>
Please correct this line from my previous response to:
o conf prerequisites_policy ask
Quoting Brian Lewis :
> Fresh Install
> Fedora Core 1 (Perl 5.8.1 selected at installation)
> MailScanner: mailscanner-4.26.8-1.rpm.tar
> SpamAssassin: spamassassin-2.63-1.i386.rpm & perl-mail-spamassassin-2.63-
> 1.i386.rpm
> Antivirus: clamav-0.65-4.i386.rpm
> Installed via CPAN - Net::DNS, Time::HiRes, Pod::Usage
>
> /var/log/maillog shows every 10 seconds:
> Feb 4 09:11:10 mailcheck MailScanner[2840]: MailScanner E-Mail Virus
> Scanner version 4.26.8 starting...
> Feb 4 09:11:10 mailcheck MailScanner[2840]: SpamAssassin installation
> could not be found
>
> Listed all RPMs, there was only one Perl (5.8.1) and SpamAssassin (2.63),
> uninstalled SpamAssassin and its perl-mail rpms, reinstalled, rebooted
> server, still does not help.
>
> Copied /usr/lib/perl5/site_perl/5.8.1/ to /usr/lib/perl5/site_perl/5.6.1/
> as the FAQ states and it didn't help.
>
> Don't have a /usr/lib/perl5/site_perl/5.8.1/Mail FOLDER as mentioned in
> the FAQ under SpamAssassin:installation could not be found
>
> Any advise on what next to troubleshoot would be greatly appreciated
>
"I don't know the key to success, but the key to failure is trying to
please everybody." -Bill Cosby
____________________________________________________________
_/ _/ _/ _/ _/ _/ | Marco Obaid
_/_/ _/_/ _/ _/ _/ _/ | Network Administrator
_/ _/ _/ _/ _/ _/ _/ _/ | McDevitt Hall
_/ _/ _/ _/ _/_/ _/_/ | W-Box 1621
_/ _/ _/_/_/ _/ _/ | Columbus MS 39701
____________________________________________________________
M I S S I S S I P P I U N I V E R S I T Y F O R W O M E N
From marco at MUW.EDU Tue Feb 3 17:46:10 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:22:18 2006
Subject: 200,000 downloads of MailScanner
In-Reply-To: <08146035CA49D6119A36009027AC822A0264ED9F@CITY-EXCH-NTS>
References: <08146035CA49D6119A36009027AC822A0264ED9F@CITY-EXCH-NTS>
Message-ID: <1075830370.401fde6240d87@webmail.MUW.Edu>
Hi Jules,
200,000+ thank-yous for your work and efforts !!!
Marco
> >Let's see how fast the web site can munch through the next 200,000 :-)
>
From test at NEXTMILL.NET Tue Feb 3 17:33:12 2004
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:22:18 2006
Subject: Getting SpamAssassin installation could not be found error
Message-ID:
Ok I solved my own problem
perl-mail-spamassassin-2.63-1.i386.rpm
installs in /usr/lib/perl5/site_perl/5.6.1/Mail
I had to copy the files in there to /usr/lib/perl5/site_perl/5.8.1/Mail
Restarted MailScanner and it worked!
Why don't these rpms intelligently figure out what the latest version of
Perl is on the machine and install Spamassassin Perl Mail stuff into the
correct folder? Uhhggg
From m.sapsed at BANGOR.AC.UK Tue Feb 3 17:36:19 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:22:18 2006
Subject: Silent Virus List
References: <005501c3e57d$089a79c0$660210ac@christoxp>
<40177E3C.4090903@solid-state-logic.com>
<6.0.1.1.2.20040128112404.03e603e0@imap.ecs.soton.ac.uk>
Message-ID: <401FDC13.8050302@bangor.ac.uk>
Julian Field wrote:
> At 10:43 28/01/2004, you wrote:
>
>> When viruses fake 'from' info, do they just fake the 'From:' header,
>> or do
>> they fake the envelope sender too?
>
> Yes.
To be slightly picky, this is an over generalisation. Some worms e.g.
SirCam, Hybris fake the From: address but leave the sender address as
that of the victim.
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
From steve.freegard at LBSLTD.CO.UK Tue Feb 3 17:40:40 2004
From: steve.freegard at LBSLTD.CO.UK (Steve Freegard)
Date: Thu Jan 12 21:22:18 2006
Subject: Announce: MailWatch for MailScanner 0.5
Message-ID: <67D9E7698329D411936E00508B6590B902773E4F@neelix.lbsltd.co.uk>
Hi Eric,
You'll still need 2.1028.
However I saw a neat trick done by an admin recently who installed the
DBD-MySQL module into /usr/lib/MailScanner/MailScanner/DBD-MySQL and did
something like "use lib '/usr/lib/MailScanner/MailScanner/DBD-MySQL/';" to
the top of MailWatch.pm to use the older version instead.
Kind regards,
Steve.
> -----Original Message-----
> From: Eric Doutreleau [mailto:Eric.Doutreleau@INT-EVRY.FR]
> Sent: 03 February 2004 16:26
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Announce: MailWatch for MailScanner 0.5
>
>
> Does we still have to use the perl-DBD-MySQL 2.1028 version
> or can we switch to the latest version available?
>
>
> Le mar 03/02/2004 ? 01:44, Steve Freegard a ?crit :
> > Hi All,
> >
> > I'm pleased to finally release 0.5 which you can download from
> > http://www.sourceforge.net/projects/mailwatch.
> >
> > CHANGE LOG
> > - Updated indexes for much greater performance (again!).
> > - Added preliminary support for per-user filters (see USER_FILTERS
> > file).
> > - Added the ability to view quarantined items.
> > - All tables now enable a pager when returning more than 50
> rows and allow
> > ordering by any of the displayed columns.
> > - New tool to run SpamAssassin --lint and time the output
> for debugging SA.
> > - New F-Secure status page (like Sophos).
> > - Required PEAR modules now included.
> > - Added reporting of Blacklisted mails.
> > - Integrated the reporting of SpamAssassin
> Blacklisted/Whitelisted e-mails.
> > - Quoted printable strings are now automatically decoded
> before display.
> > - Configuration options moved from functions.php into conf.php
> > - Automatically works out VIRUS_REGEX by using the first value in
> > MailScanner.conf - e.g. 'Virus Scanners = sophossavi
> clamavmodule' would
> > activate the regexp for SophosSAVI.
> > - New 'Virus Report' allows comparison of multiple scanners
> (if you run
> > more than one) and allows you to see 1st detection
> date/time of each
> > virus by each scanner.
> > - Integration with Fortress Systems Secure Mail Gateway.
> >
> > FIXES
> > - Multiple clean-ups of mailq.php to make it more robust.
> > - Greatly improved debugging of SQL statments.
> > - Quarantine now correctly looks in the non-spam quarantine
> > directories.
> > - SA Rules Description Update now reads custom rules as well.
> > - sendmail_relay.php now works across log rotations.
> > - Increased memory_limit to 128M for quarantine functions.
> >
> > Kind regards,
> > Steve.
> >
> > --
> > MailWatch for MailScanner
> > http://mailwatch.sourceforge.net
> >
> > --
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to
> whom they
> > are addressed. If you have received this email in error
> please notify
> > the sender and delete the message from your mailbox.
> >
> > This footnote also confirms that this email message has
> been swept by
> > MailScanner (www.mailscanner.info) for the presence of computer
> > viruses.
>
--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.
This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.
From mailscanner at ecs.soton.ac.uk Tue Feb 3 17:46:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:18 2006
Subject: Getting SpamAssassin installation could not be found error
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040203174502.03f0eea0@imap.ecs.soton.ac.uk>
At 17:33 03/02/2004, you wrote:
>Ok I solved my own problem
>perl-mail-spamassassin-2.63-1.i386.rpm
>installs in /usr/lib/perl5/site_perl/5.6.1/Mail
>I had to copy the files in there to /usr/lib/perl5/site_perl/5.8.1/Mail
>
>Restarted MailScanner and it worked!
>
>
>Why don't these rpms intelligently figure out what the latest version of
>Perl is on the machine and install Spamassassin Perl Mail stuff into the
>correct folder? Uhhggg
That's only possible if you rebuild the RPM from the SRPM on your machine,
then install your shiny new RPM.
You now have a system that isn't consistent with its own RPM database. :-(
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Tue Feb 3 17:44:20 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:18 2006
Subject: MailScanner.conf questions
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040203174218.03f1bb88@imap.ecs.soton.ac.uk>
At 17:07 03/02/2004, you wrote:
>1. In the web site about the MailScanner.conf it says (with some text
>taking out) talking about spam.whitelist.rules:
>Is Definitely Not Spam
>You will probably want to include your own site (or your own site's IP
>addresses) in this ruleset.
>
>Does that mean put:
>From: *@domain.com or
Yes, but it is even better to whitelist your IP addresses. You can put in
IP addresses in any of the common syntaxes for specifying netblocks.
>FromOrTo *@domain.com
No
>It would seem that if it said FromOrTo, that it would treat all mail as
>not spam and "not" perform any blocking.
Correct
>2. Is this how to disable blocking for a user ID:
>FromOrTo: user@domain.com yes
Yes
>3. Do you have to configure the spamassassin white list also, being that
>you have to configure the whitelist in 2 places?
>Spam.whitelist.rules and spam.assassin.prefs.conf?
No. The spam.whitelist.rules entries will cause all spam checking to be
bypassed, including SpamAssassin.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From m.sapsed at BANGOR.AC.UK Tue Feb 3 17:56:49 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:22:18 2006
Subject: rant about anti-virus and spam, MS flamed
References:
<6.0.0.22.0.20040128171143.024cd628@xanadu.evi-inc.com>
<40183962.1010304@uptime.at>
<6.0.0.22.0.20040128174447.025b7098@xanadu.evi-inc.com>
<6.0.1.1.2.20040128150747.02f7f418@email.potlatchcorp.com>
<6.0.0.22.0.20040128182805.025c8f48@xanadu.evi-inc.com>
Message-ID: <401FE0E1.8010103@bangor.ac.uk>
(Catching up with a backlog again - can't let this one go)
Matt Kettler wrote:
> At 06:09 PM 1/28/2004, Leonard Hermens wrote:
>
>> >Can you cite an example of when, at the present time, it is a good
>> idea to
>> >have a mailserver configured to auto respond to a sender and notify them
>> >that a message sent contained a live virus infection?
>>
>> Any virus or macro virus that is sent manually by the sender.
>
> I'll agree that is a particular email where it is good for a server to
> autorespond.
>
> However, that's not an answer to the question.
>
> A mailserver can't be configured to tell the difference between a manual
> send and an automated one, so your example is a single isolated email
> example. I'm asking for a situation where it's a good idea to configure
> your mailserver in such a manner, not a single message case.
>
> Real world, real mailserver, present time, realistic situation where it
> would be a good idea to have a server do this. (ie: how can you do it on an
> automated basis without inflicting casualties, and still reap some useful
> benefit.)
I'll give you several examples where it's worth notifying the sender of
a virus.
2784 instances of Gibe-F we had in December - the From: address is
forged but the sender address isn't.
a dozen or so people with no or very old a-v resulting in them having
word macro viruses. They attach an infected document and mail it here,
they get a wake-up call.
People e-mailing so called "Joke" programs to their mates - they're not
welcome here.
By my reckoning there are just over a dozen families of viruses that
fake the sender address. I don't see managing a list of that size to be
an issue. I would like to do my bit to reduce the quantity of malware
out there where I can.
I do agree though that too many people have run with the old default and
applaud Julian's move to change the default. I would, however, strongly
object to the removal of the code altogether just because some people
don't use it properly.
I am also mildly fascincated that outfits of the size of messagelabs
were sending virus reports to the "senders" of MyDoom....
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
From m.sapsed at BANGOR.AC.UK Tue Feb 3 18:02:54 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:22:18 2006
Subject: mailling list subject tag
References: <08146035CA49D6119A36009027AC822A0264ED5F@CITY-EXCH-NTS>
<1075456331.9785.12.camel@localhost.localdomain>
Message-ID: <401FE24E.4020304@bangor.ac.uk>
Neil Robst wrote:
> Hi Julian et al,
>
> Would it be possible to setup the mailling list software that manages
> this list to tag the subject of each mail with [MailScanner] or
> something similiar please so I can see at a glance which mails are from
> this list...?
Please bear in mind though that if you do this, and leave the tags in
the Subject line when you reply you can cause people who filter
MailScanner messages to a folder using other methods to have grief
following threads (depending on what software they use).
(Same applies to foreign language alternatives to Re:, and we won't go
in to leaving {Spam} and {Virus} tags in subjects...)
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
From dustin.baer at IHS.COM Tue Feb 3 18:16:29 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT] Re: MAPS-RBL
References: <20CEA27AF49D7F4691F02E7ADC5D4ECD04B197@tormail2.algorithmics.com>
Message-ID: <401FE57D.C4F9E7EC@ihs.com>
Derek Winkler wrote:
>
> We're considering paying for MAPS-RBL services.
>
> Any comments on it's effectiveness?
>
> Thanks,
>
> Derek Winkler
> Security Administrator
We use RBL+ and reject about 4,000 messages/day. It is quite useful.
Dustin
--
Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836
From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 3 18:19:14 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:22:18 2006
Subject: rant about anti-virus and spam, MS flamed
Message-ID: <08146035CA49D6119A36009027AC822A0264EDA4@CITY-EXCH-NTS>
>By my reckoning there are just over a dozen families of viruses that
>fake the sender address. I don't see managing a list of that size to be
>an issue. I would like to do my bit to reduce the quantity of malware
>out there where I can.
Since it's (inter)national beat a dead horse day, , what I'd like to see
is for the AV companies to add a flag to their definitions as to whether
it's a spooffer or not. Could be as little as a single bit turned on or off
in their pattern file database. Not knowing the structure of the database,
it may be possible to set it w/o even adding any new fields in some cases.
Of course, they would have to reconfigure the scan engine to return true or
false and things like MS would have to have a snippet of code added to check
it, but as viruses get more sophisticated, maybe it's time for virus
scanners/responders to get more sophisticated too.
Sadly, the onus has to be on the AV companies at this point and I'm not
holding my breath that they're ever gonna read my humble suggestion. But I
dunno - maybe someone from that universe does follow this list. Guess I
better patent the idea quick!
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Administrator, Mail
Administrator
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
From cstamas at digitus.itk.ppke.hu Tue Feb 3 18:21:45 2004
From: cstamas at digitus.itk.ppke.hu (Csillag =?iso-8859-2?Q?Tam=E1s?=)
Date: Thu Jan 12 21:22:18 2006
Subject: 200,000 downloads of MailScanner
In-Reply-To: <6.0.1.1.2.20040203134736.07c3d298@imap.ecs.soton.ac.uk>
References: <6.0.1.1.2.20040203134736.07c3d298@imap.ecs.soton.ac.uk>
Message-ID: <20040203182145.GF25916@digitus>
Hi
On 02/03, Julian Field wrote:
> MailScanner has just passed the 200,000 downloads milestone!
>
This means the downloads from mailscanner.info ?
It can be much more (from CPAN, rpm) and I installed it from deb.
but, MailScanner works perfectly....
thanks
--
cstamas
From kodak at FRONTIERHOMEMORTGAGE.COM Tue Feb 3 18:24:47 2004
From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki)
Date: Thu Jan 12 21:22:18 2006
Subject: rant about anti-virus and spam, MS flamed
In-Reply-To: <08146035CA49D6119A36009027AC822A0264EDA4@CITY-EXCH-NTS>
Message-ID: <009c01c3ea83$00ff69e0$0501a8c0@darkside>
>Since it's (inter)national beat a dead horse day, , what
>I'd like to see
>is for the AV companies to add a flag to their definitions as
>to whether
FYI: a recent correspondance between myself and Sophos.
Hi Jason,
We are looking at adding this feature into our definitions as it would be
very useful. Watch this space.
[name removed]@sophos.com
On 28/01/2004 21:31:04 "Jason Balicki" wrote:
>Would it be possible to include a "forged sender" Boolean
>value in the sophos IDE and have Sophos AV report that
>value when a file is scanned (via the appropriate
>switches)? I use Sophos with MailScanner and the
>ability to send or not send notifications intelligently
>would be a godsend.
>
>I know the vast majority of worms and viruses these
>days forge, but it would still be helpful.
>
>TIA,
>
>--J(K)
>
From Kevin_Miller at CI.JUNEAU.AK.US Tue Feb 3 18:29:18 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:22:18 2006
Subject: rant about anti-virus and spam, MS flamed
Message-ID: <08146035CA49D6119A36009027AC822A0264EDA5@CITY-EXCH-NTS>
>FYI: a recent correspondance between myself and Sophos.
Dang! See, I knew I should have patented it. Then I could sue everybody
like Darl! Now I'll still have to work for a living...
;-)
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Administrator, Mail
Administrator
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
From dot at DOTAT.AT Tue Feb 3 18:31:21 2004
From: dot at DOTAT.AT (Tony Finch)
Date: Thu Jan 12 21:22:18 2006
Subject: SPF and MailScanner
In-Reply-To:
Message-ID:
"Spicer, Kevin" wrote:
>
>There is a page addressing common objections to SPF on their site http://spf.pobox.com/objections.html
I note that their Sender Rewriting Scheme as proposed would turn most
mail servers into open relays, in the same way as the % hack does.
You need to make the rewritten return path cryptographically unforgeable.
The requirement for this in the SRS I-D is laughably weak.
http://spf.pobox.com/srs.html
Tony.
--
f.a.n.finch http://dotat.at/
ROCKALL MALIN: SOUTH OR SOUTHWEST 7 TO SEVERE GALE 9, OCCASIONALLY STORM 10,
BECOMING CYCLONIC 5 TO 7 LATER. OCCASIONAL RAIN OR SQUALLY SHOWERS. MODERATE
OR GOOD, OCCASIONALLY POOR.
From dot at DOTAT.AT Tue Feb 3 18:33:35 2004
From: dot at DOTAT.AT (Tony Finch)
Date: Thu Jan 12 21:22:18 2006
Subject: mcafee uvscan not using /usr/local/uvscan/datfiles/current
In-Reply-To:
References:
Message-ID:
Eric Dantan Rzewnicki wrote:
>
>Thank you for clearing this up. I'm still puzzled as to why they weren't
>created when I first ran the script, but it seems to be ok now.
You might have splatted them afterwards, e.g. by reinstalling uvscan.
Tony.
--
f.a.n.finch http://dotat.at/
THE WASH TO NORTH FORELAND: SOUTHWEST 6 TO GALE 8. RAIN AT TIMES. MODERATE OR
GOOD. SLIGHT OR MODERATE, OCCASIONALLY ROUGH WELL OFFSHORE.
From raymond at PROLOCATION.NET Tue Feb 3 19:33:21 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT] Re: MAPS-RBL
In-Reply-To: <401FE57D.C4F9E7EC@ihs.com>
Message-ID:
Hi
> > Security Administrator
>
> We use RBL+ and reject about 4,000 messages/day. It is quite useful.
Its not bad, we also have a subscription, but we see a multiple of the
hits on RBL+ on the NJABL and DSBL lists... I would try lists like that
before moving to a payed list.
Bye,
Raymond.
From bpumphrey at WOODMACLAW.COM Tue Feb 3 19:46:37 2004
From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey)
Date: Thu Jan 12 21:22:18 2006
Subject: Error in line 3 in filename.rules.conf
Message-ID:
Thank you for your answers!!!!
I have not changed this file, and line 3 looks to be ok.
In the log I get this error:
Feb 3 14:39:43 MailScanner MailScanner[5743]: Possible syntax error on
line 3 o
f /etc/MailScanner/filename.rules.conf
Feb 3 14:39:43 MailScanner MailScanner[5743]: Remember to separate
fields with
tab characters!
# See http://office.microsoft.com/2000/articles/Out2ksecFAQ.htm for more
info.
deny \.cnf$ Possible SpeedDial attack
SpeedDials are very dangerous in email
deny \.hta$ Possible Microsoft HTML archive attack
HTML archives are very dangerous in email
deny \.ins$ Possible Microsoft Internet Comm. Settings
attack
Windows Internet Settings are dangerous in email
deny \.jse?$ Possible Microsoft JScript attack
JScript Scripts are dangerous in email
deny \.lnk$ Possible Eudora *.lnk security hole attack
Eudora *.lnk security hole attack
deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut
attack
Microsoft Access Shortcuts are dangerous in
email
deny \.pif$ Possible MS-Dos program shortcut attack
Shortcuts to MS-Dos programs are very dangerous
in email
deny \.scf$ Possible Windows Explorer Command attack
Windows Explorer Commands are dangerous in email
deny \.sct$ Possible Microsoft Windows Script Component
attack
Windows Script Components are dangerous in email
deny \.shb$ Possible document shortcut attack
Shortcuts Into Documents are very dangerous in
email
deny \.shs$ Possible Shell Scrap Object attack
Shell Scrap Objects are very dangerous in email
deny \.vb[es]$ Possible Microsoft Visual Basic script attack
Visual Basic Scripts are dangerous in email
deny \.ws[cfh]$ Possible Microsoft Windows Script Host attack
Windows Script Host files are dangerous in email
deny \.xnk$ Possible Microsoft Exchange Shortcut attack
Microsoft Exchange Shortcuts are dangerous in
email
From mailscanner at ecs.soton.ac.uk Tue Feb 3 20:06:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:18 2006
Subject: Error in line 3 in filename.rules.conf
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040203200535.044e4308@imap.ecs.soton.ac.uk>
At 19:46 03/02/2004, you wrote:
>Thank you for your answers!!!!
>I have not changed this file, and line 3 looks to be ok.
You must have done, this file is correct as shipped, as far as I am aware
(and over 2000 people have downloaded and run the latest version). I
suggest you have had 1 line either broken into 2 or else the fields are not
separated by tabs alone.
>In the log I get this error:
>Feb 3 14:39:43 MailScanner MailScanner[5743]: Possible syntax error on
>line 3 o
>f /etc/MailScanner/filename.rules.conf
>Feb 3 14:39:43 MailScanner MailScanner[5743]: Remember to separate
>fields with
>tab characters!
>
># See http://office.microsoft.com/2000/articles/Out2ksecFAQ.htm for more
>info.
>deny \.cnf$ Possible SpeedDial attack
> SpeedDials are very dangerous in email
>deny \.hta$ Possible Microsoft HTML archive attack
> HTML archives are very dangerous in email
>deny \.ins$ Possible Microsoft Internet Comm. Settings
>attack
> Windows Internet Settings are dangerous in email
>deny \.jse?$ Possible Microsoft JScript attack
> JScript Scripts are dangerous in email
>deny \.lnk$ Possible Eudora *.lnk security hole attack
> Eudora *.lnk security hole attack
>deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut
>attack
> Microsoft Access Shortcuts are dangerous in
>email
>deny \.pif$ Possible MS-Dos program shortcut attack
> Shortcuts to MS-Dos programs are very dangerous
>in email
>deny \.scf$ Possible Windows Explorer Command attack
> Windows Explorer Commands are dangerous in email
>deny \.sct$ Possible Microsoft Windows Script Component
>attack
> Windows Script Components are dangerous in email
>deny \.shb$ Possible document shortcut attack
> Shortcuts Into Documents are very dangerous in
>email
>deny \.shs$ Possible Shell Scrap Object attack
> Shell Scrap Objects are very dangerous in email
>deny \.vb[es]$ Possible Microsoft Visual Basic script attack
> Visual Basic Scripts are dangerous in email
>deny \.ws[cfh]$ Possible Microsoft Windows Script Host attack
> Windows Script Host files are dangerous in email
>deny \.xnk$ Possible Microsoft Exchange Shortcut attack
> Microsoft Exchange Shortcuts are dangerous in
>email
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Tue Feb 3 20:05:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT] Re: MAPS-RBL
In-Reply-To:
References: <401FE57D.C4F9E7EC@ihs.com>
Message-ID: <6.0.1.1.2.20040203200449.04509a10@imap.ecs.soton.ac.uk>
At 19:33 03/02/2004, you wrote:
> > We use RBL+ and reject about 4,000 messages/day. It is quite useful.
>
>Its not bad, we also have a subscription, but we see a multiple of the
>hits on RBL+ on the NJABL and DSBL lists... I would try lists like that
>before moving to a payed list.
And definitely try the combined XBL+SBL list from spamhaus.org too. Very
good in my experience.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From dwinkler at ALGORITHMICS.COM Tue Feb 3 20:23:04 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT] Re: MAPS-RBL
Message-ID: <20CEA27AF49D7F4691F02E7ADC5D4ECD04B19D@tormail2.algorithmics.com>
Already using all 3 mentioned.
Would using MAPS-RBL just push scores higher?
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Julian Field
Sent: Tuesday, February 03, 2004 3:05 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [OT] Re: MAPS-RBL
At 19:33 03/02/2004, you wrote:
> > We use RBL+ and reject about 4,000 messages/day. It is quite useful.
>
>Its not bad, we also have a subscription, but we see a multiple of the
>hits on RBL+ on the NJABL and DSBL lists... I would try lists like that
>before moving to a payed list.
And definitely try the combined XBL+SBL list from spamhaus.org too. Very
good in my experience.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From raymond at PROLOCATION.NET Tue Feb 3 20:29:09 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT] Re: MAPS-RBL
In-Reply-To: <6.0.1.1.2.20040203200449.04509a10@imap.ecs.soton.ac.uk>
Message-ID:
Hi!
> >Its not bad, we also have a subscription, but we see a multiple of the
> >hits on RBL+ on the NJABL and DSBL lists... I would try lists like that
> >before moving to a payed list.
>
> And definitely try the combined XBL+SBL list from spamhaus.org too. Very
> good in my experience.
Yes, very true. A good new one, if i may plug :) RFC-IGNORANT-BOGUSMX
We get nice results with list that just started...
Bye,
Raymond.
From k.raven at FREENET.DE Tue Feb 3 21:15:09 2004
From: k.raven at FREENET.DE (Kai Raven)
Date: Thu Jan 12 21:22:18 2006
Subject: RulesDuJour
Message-ID: <20040203221509.04730876@raven.localdomain.intern>
Hi,
today, i have used RulesDuJour the first time.
After the first run, all the *.cf files are saved under the
/etc/mail/spamassassin/RulesDuJour directory. Is it necessary to move
or copy them to /etc/mail/spamassassin?
--
Ciao
Kai
HP: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0x76C65282
ICQ:146714798
From hywel at BURRIS.ORG.UK Tue Feb 3 21:20:37 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:22:18 2006
Subject: Announce: MailWatch for MailScanner 0.5
In-Reply-To: <67D9E7698329D411936E00508B6590B902773E4F@neelix.lbsltd.co.uk>
Message-ID: <200402032120.i13LKbNS024510@mail.burris.org.uk>
Hi Steve,
I have run into this problem after upgrading from version 0.4 to 0.5 on
fedora, surprisingly it seemed to work ok with perl-DBD-MySQL-2.9002-1
before I upgraded.
I am getting the error: -
Feb 3 21:16:13 mail MailScanner[23332]: Database ping failure attempting to
re-connect
Feb 3 21:16:13 mail MailScanner[23332]: Cannot insert row: MySQL server has
gone away
I assume that this is caused by me using the incorrect version? Would there
be any chance of advising how I could install this old version like you seen
below as fedora is advising that the above version of perl is required for
MySQL.
Thanks
Hywel
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Steve Freegard
Sent: 03 February 2004 17:41
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Announce: MailWatch for MailScanner 0.5
Hi Eric,
You'll still need 2.1028.
However I saw a neat trick done by an admin recently who installed the
DBD-MySQL module into /usr/lib/MailScanner/MailScanner/DBD-MySQL and did
something like "use lib '/usr/lib/MailScanner/MailScanner/DBD-MySQL/';" to
the top of MailWatch.pm to use the older version instead.
Kind regards,
Steve.
[snip]
From steve.swaney at FSL.COM Tue Feb 3 21:23:17 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:22:18 2006
Subject: RulesDuJour
In-Reply-To: <20040203221509.04730876@raven.localdomain.intern>
Message-ID: <20040203212319.6AE9D21C142@mail.fsl.com>
Nope.
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Kai Raven
> Sent: Tuesday, February 03, 2004 4:15 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: RulesDuJour
>
> Hi,
>
> today, i have used RulesDuJour the first time.
> After the first run, all the *.cf files are saved under the
> /etc/mail/spamassassin/RulesDuJour directory. Is it necessary to move
> or copy them to /etc/mail/spamassassin?
>
> --
> Ciao
> Kai
>
> HP: http://kai.iks-jena.de/
> Blog: http://rabenhorst.blogg.de/
> GnuPG-Key: 0x76C65282
> ICQ:146714798
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
From mkettler at EVI-INC.COM Tue Feb 3 21:30:47 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:22:18 2006
Subject: RulesDuJour
In-Reply-To: <20040203221509.04730876@raven.localdomain.intern>
References: <20040203221509.04730876@raven.localdomain.intern>
Message-ID: <6.0.0.22.0.20040203162546.026d22c8@xanadu.evi-inc.com>
At 04:15 PM 2/3/2004, Kai Raven wrote:
>Hi,
>
>today, i have used RulesDuJour the first time.
>After the first run, all the *.cf files are saved under the
>/etc/mail/spamassassin/RulesDuJour directory. Is it necessary to move
>or copy them to /etc/mail/spamassassin?
SA will not parse the files in subdirectories..
However, if you look closely, the ones in the RulesDuJour subdir should be
your *old* files, not the freshly downloaded ones.
From the script itself:
TMPDIR="${SA_DIR}/RulesDuJour"; # Where we store old
rulesets. If you delete
# this
directory, RuleSets may be detected as
# out of date the next
time you run rules_du_jour.
Also, for reference you're probably better off directing general
RulesDuJour questions to the spamassassin mailing list if you can. The
author of the RDJ script, Chris Thielen, subscribes to the spamassassin
list, but AFAIK not this list.
Of course, if your question is about mailscanner-specific things, your're
probably better off posting here.
From brose at MED.WAYNE.EDU Tue Feb 3 21:28:48 2004
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT]RE: RulesDuJour
Message-ID:
That's where it downloads them, they should get moved to
/etc/mail/spamassassin by the script itself if there are changes. The
reason for this is so that if the download fails, you still have working
copy.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Kai Raven
Sent: Tuesday, February 03, 2004 4:15 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: RulesDuJour
Hi,
today, i have used RulesDuJour the first time.
After the first run, all the *.cf files are saved under the
/etc/mail/spamassassin/RulesDuJour directory. Is it necessary to move or
copy them to /etc/mail/spamassassin?
--
Ciao
Kai
HP: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0x76C65282
ICQ:146714798
From miguelk at KONSULTEX.COM.BR Tue Feb 3 21:35:37 2004
From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy)
Date: Thu Jan 12 21:22:18 2006
Subject: [OT] Re: MAPS-RBL
References: <401FE57D.C4F9E7EC@ihs.com>
<6.0.1.1.2.20040203200449.04509a10@imap.ecs.soton.ac.uk>
Message-ID: <40201429.4080705@konsultex.com.br>
Julian;
I have to disagree completely with these databases.
I think that MAPS has a lot of bad information in it, like a virus
scanner with many false alarms, only with graver consequences. A virus
scanner maintainer puts a pattern in and mostly forgets about it because
that pattern identifies a virus which will most likely never change into
a benevolent file. Somebody putting a host or network into a 'pattern'
database has a much harder job and an infinitely greater responsability
because these 'patterns' (ips or networks) would have to come and go
according to correct, dynamic information which decides without a doubt
if the ip is 'a virus' (spamming) or not. Imagine a company that finds a
virus and identifies that the string '0A' is in the file. So they decide
to mark every file with '0A' as a virus. Then they leave it up to the
user of a given executable to make the third party developer prove to
this hypothetical company that their use of '0A' is justified, not a
virus, so that the program is finally able to run for the user. To make
the analogy closer to reality, imagine that the user is not allowed to
unisntall the virus scanner while he waits for all this to happen. You
call themfor help and they say "ask Microsoft to contact us"!
I was an innocent victim of the MAPS gang in December during over a
month. I had to jump through hoops to get my IP out of a DUL range,
which I found out about when all of a sudden some of our users could not
communicate with their major customer. I don't have a dynamic IP and I
have my reverse DNS configured, even though the ISP probably assigns
some dynamic ones in the net range. My influence on what the ISP does
tends to zero.
Getting an IP "cleared" is very difficult and time consuming because
mailabuse.com is not proactive and leaves the problem for the victim to
solve. I believe that the reason is that their database appears more
valuable if it has more IPs in it. They proved to me that they don't
care if I can't communicate. The irony is that you can't communicate by
email even with them! I bet most people don't bother to go all the way
like I did and just convince the receiving party of the emails to ignore
MAPS for their case. And so the database fills up with junk.
That's my experience with MAPS. Maybe others are better.
Miguel
Julian Field wrote:
> At 19:33 03/02/2004, you wrote:
>
>> > We use RBL+ and reject about 4,000 messages/day. It is quite useful.
>>
>> Its not bad, we also have a subscription, but we see a multiple of the
>> hits on RBL+ on the NJABL and DSBL lists... I would try lists like that
>> before moving to a payed list.
>
>
> And definitely try the combined XBL+SBL list from spamhaus.org too. Very
> good in my experience.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
From steve.swaney at FSL.COM Tue Feb 3 22:04:13 2004
From: steve.swaney at FSL.COM (Stephen Swaney)
Date: Thu Jan 12 21:22:18 2006
Subject: RulesDuJour
In-Reply-To: <20040203212319.6AE9D21C142@mail.fsl.com>
Message-ID: <20040203220413.7465E21C13F@mail.fsl.com>
Sorry I misread you message.
If you haven't changed the rules_du_jour defaults, the rules will be
downloaded into the /etc/mail/spamassassin directory.
If you haven't changed the MailScanner defaults, they will be read from
/etc/mail/spamassassin directory and used when MailScanner calls the
SpamAssassin routines.
The fact that your rules live in /etc/mail/spamassassin/rules_du_jour
directory indicates that the spamassassin --lint command is failing and the
downloaded rules are being backed out and stored in
/etc/mail/spamassassin/rules_du_jour.
What happens when you run the rules_du_jour script from a command line. That
should tell you what is happening.
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney@FSL.com
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Stephen Swaney
> Sent: Tuesday, February 03, 2004 4:23 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: RulesDuJour
>
> Nope.
>
> Stephen Swaney
> President
> Fortress Systems Ltd.
> Steve.Swaney@FSL.com
>
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Kai Raven
> > Sent: Tuesday, February 03, 2004 4:15 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: RulesDuJour
> >
> > Hi,
> >
> > today, i have used RulesDuJour the first time.
> > After the first run, all the *.cf files are saved under the
> > /etc/mail/spamassassin/RulesDuJour directory. Is it necessary to move
> > or copy them to /etc/mail/spamassassin?
> >
> > --
> > Ciao
> > Kai
> >
> > HP: http://kai.iks-jena.de/
> > Blog: http://rabenhorst.blogg.de/
> > GnuPG-Key: 0x76C65282
> > ICQ:146714798
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > Fortress Systems Ltd.
> > www.fsl.com
> >
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
From roddy at NETSPACE.NET.AU Tue Feb 3 22:19:51 2004
From: roddy at NETSPACE.NET.AU (Roddy Strachan)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
Message-ID: <40201E87.8040702@netspace.net.au>
Hi,
Just installed Mailscanner on Freebsd 5.1, however have ran into some
problems.
I followed the install.FREEBSD instructions, however on system startup,
i get
Feb 4 08:51:57 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
opendaemonsocket: daemon MTA: cannot bind: Address already in use
Feb 4 08:51:57 mail sm-mta[2129]: daemon MTA: problem creating SMTP socket
Feb 4 08:52:01 mail MailScanner[2157]: MailScanner E-Mail Virus Scanner
version 4.26.8 starting...
Feb 4 08:52:02 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
opendaemonsocket: daemon MTA: cannot bind: Address already in use
Feb 4 08:52:02 mail sm-mta[2129]: daemon MTA: problem creating SMTP socket
Feb 4 08:52:02 mail MailScanner[2157]: Using locktype = flock
It looks like MailScanner actually loads, but it won't scan any incoming
mail.
I tried another way by executing the .sh script. This loads MailScanner
no problems, but again it doesn't look it scans the mail coming in, did
some tests and no headers are added, its as though it isn't passing it
onto F-Prot.
Thanks
P.S A very similar if not the same problem discussed here at the bottom :
http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0205&L=mailscanner&P=R10295&I=-1
From raymond at PROLOCATION.NET Tue Feb 3 22:34:08 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To: <40201E87.8040702@netspace.net.au>
Message-ID:
Hi!
> Just installed Mailscanner on Freebsd 5.1, however have ran into some
> problems.
>
> I followed the install.FREEBSD instructions, however on system startup,
> i get
>
> Feb 4 08:51:57 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
> opendaemonsocket: daemon MTA: cannot bind: Address already in use
> Feb 4 08:51:57 mail sm-mta[2129]: daemon MTA: problem creating SMTP socket
> Feb 4 08:52:01 mail MailScanner[2157]: MailScanner E-Mail Virus Scanner
> version 4.26.8 starting...
You didnt stop your original MTA as it seems. The socket was in use like
the logs report.
Bye,
Raymond.
From roddy at NETSPACE.NET.AU Tue Feb 3 22:38:04 2004
From: roddy at NETSPACE.NET.AU (Roddy Strachan)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To:
References:
Message-ID: <402022CC.2070805@netspace.net.au>
> Hi!
>
>
>>Just installed Mailscanner on Freebsd 5.1, however have ran into some
>>problems.
>>
>>I followed the install.FREEBSD instructions, however on system startup,
>>i get
>>
>>Feb 4 08:51:57 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
>>opendaemonsocket: daemon MTA: cannot bind: Address already in use
>>Feb 4 08:51:57 mail sm-mta[2129]: daemon MTA: problem creating SMTP socket
>>Feb 4 08:52:01 mail MailScanner[2157]: MailScanner E-Mail Virus Scanner
>>version 4.26.8 starting...
>
>
> You didnt stop your original MTA as it seems. The socket was in use like
> the logs report.
Ok that brings me to the next question, in the install.FREEBSD it says
to add certain lines to /etc/rc.conf
sendmail_enable="YES"
# MailScanner starts here
mta_start_script="/opt/MailScanner/bin/rc.MailScanner start"
MailScanner_incoming_queue="/var/spool/mqueue.in"
MailScanner_queue_time="15m"
MailScanner_check="/opt/MailScanner/bin/check_mailscanner"
MailScanner_pidfile="/opt/MailScanner/var/MailScanner.pid"
# MailScanner ends here
Thats what my rc.conf looks like, should i make sendmail_enable=NO ?
And then allow mailscanner to start it ?
From jdbautista at IWSPC.COM Tue Feb 3 22:50:04 2004
From: jdbautista at IWSPC.COM (Joseph C. Bautista)
Date: Thu Jan 12 21:22:18 2006
Subject: Announce: MailWatch for MailScanner 0.5
References: <67D9E7698329D411936E00508B6590B902773E43@neelix.lbsltd.co.uk>
Message-ID: <013b01c3eaa8$10b70120$4c04a8c0@Plnt3domain>
Thank you. Its now working...
----- Original Message -----
From: "Steve Freegard"
To:
Sent: Tuesday, February 03, 2004 5:06 PM
Subject: Re: Announce: MailWatch for MailScanner 0.5
> Hi Joseph,
>
> You're getting this error because your copy of PHP doesn't have the MySQL
> module installed or compiled in.
>
> If you are running RedHat install the php-mysql RPM from your installation
> CD's and restart apache and it will start working.
>
> Kind regards,
> Steve.
>
> > -----Original Message-----
> > From: Joseph C. Bautista [mailto:jdbautista@IWSPC.COM]
> > Sent: 03 February 2004 08:39
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Announce: MailWatch for MailScanner 0.5
> >
> >
> > Hi All,
> >
> > I think i followed the instruction correct. My
> > Mailscanner is logging to mysql database. But everytime i
> > point my browser to
> >
> > http://localhost/mailscanner it gives me an error:
> >
> > Fatal error: Call to undefined function:
> > mysql_pconnect() in
> > /home/httpd/html/mailscanner/functions.php on line 273
> >
> > Anyone knows how to fixed this?
> >
> > Thnx.
> >
> >
> > ----- Original Message -----
> > From: "Steve Freegard"
> > To:
> > Sent: Tuesday, February 03, 2004 8:44 AM
> > Subject: Announce: MailWatch for MailScanner 0.5
> >
> >
> > > Hi All,
> > >
> > > I'm pleased to finally release 0.5 which you can download from
> > > http://www.sourceforge.net/projects/mailwatch.
> > >
> > > CHANGE LOG
> > > - Updated indexes for much greater performance (again!).
> > > - Added preliminary support for per-user filters (see USER_FILTERS
> > > file).
> > > - Added the ability to view quarantined items.
> > > - All tables now enable a pager when returning more than 50
> > rows and allow
> > > ordering by any of the displayed columns.
> > > - New tool to run SpamAssassin --lint and time the output
> > for debugging
> > SA.
> > > - New F-Secure status page (like Sophos).
> > > - Required PEAR modules now included.
> > > - Added reporting of Blacklisted mails.
> > > - Integrated the reporting of SpamAssassin Blacklisted/Whitelisted
> > e-mails.
> > > - Quoted printable strings are now automatically decoded before
> > > display.
> > > - Configuration options moved from functions.php into conf.php
> > > - Automatically works out VIRUS_REGEX by using the first value in
> > > MailScanner.conf - e.g. 'Virus Scanners = sophossavi
> > clamavmodule' would
> > > activate the regexp for SophosSAVI.
> > > - New 'Virus Report' allows comparison of multiple scanners
> > (if you run
> > > more than one) and allows you to see 1st detection
> > date/time of each
> > > virus by each scanner.
> > > - Integration with Fortress Systems Secure Mail Gateway.
> > >
> > > FIXES
> > > - Multiple clean-ups of mailq.php to make it more robust.
> > > - Greatly improved debugging of SQL statments.
> > > - Quarantine now correctly looks in the non-spam quarantine
> > > directories.
> > > - SA Rules Description Update now reads custom rules as well.
> > > - sendmail_relay.php now works across log rotations.
> > > - Increased memory_limit to 128M for quarantine functions.
> > >
> > > Kind regards,
> > > Steve.
> > >
> > > --
> > > MailWatch for MailScanner
> > > http://mailwatch.sourceforge.net
> > >
> > > --
> > > This email and any files transmitted with it are confidential and
> > > intended solely for the use of the individual or entity to
> > whom they
> > > are addressed. If you have received this email in error
> > please notify
> > > the sender and delete the message from your mailbox.
> > >
> > > This footnote also confirms that this email message has
> > been swept by
> > > MailScanner (www.mailscanner.info) for the presence of computer
> > > viruses.
> >
>
> --
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender and delete the message from your mailbox.
>
> This footnote also confirms that this email message has been swept by
> MailScanner (www.mailscanner.info) for the presence of computer viruses.
From jdavis at CS.ARIZONA.EDU Tue Feb 3 22:35:38 2004
From: jdavis at CS.ARIZONA.EDU (Jim Davis)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To: <40201E87.8040702@netspace.net.au>
References: <40201E87.8040702@netspace.net.au>
Message-ID: <4020223A.90603@cs.arizona.edu>
Roddy Strachan wrote:
> Hi,
>
> Just installed Mailscanner on Freebsd 5.1, however have ran into some
> problems.
>
> I followed the install.FREEBSD instructions, however on system startup,
> i get
>
> Feb 4 08:51:57 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
> opendaemonsocket: daemon MTA: cannot bind: Address already in use
Sounds like you already have a sendmail process running, so port 25 is
already in use.
On my 4.9 system, I ended up putting
sendmail_enable="YES"
sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn
-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"
in /etc/rc.conf, and then also ran
/usr/sbin/sendmail -q15m
(by hand, though I should put that in /usr/local/etc/rc.d or something).
Then restart sendmail (ie, cd /etc/mail; sudo make restart) and you
should see something like
109 ?? Is 0:00.09 sendmail: Queue runner@00:30:00 for
/var/spool/client
167 ?? Ss 0:29.89 sendmail: accepting connections (sendmail)
52737 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for
/var/spool/mqueue
if you run a ps -ax | grep sendmail
From rzewnickie at RFA.ORG Tue Feb 3 22:47:11 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:22:18 2006
Subject: mcafee uvscan not using /usr/local/uvscan/datfiles/current
In-Reply-To:
References:
Message-ID: <20040203224710.GG5626@rfa.org>
After further thought, I think someone (possibly myself, possibly not
...) ran the old simple script that just dumped the .dat's in
/usr/local/uvscan/ thereby overwriting the links created by your
autoupdate script. I have since banished that script to avoid any such
future mishaps.
Thanks Tony,
Eric Rz.
On Tue, Feb 03, 2004 at 06:33:35PM +0000, Tony Finch wrote:
> Eric Dantan Rzewnicki wrote:
> >
> >Thank you for clearing this up. I'm still puzzled as to why they weren't
> >created when I first ran the script, but it seems to be ok now.
>
> You might have splatted them afterwards, e.g. by reinstalling uvscan.
>
> Tony.
> --
> f.a.n.finch http://dotat.at/
> THE WASH TO NORTH FORELAND: SOUTHWEST 6 TO GALE 8. RAIN AT TIMES. MODERATE OR
> GOOD. SLIGHT OR MODERATE, OCCASIONALLY ROUGH WELL OFFSHORE.
From raymond at PROLOCATION.NET Tue Feb 3 23:00:01 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To: <402022CC.2070805@netspace.net.au>
Message-ID:
Hi!
> Ok that brings me to the next question, in the install.FREEBSD it says
> to add certain lines to /etc/rc.conf
>
> sendmail_enable="YES"
> # MailScanner starts here
> mta_start_script="/opt/MailScanner/bin/rc.MailScanner start"
> MailScanner_incoming_queue="/var/spool/mqueue.in"
> MailScanner_queue_time="15m"
> MailScanner_check="/opt/MailScanner/bin/check_mailscanner"
> MailScanner_pidfile="/opt/MailScanner/var/MailScanner.pid"
> # MailScanner ends here
>
>
> Thats what my rc.conf looks like, should i make sendmail_enable=NO ?
> And then allow mailscanner to start it ?
I am no BSD hero but yes, it seems you now first start SM and then MS, and
then it cant bind since there is allready a SM process running on pot 25.
Bye,
Raymond.
From martyn at INVICTAWIZ.COM Tue Feb 3 23:01:31 2004
From: martyn at INVICTAWIZ.COM (Martyn Routley)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To: <4020223A.90603@cs.arizona.edu>
Message-ID:
I use 2 cute scripts which run from /usr/local/etc/rc.d, I can't remember
where they came from.
One is called mta.sh and starts/stops/restarts sendmail.
The other (unsurprisingly) is called mailscanner.sh and does the same for
mailscanner.
I don't have any references to MS in /etc/rc.conf and I have
sendmail_enable="NO"
I can't get at them at the moment, but if they are wanted, let me know.
Martyn Routley
-----------------------------------------------------------------
InvictaWiz - The Internet in Plain English, Guaranteed
http://www.invictawiz.com
martyn@invictawiz.com
phone: 08707 440180
fax: 08707 440181
Ask us about our online Antivirus and Junk mail scanning service.
Ask us how you could save money on your telephone bill.
-----------------------------------------------------------------
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Jim Davis
Sent: 03 February 2004 22:36
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Mailscanner & Freebsd
Roddy Strachan wrote:
> Hi,
>
> Just installed Mailscanner on Freebsd 5.1, however have ran into some
> problems.
>
> I followed the install.FREEBSD instructions, however on system startup,
> i get
>
> Feb 4 08:51:57 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
> opendaemonsocket: daemon MTA: cannot bind: Address already in use
Sounds like you already have a sendmail process running, so port 25 is
already in use.
On my 4.9 system, I ended up putting
sendmail_enable="YES"
sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn
-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"
in /etc/rc.conf, and then also ran
/usr/sbin/sendmail -q15m
(by hand, though I should put that in /usr/local/etc/rc.d or something).
Then restart sendmail (ie, cd /etc/mail; sudo make restart) and you
should see something like
109 ?? Is 0:00.09 sendmail: Queue runner@00:30:00 for
/var/spool/client
167 ?? Ss 0:29.89 sendmail: accepting connections (sendmail)
52737 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for
/var/spool/mqueue
if you run a ps -ax | grep sendmail
----------------------------------------------------------------------------
-
This message has been scanned for viruses and
dangerous content by the http://www.anti84787.com
MailScanner, and is believed to be clean.
----------------------------------------------------------------------------
-
From roddy at NETSPACE.NET.AU Tue Feb 3 23:22:38 2004
From: roddy at NETSPACE.NET.AU (Roddy Strachan)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To:
References:
Message-ID: <40202D3E.6030907@netspace.net.au>
Thanks for the help guys.
Looks like its working, however am still getting cannot bind messages,
but it still sends mail and receives it and mainly scans it, so i'll
leave it as is :).
Thanks
Martyn Routley wrote:
> I use 2 cute scripts which run from /usr/local/etc/rc.d, I can't remember
> where they came from.
> One is called mta.sh and starts/stops/restarts sendmail.
> The other (unsurprisingly) is called mailscanner.sh and does the same for
> mailscanner.
>
> I don't have any references to MS in /etc/rc.conf and I have
> sendmail_enable="NO"
>
> I can't get at them at the moment, but if they are wanted, let me know.
>
>
> Martyn Routley
> -----------------------------------------------------------------
> InvictaWiz - The Internet in Plain English, Guaranteed
> http://www.invictawiz.com
> martyn@invictawiz.com
> phone: 08707 440180
> fax: 08707 440181
> Ask us about our online Antivirus and Junk mail scanning service.
> Ask us how you could save money on your telephone bill.
> -----------------------------------------------------------------
>
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Jim Davis
> Sent: 03 February 2004 22:36
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Mailscanner & Freebsd
>
>
> Roddy Strachan wrote:
>
>>Hi,
>>
>>Just installed Mailscanner on Freebsd 5.1, however have ran into some
>>problems.
>>
>>I followed the install.FREEBSD instructions, however on system startup,
>>i get
>>
>>Feb 4 08:51:57 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
>>opendaemonsocket: daemon MTA: cannot bind: Address already in use
>
>
> Sounds like you already have a sendmail process running, so port 25 is
> already in use.
>
> On my 4.9 system, I ended up putting
>
> sendmail_enable="YES"
> sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn
> -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"
>
> in /etc/rc.conf, and then also ran
>
> /usr/sbin/sendmail -q15m
>
> (by hand, though I should put that in /usr/local/etc/rc.d or something).
>
> Then restart sendmail (ie, cd /etc/mail; sudo make restart) and you
> should see something like
>
> 109 ?? Is 0:00.09 sendmail: Queue runner@00:30:00 for
> /var/spool/client
> 167 ?? Ss 0:29.89 sendmail: accepting connections (sendmail)
> 52737 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for
> /var/spool/mqueue
>
> if you run a ps -ax | grep sendmail
>
>
> ----------------------------------------------------------------------------
> -
> This message has been scanned for viruses and
> dangerous content by the http://www.anti84787.com
> MailScanner, and is believed to be clean.
> ----------------------------------------------------------------------------
> -
>
From ugob at CAMO-ROUTE.COM Wed Feb 4 00:52:17 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
Message-ID: <54C38A0B814C8E438EF73FC76F3629274108B1@mtlnt501fs.CAMOROUTE.COM>
> -----Message d'origine-----
> De : Roddy Strachan [mailto:roddy@NETSPACE.NET.AU]
> Envoy? : Tuesday, February 03, 2004 6:23 PM
> ? : MAILSCANNER@JISCMAIL.AC.UK
> Objet : Re: Mailscanner & Freebsd
>
>
> Thanks for the help guys.
>
> Looks like its working, however am still getting cannot bind messages,
> but it still sends mail and receives it and mainly scans it, so i'll
> leave it as is :).
It is probably your standalone sendmail that is trying to start. Can you see mailscanner's headers in your messages?
If not, standalone sendmail starts but not mailscanner's.
You must disable standalone sendmail and let mailscanner starts its instance.
hth
Ugo
>
> Thanks
>
>
> Martyn Routley wrote:
>
> > I use 2 cute scripts which run from /usr/local/etc/rc.d, I
> can't remember
> > where they came from.
> > One is called mta.sh and starts/stops/restarts sendmail.
> > The other (unsurprisingly) is called mailscanner.sh and
> does the same for
> > mailscanner.
> >
> > I don't have any references to MS in /etc/rc.conf and I have
> > sendmail_enable="NO"
> >
> > I can't get at them at the moment, but if they are wanted,
> let me know.
> >
> >
> > Martyn Routley
> > -----------------------------------------------------------------
> > InvictaWiz - The Internet in Plain English, Guaranteed
> > http://www.invictawiz.com
> > martyn@invictawiz.com
> > phone: 08707 440180
> > fax: 08707 440181
> > Ask us about our online Antivirus and Junk mail scanning service.
> > Ask us how you could save money on your telephone bill.
> > -----------------------------------------------------------------
> >
> >
> >
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Jim Davis
> > Sent: 03 February 2004 22:36
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Mailscanner & Freebsd
> >
> >
> > Roddy Strachan wrote:
> >
> >>Hi,
> >>
> >>Just installed Mailscanner on Freebsd 5.1, however have ran
> into some
> >>problems.
> >>
> >>I followed the install.FREEBSD instructions, however on
> system startup,
> >>i get
> >>
> >>Feb 4 08:51:57 mail sm-mta[2129]: NOQUEUE: SYSERR(root):
> >>opendaemonsocket: daemon MTA: cannot bind: Address already in use
> >
> >
> > Sounds like you already have a sendmail process running, so
> port 25 is
> > already in use.
> >
> > On my 4.9 system, I ended up putting
> >
> > sendmail_enable="YES"
> > sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn
> > -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"
> >
> > in /etc/rc.conf, and then also ran
> >
> > /usr/sbin/sendmail -q15m
> >
> > (by hand, though I should put that in /usr/local/etc/rc.d
> or something).
> >
> > Then restart sendmail (ie, cd /etc/mail; sudo make restart) and you
> > should see something like
> >
> > 109 ?? Is 0:00.09 sendmail: Queue runner@00:30:00 for
> > /var/spool/client
> > 167 ?? Ss 0:29.89 sendmail: accepting connections
> (sendmail)
> > 52737 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for
> > /var/spool/mqueue
> >
> > if you run a ps -ax | grep sendmail
> >
> >
> >
> --------------------------------------------------------------
> --------------
> > -
> > This message has been scanned for viruses and
> > dangerous content by the http://www.anti84787.com
> > MailScanner, and is believed to be clean.
> >
> --------------------------------------------------------------
> --------------
> > -
> >
>
From postmaster at codestone.sphereosoft.net Wed Feb 4 07:40:15 2004
From: postmaster at codestone.sphereosoft.net (MailScanner)
Date: Thu Jan 12 21:22:18 2006
Subject: Unsolicited commercial email rejected
Message-ID: <200402040740.i147eFU06445@codestone.sphereosoft.net>
Our UCE (spam) detectors have been triggered by a message you sent:-
To: adam@sfogs.com
Subject: Status
Date: Wed Feb 4 15:40:15 2004
This message has been rejected. The detector that triggered is
SpamAssassin.
The content of your message indicates that it is probably spam e-mail,
which is why it has been rejected.
We do not accept unsolicited commercial (spam) e-mail and actively
work to stop it. If you are sending spam and continue to do so, your
Internet Service Provider may be contacted and requested to close your
account.
If you have any questions about this, or you believe you have received
this message in error, please contact the site system administrators.
--
MailScanner
Email Virus Scanner
www.mailscanner.info
Mailscanner thanks transtec Computers for their support
From oldmaxgit at YAHOO.COM Wed Feb 4 07:34:20 2004
From: oldmaxgit at YAHOO.COM (Miserable Old Git)
Date: Thu Jan 12 21:22:18 2006
Subject: Spamcop not working
Message-ID:
Doing a search of the archive I found a similar question asked but I cannot
find a resolution, apologies if I have missed it.
I am using MailScanner 4.25-11 and ApamAssassin 2.60 on a RaQ4
Problem :
Spam is getting through which has come from IP numbers which are listed on
Spamcop (maybe listed on others too but I?ve not found them).
In mailscanner.conf I have :
Spam Checks = yes
Spam List = ORDB-RBL Infinite-Monkeys spamcop.net
And in spam.lists.conf I have :
ORDB-RBL relays.ordb.org.
spamhaus.org sbl.spamhaus.org.
spamcop.net bl.spamcop.net.
Infinite-Monkeys proxies.relays.monkeys.com.
I notice that under ?Spam List? in the page about mailscanner.conf
says ?These lists are based on the numeric IP address of the server that
sent the message to your MailScanner server.?
My implementation involves an extra hop for email directly before the
server which is running Mailscanner, If Spamcop is only ever checked
against the previous IP, it will never find the IP listed.
If this is the case, is there a way to specify which hop is checked ?
Thanks in advance for any help you can offer.
Going quietly nuts !
From P.G.M.Peters at utwente.nl Wed Feb 4 07:57:21 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:22:18 2006
Subject: MailScanner.conf questions
In-Reply-To: <6.0.1.1.2.20040203174218.03f1bb88@imap.ecs.soton.ac.uk>
References:
<6.0.1.1.2.20040203174218.03f1bb88@imap.ecs.soton.ac.uk>
Message-ID:
On Tue, 3 Feb 2004 17:44:20 +0000, you wrote:
>At 17:07 03/02/2004, you wrote:
>>1. In the web site about the MailScanner.conf it says (with some text
>>taking out) talking about spam.whitelist.rules:
>>Is Definitely Not Spam
>>You will probably want to include your own site (or your own site's IP
>>addresses) in this ruleset.
>>
>>Does that mean put:
>>From: *@domain.com or
>
>Yes, but it is even better to whitelist your IP addresses. You can put in
>IP addresses in any of the common syntaxes for specifying netblocks.
Yes, but only when you are absolutly sure no system on your network is
ever going to send spam.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
From P.G.M.Peters at utwente.nl Wed Feb 4 08:00:03 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:22:18 2006
Subject: rant about anti-virus and spam, MS flamed
In-Reply-To: <08146035CA49D6119A36009027AC822A0264EDA4@CITY-EXCH-NTS>
References: <08146035CA49D6119A36009027AC822A0264EDA4@CITY-EXCH-NTS>
Message-ID: <5i9120l21g78g6of72flguh65iohu5lftv@4ax.com>
On Tue, 3 Feb 2004 09:19:14 -0900, you wrote:
>Sadly, the onus has to be on the AV companies at this point and I'm not
>holding my breath that they're ever gonna read my humble suggestion. But I
>dunno - maybe someone from that universe does follow this list. Guess I
>better patent the idea quick!
I think the most change of implementing this would be from the people of
clamav. If the technicians of the vendors see it as a good feature, the
sales will forbid it because they will lose a lot of free publicity.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
From mailscanner at ecs.soton.ac.uk Wed Feb 4 08:43:35 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:18 2006
Subject: Spamcop not working
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040204084247.0821b6c0@imap.ecs.soton.ac.uk>
At 07:34 04/02/2004, you wrote:
>Doing a search of the archive I found a similar question asked but I cannot
>find a resolution, apologies if I have missed it.
>
>I am using MailScanner 4.25-11 and ApamAssassin 2.60 on a RaQ4
>
>Problem :
>Spam is getting through which has come from IP numbers which are listed on
>Spamcop (maybe listed on others too but I've not found them).
>
>
>In mailscanner.conf I have :
>Spam Checks = yes
>Spam List = ORDB-RBL Infinite-Monkeys spamcop.net
>
>And in spam.lists.conf I have :
>ORDB-RBL relays.ordb.org.
>spamhaus.org sbl.spamhaus.org.
>spamcop.net bl.spamcop.net.
>Infinite-Monkeys proxies.relays.monkeys.com.
>
>
>
>I notice that under "Spam List" in the page about mailscanner.conf
>says "These lists are based on the numeric IP address of the server that
>sent the message to your MailScanner server."
>
>My implementation involves an extra hop for email directly before the
>server which is running Mailscanner, If Spamcop is only ever checked
>against the previous IP, it will never find the IP listed.
That is indeed what is happening.
>If this is the case, is there a way to specify which hop is checked ?
No, but SpamAssassin checks all the hops. If you find the rules relating to
spamcop, you could increase their scores so they have more influence.
>Thanks in advance for any help you can offer.
>
>Going quietly nuts !
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From lenaig at WANADOO.FR Wed Feb 4 09:30:00 2004
From: lenaig at WANADOO.FR (Thierry)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To: <54C38A0B814C8E438EF73FC76F3629274108B1@mtlnt501fs.CAMOROUTE.COM>
References: <54C38A0B814C8E438EF73FC76F3629274108B1@mtlnt501fs.CAMOROUTE.COM>
Message-ID: <20040204093000.GA1792@maelenn>
I am running sendmai/mailscanner on freebsd 5.1 box too ... (i am not alone hurra !! )
What people told me, is that it should be mailscanner who start sendmail ... but for me, it never works .... Now i am using MTA.sh too start sendmail correctly ... But i do not know where i should see Mailscanner header ..??
/etc/rc.conf :
sendmail_enable="NONE"
sendmail_outbound_enable="YES"
sendmail_submit_enable="YES"
sendmail_msp_queue_enable="YES"
thx
--
Thierry
Ne faites jamais un "apt-get install new-wife" avant
un "apt-get remove --purge current-wife"
From mailscanner at ecs.soton.ac.uk Wed Feb 4 09:41:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:18 2006
Subject: Fix for bayes rebuild bug on Solaris
In-Reply-To: <6.0.1.1.2.20040202180427.037198c8@imap.ecs.soton.ac.uk>
References: <6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<401E656B.16959.13A0CE4@localhost>
<6.0.1.1.2.20040202180427.037198c8@imap.ecs.soton.ac.uk>
Message-ID: <6.0.1.1.2.20040204093642.08455e48@imap.ecs.soton.ac.uk>
At 18:05 02/02/2004, you wrote:
>At 17:57 02/02/2004, you wrote:
>>Gee...
>>
>>FWIW, it happened a couple of centuries ago, but I recall having serious
>>trouble making Perl's flock() work on Solaris... same situation, all
>>development done under linux without a hitch and Solaris ignored all the
>>locking... and it wasn't an interoperability problem, since I was
>>competing against my own script...
>>
>>The point is I don't quite remember what we did to solve it (we is an
>>understatement, since it wasn't me programming, I was just the
>>designer)... it must have been perl 5.6.x and Solaris 7, but I'm not sure
>>either...
>>
>>Seems like you'll need a Solaris box to test it thoroughly... I wouldn't
>>even trust Solaris-x86 to behave identically to Solaris-Sparc :-(
>
>I've got an Ultra-5 so I can do a real test. If necessary, I can build a
>Solaris-x86 box too. But as you say, the best place to try it is a real sparc.
I have found the problem. Attached is a very short patch to SA.pm. This
should let you enable the "Rebuild Bayes Every" feature that does scheduled
Bayes database rebuilds.
If you turn this feature on in MailScanner.conf, you will want to set
bayes_auto_expire 0
in your spam.assassin.prefs.conf to disable the (unsuccessful) attempts at
letting SpamAssassin rebuild its Bayes database when it feels like it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SA.pm.patch
Type: application/octet-stream
Size: 960 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040204/52e561af/SA.pm.obj
-------------- next part --------------
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From Jan-Peter.Koopmann at SECEIDOS.DE Wed Feb 4 09:56:49 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
Message-ID:
Hi Roddy,
you did not use the port did you? Try /usr/ports/mail/mailscanner (or mailscanner-devel if you want the latest beta). Moreover have a look here:
http://www.sng.ecs.soton.ac.uk/mailscanner/FreeBSD.html
Regards,
JP
From Jan-Peter.Koopmann at SECEIDOS.DE Wed Feb 4 09:58:00 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
Message-ID:
Hi Martyn,
> I use 2 cute scripts which run from /usr/local/etc/rc.d, I
> can't remember where they came from.
I do. They are mine and they are part of the FreeBSD port! Disable all MTA stuff in rc.conf and simply use those start/stop scripts. :-)
Regards,
JP
From alan at ESSEX.AC.UK Wed Feb 4 09:56:59 2004
From: alan at ESSEX.AC.UK (Stanier, Alan M)
Date: Thu Jan 12 21:22:18 2006
Subject: Curious behaviour of MyDoom
Message-ID: <811D385AE1CEBB42839C50DF0B0D38E04D7D53@sernt4.essex.ac.uk>
Hi
We have two SMTP servers.
Our statistics show that roughly 2/3 of mail comes in through smtp0, and
1/3 through smtp1.
And until recently, 2/3 of the spam came in through smtp0, and 2/3 of
the virus-infected mail,
as I would expect.
But our logs show that about 50% of MyDoom-A is coming through smtp0,
and 50% through
smtp1. Has anyone else seen such behaviour? And can anyone explain why
it happens ... I
can only think that MyDoom gets the MX records of sites, and load
balances between all the
SMTP servers, but why?
Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040204/5efa46f5/attachment.html
From Jan-Peter.Koopmann at SECEIDOS.DE Wed Feb 4 10:01:40 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
Message-ID:
> I am running sendmai/mailscanner on freebsd 5.1 box too ...
> (i am not alone hurra !! ) What people told me, is that it
> should be mailscanner who start sendmail ... but for me, it
That is not entirely correct. You need several things:
1. An incoming MTA (Sendmail/Exim) instance that runs independently of MailScanner, accepts incoming mail and puts it in the inbound queue only. It must be configured in a way that it does NOT deliver mail itself.
2. A queue runner MTA which tries to deliver mail that is already in the outbound queue in case the first delivery attempt failed.
3. In the standard mailscanner config, mailscanner will scan your mail and if it is supposed to be delivered it will move the mail to the outbound queue and will run a seperate instance of your MTA to deliver that mail.
You are responsible for running part 1 and part 2. The mta.sh script in /usr/local/etc/rc.d will take care of this. MailScanner itself only takes care of part 3!
Regards,
JP
From pmb1 at YORK.AC.UK Wed Feb 4 10:23:25 2004
From: pmb1 at YORK.AC.UK (Mike Brudenell)
Date: Thu Jan 12 21:22:18 2006
Subject: Spamcop not working
In-Reply-To:
References:
Message-ID: <2147483647.1075890205@pippin.york.ac.uk>
Greetings -
Just to reiterate past advice...
--On Wednesday, February 4, 2004 7:34 am +0000 Miserable Old Git
wrote:
> spamhaus.org sbl.spamhaus.org.
Consider switching to using the combined SBL and XBL database, which is
even more effective:
> Infinite-Monkeys proxies.relays.monkeys.com.
The Infinite Monkeys database closed down in the Autumn of last year. You
should remove it from your list. (Using the Spamhaus XBL will be a useful
replacement.)
Cheers,
Mike Brudenell
--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811 FAX:+44-1904-433740
* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
From lenaig at WANADOO.FR Wed Feb 4 10:31:25 2004
From: lenaig at WANADOO.FR (Thierry)
Date: Thu Jan 12 21:22:18 2006
Subject: Mailscanner & Freebsd
In-Reply-To:
References:
Message-ID: <20040204103125.GA2305@maelenn>
On 04/02/04 11:01, Jan-Peter Koopmann wrote:
> > I am running sendmai/mailscanner on freebsd 5.1 box too ...
> > (i am not alone hurra !! ) What people told me, is that it
> > should be mailscanner who start sendmail ... but for me, it
>
> That is not entirely correct. You need several things:
>
> 1. An incoming MTA (Sendmail/Exim) instance that runs independently of MailScanner, accepts incoming mail and puts it in the inbound queue only. It must be configured in a way that it does NOT deliver mail itself.
>
Could you please give more informations about this point : configured in a way that it does NOT deliver mail itself ? How do you do it ?
--
Thierry
Ne faites jamais un "apt-get install new-wife" avant
un "apt-get remove --purge current-wife"
From Jan-Peter.Koopmann at SECEIDOS.DE Wed Feb 4 10:48:33 2004
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:22:19 2006
Subject: Mailscanner & Freebsd
Message-ID:
> Could you please give more informations about this point :
> configured in a way that it does NOT deliver mail itself ?
> How do you do it ?
What MTA are you using?
If you are using exim: http://www.sng.ecs.soton.ac.uk/mailscanner/install/exim.shtml (Deferring incoming messages).
Postfix: http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
Sendmail: http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml (have a look for -ODeliveryMode=queueonly)
I really want to help you, Thierry, but please do me a favour and at least have a look at the information I am giving you. I already sent you these links together with a few questions a week ago... No answers yet.
Regards,
JP
From lenaig at WANADOO.FR Wed Feb 4 10:55:30 2004
From: lenaig at WANADOO.FR (Thierry)
Date: Thu Jan 12 21:22:19 2006
Subject: Mailscanner & Freebsd
In-Reply-To:
References:
Message-ID: <20040204105530.GA2574@maelenn>
yes, that 's right, i forgot to tell you that sendmail was working well ...
I am using mta.sh and mailscanner.sh ... so it's using :
incoming_args="-L sm-mta-in -bd \
-OPrivacyOptions=noetrn \
-OQueueDirectory=${incoming_queue} \
-ODeliveryMode=queueonly \
-OPidFile=${inpidfile}"
so no pb ....
Thx
--
Thierry
Ne faites jamais un "apt-get install new-wife" avant
un "apt-get remove --purge current-wife"
From k.raven at FREENET.DE Wed Feb 4 11:42:29 2004
From: k.raven at FREENET.DE (Kai Raven)
Date: Thu Jan 12 21:22:19 2006
Subject: RulesDuJour
In-Reply-To: <20040203220413.7465E21C13F@mail.fsl.com>
References: <20040203212319.6AE9D21C142@mail.fsl.com>
<20040203220413.7465E21C13F@mail.fsl.com>
Message-ID: <20040204124229.2a297707@raven.localdomain.intern>
Hi Stephen,
On Tue, 3 Feb 2004 17:04:13 -0500 you wrote:
> If you haven't changed the rules_du_jour defaults, the rules will be
> downloaded into the /etc/mail/spamassassin directory.
I have used the rules_du_jour file, modified by Gerry Doris
http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0401&L=mailscanner&P=R50073&I=-1
and yes, SA_DIR refers to the /etc/mail/spamassassin directory
> If you haven't changed the MailScanner defaults, they will be read
> from/etc/mail/spamassassin directory and used when MailScanner calls
> the SpamAssassin routines.
Yes, from my MailScanner.conf:
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
And I think it works (after i have copied the rules from the
rules_du_jour dir):
X-MailScanner-SpamCheck: spam,
SpamAssassin(Wertung=34.59, benoetigt 3, J_CHICKENPOX_110 0.60,TW_CN
0.08, TW_GB 0.08, TW_GD 0.08, TW_IK 0.08(...)
> The fact that your rules live in /etc/mail/spamassassin/rules_du_jour
> directory indicates that the spamassassin --lint command is failing
mmh, spamassassin --lint works from the command line.
> and the downloaded rules are being backed out and stored in
> /etc/mail/spamassassin/rules_du_jour.
I wrote it was *the first run*, so i haven't any rules like bigevil,
tripwire etc. before the run. I think, the script will do an update
the next run, if a rule has changed(?), because i have copied the rules
from the rules_do_jour directory to the parent directory so the
script can compare them(?)
> What happens when you run the rules_du_jour script from a command
> line. That should tell you what is happening.
I get the output for all rules:
Old rule.cf already existed in
/etc/mail/spamassassin/RulesDuJour... Retrieving file from
http://www.somehost/rule.cf...
rule.cf was up to date (skipped downloading of
http://www.somehost/rule.cf)...
No files updated; No restart required.
And sorry for the OT posting, but i saw in the MS-ML archive a lot of
postings about custom SA rules and the rules_du_jour script so i thought
it is OK to ask here on the list.
Nevertheless, thx for all responses :)
--
Ciao
Kai
HP: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0x76C65282
ICQ:146714798
From prandal at HEREFORDSHIRE.GOV.UK Wed Feb 4 12:03:33 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:22:19 2006
Subject: 200,000 downloads of MailScanner
Message-ID: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4DD@jessica.herefordshire.gov.uk>
It would be interesting to know how many live sites use MailScanner.
Your graphs suggest it is around 11,000, but maybe some users aren't
fastidious about upgrading to the latest version.
Cheers,
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: 03 February 2004 13:51
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: 200,000 downloads of MailScanner
>
>
> MailScanner has just passed the 200,000 downloads milestone!
>
> Many thanks to all of you for helping to spread the word and
> make my little
> bit of code possibly the most widely-used combined email
> virus scanner and
> spam detector in the world.
>
> Let's see how fast the web site can munch through the next 200,000 :-)
>
> Jules.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
From prandal at HEREFORDSHIRE.GOV.UK Wed Feb 4 12:08:05 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:22:19 2006
Subject: mcafee uvscan not using /usr/local/uvscan/datfiles/current
Message-ID: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4DE@jessica.herefordshire.gov.uk>
That's exactly what I did. :-)
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Tony Finch
> Sent: 03 February 2004 18:34
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: mcafee uvscan not using
> /usr/local/uvscan/datfiles/current
>
>
> Eric Dantan Rzewnicki wrote:
> >
> >Thank you for clearing this up. I'm still puzzled as to why
> they weren't
> >created when I first ran the script, but it seems to be ok now.
>
> You might have splatted them afterwards, e.g. by reinstalling uvscan.
>
> Tony.
> --
> f.a.n.finch http://dotat.at/
> THE WASH TO NORTH FORELAND: SOUTHWEST 6 TO GALE 8. RAIN AT
> TIMES. MODERATE OR
> GOOD. SLIGHT OR MODERATE, OCCASIONALLY ROUGH WELL OFFSHORE.
>
From mailscanner at ecs.soton.ac.uk Wed Feb 4 12:29:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: 200,000 downloads of MailScanner
In-Reply-To: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4DD@jessica.herefords
hire.gov.uk>
References: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4DD@jessica.herefordshire.gov.uk>
Message-ID: <6.0.1.1.2.20040204122744.08637f20@imap.ecs.soton.ac.uk>
At 12:03 04/02/2004, you wrote:
>It would be interesting to know how many live sites use MailScanner.
>
>Your graphs suggest it is around 11,000, but maybe some users aren't
>fastidious about upgrading to the latest version.
Most people don't upgrade every version, you folks are in a minority. Based
on the download figures, and knowing the number of people who contact me
directly, and a guess on the proportion of users who would need to email me
personally for help (which is small), my best guess is about 40,000 sites.
>Cheers,
>
>Phil
>
>---------------------------------------------
>Phil Randal
>Network Engineer
>Herefordshire Council
>Hereford, UK
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Julian Field
> > Sent: 03 February 2004 13:51
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: 200,000 downloads of MailScanner
> >
> >
> > MailScanner has just passed the 200,000 downloads milestone!
> >
> > Many thanks to all of you for helping to spread the word and
> > make my little
> > bit of code possibly the most widely-used combined email
> > virus scanner and
> > spam detector in the world.
> >
> > Let's see how fast the web site can munch through the next 200,000 :-)
> >
> > Jules.
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From m.sapsed at BANGOR.AC.UK Wed Feb 4 12:42:36 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:22:19 2006
Subject: a ghost in filetype.rules.conf
References:
Message-ID: <4020E8BC.1060705@bangor.ac.uk>
Jeff A. Earickson wrote:
> I've been scratching my head on this one for several versions
> of MailScanner now. The head of our athletics dept (who uses a
> Mac) will send emails to other coaches, plain text. Two coaches
> who reply (they use Windows) sporadically get their replies rejected
> with:
>
> No programs allowed (msg-8402-111.txt)
> ^^^^^^^^
> numbers differ
Bear in mind that the information MailScanner puts into reports is a
sanitised version that it generates from the actual attachment file
name. Julian's hightened state of paranoia made him cautious about the
possibility of a DoS or something in the actual filename. Check the mail
logs - I think the actual filename appears in there somewhere and that
may show up why it was blocked.
I've been bitten by this before!!
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
From P.G.M.Peters at utwente.nl Wed Feb 4 12:48:49 2004
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:22:19 2006
Subject: 200,000 downloads of MailScanner
In-Reply-To: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4DD@jessica.herefordshire.gov.uk>
References: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4DD@jessica.herefordshire.gov.uk>
Message-ID:
On Wed, 4 Feb 2004 12:03:33 -0000, you wrote:
>It would be interesting to know how many live sites use MailScanner.
Perhaps changing the X-%site%-MailScanner-Information: header to
"Scanned by MailScanner %version%. ..."
>Your graphs suggest it is around 11,000, but maybe some users aren't
>fastidious about upgrading to the latest version.
At least the new installations will show the version and people can
contact organizations (they know people at) about upgrading.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
From prandal at HEREFORDSHIRE.GOV.UK Wed Feb 4 12:57:31 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:22:19 2006
Subject: 200,000 downloads of MailScanner
Message-ID: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4E3@jessica.herefordshire.gov.uk>
That's very impressive.
Well done.
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: 04 February 2004 12:30
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: 200,000 downloads of MailScanner
>
>
> At 12:03 04/02/2004, you wrote:
> >It would be interesting to know how many live sites use MailScanner.
> >
> >Your graphs suggest it is around 11,000, but maybe some users aren't
> >fastidious about upgrading to the latest version.
>
> Most people don't upgrade every version, you folks are in a
> minority. Based
> on the download figures, and knowing the number of people who
> contact me
> directly, and a guess on the proportion of users who would
> need to email me
> personally for help (which is small), my best guess is about
> 40,000 sites.
>
>
> >Cheers,
> >
> >Phil
> >
> >---------------------------------------------
> >Phil Randal
> >Network Engineer
> >Herefordshire Council
> >Hereford, UK
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > > Behalf Of Julian Field
> > > Sent: 03 February 2004 13:51
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: 200,000 downloads of MailScanner
> > >
> > >
> > > MailScanner has just passed the 200,000 downloads milestone!
> > >
> > > Many thanks to all of you for helping to spread the word and
> > > make my little
> > > bit of code possibly the most widely-used combined email
> > > virus scanner and
> > > spam detector in the world.
> > >
> > > Let's see how fast the web site can munch through the
> next 200,000 :-)
> > >
> > > Jules.
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
From mailscanner at ecs.soton.ac.uk Wed Feb 4 14:14:20 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: 200,000 downloads of MailScanner
In-Reply-To:
References: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4DD@jessica.herefordshire.gov.uk>
Message-ID: <6.0.1.1.2.20040204141322.084b4bb0@imap.ecs.soton.ac.uk>
I am very against giving out exact version details to anyone who asks.
Knowing the precise version number is a classic starting point for hackers
as they know exactly what they are up against.
At 12:48 04/02/2004, you wrote:
>On Wed, 4 Feb 2004 12:03:33 -0000, you wrote:
>
> >It would be interesting to know how many live sites use MailScanner.
>
>Perhaps changing the X-%site%-MailScanner-Information: header to
>"Scanned by MailScanner %version%. ..."
>
> >Your graphs suggest it is around 11,000, but maybe some users aren't
> >fastidious about upgrading to the latest version.
>
>At least the new installations will show the version and people can
>contact organizations (they know people at) about upgrading.
>
>--
>Peter Peters, senior netwerkbeheerder
>Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>Universiteit Twente, Postbus 217, 7500 AE Enschede
>telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailing-oit at tttech.com Wed Feb 4 15:04:01 2004
From: mailing-oit at tttech.com (Christoph Resch)
Date: Thu Jan 12 21:22:19 2006
Subject: New installation -- and problems i never had
Message-ID: <200402041604.02066.mailing-oit@tttech.com>
Hello,
recently set up another debian-sarge with MS+SA using exim ... the Virus and
delivery part works fine, but icant find out how to help SA to do its work
i run testmails with `date` as content and get fine response when parsing it
on CLI ... so this works , but from within MS it seems that SA is not running
properly ( i run MS with both debug-options and i get nothing useful on log)
i used packages to install both software , and then ( after this troubles )
reinstalled all important perl-mod via CPAN ..
i also changed in /usr/sbin/MailScanner the require-argument fomr 5.005 to
5.8.2 .. but thats not the problem
thanks for any suggestions
best regards to all
-c-
MS-delivered-test:
============
From ralexand at HOODINDUSTRIES.COM Wed Feb 4 15:06:17 2004
From: ralexand at HOODINDUSTRIES.COM (Richard Alexander)
Date: Thu Jan 12 21:22:19 2006
Subject: Updated MS/SA now i don't get the mailing list :(
Message-ID:
I updated my versions of MS/SA on Saturday afternoon and now I'm not
receiving my daily MS list email. Anyone no of any issue with the list or
why this might have happened. I went to the site and still shows me
subscribed.
Thanks all for the upgrade advice that helped everything go smoothly.
From mailscanner at ecs.soton.ac.uk Wed Feb 4 15:17:25 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: Updated MS/SA now i don't get the mailing list :(
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040204151625.084743f8@imap.ecs.soton.ac.uk>
At 15:06 04/02/2004, you wrote:
>I updated my versions of MS/SA on Saturday afternoon and now I'm not
>receiving my daily MS list email. Anyone no of any issue with the list or
>why this might have happened. I went to the site and still shows me
>subscribed.
>
>Thanks all for the upgrade advice that helped everything go smoothly.
Try adding
From: *mailscanner@jiscmail.ac.uk yes
to your spam.whitelist.rules file and reload MailScanner.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailing-oit at tttech.com Wed Feb 4 15:36:00 2004
From: mailing-oit at tttech.com (Christoph Resch)
Date: Thu Jan 12 21:22:19 2006
Subject: New installation -- and problems i never had
In-Reply-To: <40210F55.30804@solid-state-logic.com>
References: <200402041604.02066.mailing-oit@tttech.com>
<40210F55.30804@solid-state-logic.com>
Message-ID: <200402041636.00869.mailing-oit@tttech.com>
hi Martin,
thanks for reply
well this debug looks quite fine to me .. in the meentime i also fixed the
home-dir of the user running exim & MS to a valid path ( there were some
changes in the the user-naming from mail to Debian-exim when upgrading to
Debian-Sarge ) .. but no change to this behavior
it seems that from within MS , SA doent process any config :-/ ..
config-file-permissions are ok ( readable ) .. maybe there are some files
that are slently refused to be processed due to 'non-private'
filepermissions ?? .. almost everything used for mail-dekivery is owned by
Debian-exim-user ( JFYI )
thanks
-c-
> hi
> When you say you see nothing useful in the debug, what do you see? Can
> you send the output?
>
Feb 4 16:22:16 tttprime MailScanner[10243]: MailScanner E-Mail Virus Scanner
version 4.25-14 starting...
Feb 4 16:22:17 tttprime MailScanner[10243]: Enabling SpamAssassin
auto-whitelist functionality...
Feb 4 16:22:18 tttprime MailScanner[10223]: Using locktype = posix
Feb 4 16:22:18 tttprime MailScanner[10223]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Feb 4 16:22:24 tttprime MailScanner[10175]: New Batch: Scanning 1 messages,
592 bytes
Feb 4 16:22:24 tttprime MailScanner[10175]: MCP Checks completed at 592 bytes
per second
Feb 4 16:22:27 tttprime MailScanner[10243]: Using locktype = posix
Feb 4 16:22:27 tttprime MailScanner[10243]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Feb 4 16:22:33 tttprime MailScanner[10175]: Spam Checks completed at 65 bytes
per second
Feb 4 16:22:33 tttprime MailScanner[10175]: Virus and Content Scanning:
Starting
Feb 4 16:22:33 tttprime MailScanner[10175]: Virus Scanning completed at 592
bytes per second
Feb 4 16:22:33 tttprime MailScanner[10175]: Uninfected: Delivered 1 messages
Feb 4 16:22:33 tttprime MailScanner[10175]: Virus Processing completed at 592
bytes per second
Feb 4 16:22:33 tttprime MailScanner[10175]: Disinfection completed at 592
bytes per second
Feb 4 16:22:33 tttprime MailScanner[10175]: Batch completed at 65 bytes per
second (592 / 9)
From martinh at SOLID-STATE-LOGIC.COM Wed Feb 4 15:42:48 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:22:19 2006
Subject: New installation -- and problems i never had
In-Reply-To: <200402041636.00869.mailing-oit@tttech.com>
References: <200402041604.02066.mailing-oit@tttech.com>
<40210F55.30804@solid-state-logic.com>
<200402041636.00869.mailing-oit@tttech.com>
Message-ID: <402112F8.5070001@solid-state-logic.com>
Chris
Ok like you say - nothing interesting there. Did you also enable the
SA-debug a couple of lines after the main DEBUG line in
MailScanner.conf. I get lot more info about the SA setup when I set that...
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
From mailing-oit at tttech.com Wed Feb 4 16:04:38 2004
From: mailing-oit at tttech.com (Christoph Resch)
Date: Thu Jan 12 21:22:19 2006
Subject: New installation -- and problems i never had
In-Reply-To: <402112F8.5070001@solid-state-logic.com>
References: <200402041604.02066.mailing-oit@tttech.com>
<200402041636.00869.mailing-oit@tttech.com>
<402112F8.5070001@solid-state-logic.com>
Message-ID: <200402041704.38202.mailing-oit@tttech.com>
> MailScanner.conf. I get lot more info about the SA setup when I set that...
;-) thats exactly my problem .. and absolutely no idea why .. shouldnt it lokk
like the -D output of spamassassin
I attached my config also .. but i think its in the modules within
MS= 4.25.14-3
SA= 2.63
-c-
SYSLOG:
======
syslog says a bit more , but not really (both debug opts. are given )
Feb 4 16:50:05 tttprime MailScanner[13434]: MailScanner E-Mail Virus Scanner
version 4.25-14 starting...
Feb 4 16:50:06 tttprime MailScanner[13434]: Enabling SpamAssassin
auto-whitelist functionality...
Feb 4 16:50:14 tttprime MailScanner[13434]: lock.pl sees Config LockType =
posix
Feb 4 16:50:14 tttprime MailScanner[13434]: lock.pl sees have_module = 0
Feb 4 16:50:14 tttprime MailScanner[13434]: Using locktype = posix
Feb 4 16:50:14 tttprime MailScanner[13434]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Feb 4 16:50:29 tttprime MailScanner[13434]: New Batch: Scanning 1 messages,
592 bytes
Feb 4 16:50:29 tttprime MailScanner[13434]: MCP Checks completed at 592 bytes
per second
Feb 4 16:50:33 tttprime MailScanner[13434]: SpamAssassin returned 0
Feb 4 16:50:33 tttprime MailScanner[13434]: Spam Checks completed at 148
bytes per second
Feb 4 16:50:33 tttprime MailScanner[13434]: Created attachment dirs for 1
messages
Feb 4 16:50:34 tttprime MailScanner[13434]: Virus and Content Scanning:
Starting
Feb 4 16:50:34 tttprime MailScanner[13434]: Commencing scanning by f-prot...
Feb 4 16:50:34 tttprime MailScanner[13434]: Completed scanning by f-prot
Feb 4 16:50:34 tttprime MailScanner[13434]: Completed checking by /usr/bin/
file
Feb 4 16:50:34 tttprime MailScanner[13434]: Virus Scanning completed at 592
bytes per second
Feb 4 16:50:34 tttprime MailScanner[13434]: About to deliver 1 messages
Feb 4 16:50:34 tttprime MailScanner[13434]: Uninfected: Delivered 1 messages
Feb 4 16:50:34 tttprime MailScanner[13434]: Virus Processing completed at 592
bytes per second
Feb 4 16:50:34 tttprime MailScanner[13434]: Disinfection completed at 592
bytes per second
Feb 4 16:50:34 tttprime MailScanner[13434]: Batch completed at 118 bytes per
second (592 / 5)
Feb 4 16:50:34 tttprime MailScanner[13434]: MailScanner child dying of old
age
#####################################################################
Full config :
#####################################################################
%report-dir% = /etc/MailScanner/reports/en
%etc-dir% = /etc/MailScanner
%rules-dir% = /etc/MailScanner/rules
%org-name% = TTT
Max Children = 5
Run As User = Debian-exim
Run As Group = Debian-exim
Queue Scan Interval = 5
Incoming Queue Dir = /var/spool/exim4_incoming/input
Outgoing Queue Dir = /var/spool/exim4_outgoing/input
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner/MailScanner.pid
Restart Every = 14400
MTA = exim
Sendmail = /usr/lib/sendmail -oMr MailScanner
Sendmail2 = /usr/sbin/exim -C /etc/exim/exim4_outgoing.conf
-DMAILSCANNER_OUTGOING=On
Incoming Work User =
Incoming Work Group =
Incoming Work Permissions = 0600
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0600
Max Unscanned Bytes Per Scan = 100000000
Max Unsafe Bytes Per Scan = 50000000
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 1000
Maximum Attachments Per Message = 200
Expand TNEF = yes
Deliver Unparsable TNEF = no
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120
File Command = /usr/bin/file
File Timeout = 20
Maximum Message Size = 0
Maximum Attachment Size = -1
Virus Scanning = yes
Virus Scanners = f-prot
Virus Scanner Timeout = 300
Deliver Disinfected Files = yes
Silent Viruses = All-Viruses
Still Deliver Silent Viruses = yes
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allowed Sophos Error Messages =
Sophos IDE Dir = /usr/local/Sophos/ide
Sophos Lib Dir = /usr/local/Sophos/lib
Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd
Allow Partial Messages = no
Allow External Message Bodies = no
Allow IFrame Tags = no
Log IFrame Tags = no
Allow Form Tags = disarm
Allow Object Codebase Tags = no
Convert Dangerous HTML To Text = yes
Convert HTML To Text = no
Filename Rules = %etc-dir%/filename.rules.conf
Filetype Rules = %etc-dir%/filetype.rules.conf
Quarantine Infections = yes
Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no
Language Strings = %report-dir%/languages.conf
Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/
deleted.filename.message.txt
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report = %report-dir%/sender.content.report.txt
Sender Error Report = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report = %report-dir%/sender.virus.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = no
Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Clean Header Value = Found to be clean
Infected Header Value = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Multiple Headers = append
Hostname = MailScanner
Sign Messages Already Processed = no
Sign Clean Messages = no
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Unscanned Header Value = Not scanned: please contact your Internet E-Mail
Service Provider for details
Deliver Cleaned Messages = yes
Notify Senders = no
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Other Blocked Content = no
Never Notify Senders Of Precedence = list bulk
Scanned Modify Subject = no # end
Scanned Subject Text = [::Scanned::]
Virus Modify Subject = yes
Virus Subject Text = [::Virus?::]
Filename Modify Subject = yes
Filename Subject Text = [::Filename?::]
Content Modify Subject = yes
Content Subject Text = [::Blocked Content::]
Spam Modify Subject = yes
Spam Subject Text = [::Spam?::]
High Scoring Spam Modify Subject = yes
High Scoring Spam Subject Text = [::Spam::]
Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachment Encoding Charset = ISO-8859-15
Archive Mail =
Send Notices = no
Notices Include Full Headers = no
Hide Incoming Work Dir in Notices = no
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = MailScanner
Notices To = postmaster
Local Postmaster = postmaster
Spam List Definitions = %etc-dir%/spam.lists.conf
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
Spam Checks = yes
Spam List =
Spam Domain List =
Spam Lists To Reach High Score = 5
Spam List Timeout = 10
Max Spam List Timeouts = 7
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
Definite Spam Is High Scoring = yes
Use SpamAssassin = yes
Max SpamAssassin Size = 90000
Required SpamAssassin Score = 6
High SpamAssassin Score = 20
SpamAssassin Auto Whitelist = yes
SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
SpamAssassin Timeout = 40
Max SpamAssassin Timeouts = 20
Check SpamAssassin If On Spam List = yes
Always Include SpamAssassin Report = yes
Spam Score = yes
Spam Actions = striphtml attachment deliver
High Scoring Spam Actions = striphtml attachment deliver
Non Spam Actions = deliver
Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Syslog Facility = mail
Log Speed = yes
Log Spam = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix =
SpamAssassin Local Rules Dir = /etc/spamassassin
SpamAssassin Default Rules Dir = /usr/share/spamassassin
Use Default Rules With Multiple Recipients = yes
Debug = yes
Debug SpamAssassin = yes
Always Looked Up Last = no
Deliver In Background = yes
Delivery Method = queue
Split Exim Spool = no
Lockfile Dir = /tmp
Lock Type = posix
Minimum Code Status = supported
From sveinn at SVEINNG.COM Wed Feb 4 15:25:21 2004
From: sveinn at SVEINNG.COM (Sveinn G. Gunnarsson)
Date: Thu Jan 12 21:22:19 2006
Subject: FixMaliciousSubjects is cutting legim Subject lines.
In-Reply-To: <6.0.1.1.2.20040204093642.08455e48@imap.ecs.soton.ac.uk>
Message-ID: <200402041523.i14FNSwQ5906536@cg.c.is>
Hi Julian.
I have found that the FixMaliciousSubjects sub in SweepContent.pm is cutting
of non-exploit subject lines. These mails are sent from Lotus Notes server.
I have not seen this happening when receiving mail from other servers.
Here is a header-snip of one such email:
From: yy@yy.is
In-Reply-To:
Subject: Re: WinCABAS:
=?iso-8859-1?Q?Bifei=F0averkst=E6=F0i_=C1rna_G=EDslasonar_hf=2C_MV128-02?=
=?us-ascii?Q?=2E=2E?= =?iso-8859-1?Q?=ED__cabas=2C_G=F3l?=
To: xx@xx.is
I have disabled these three lines in SweepContent.pm to let these subjects
through, but a more elegant soulution would be nice :)
# $newsubject =~ s/\s{20,}.*\..{1,4}\s*$//; # Delete file extensions at end
of filename
# $newsubject =~ s/\s*$//g;
# $newsubject =~ s/\s{20,}//g;
Thanks in advance !
Sveinn G. Gunnarsson
UNIX Specialist
Og Vodafone
Sidumuli 28
108 Reykjavik
Iceland
www.ogvodafone.is
From martinh at SOLID-STATE-LOGIC.COM Wed Feb 4 15:27:17 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:22:19 2006
Subject: New installation -- and problems i never had
In-Reply-To: <200402041604.02066.mailing-oit@tttech.com>
References: <200402041604.02066.mailing-oit@tttech.com>
Message-ID: <40210F55.30804@solid-state-logic.com>
Christoph Resch wrote:
> Hello,
>
> recently set up another debian-sarge with MS+SA using exim ... the Virus and
> delivery part works fine, but icant find out how to help SA to do its work
>
> i run testmails with `date` as content and get fine response when parsing it
> on CLI ... so this works , but from within MS it seems that SA is not running
> properly ( i run MS with both debug-options and i get nothing useful on log)
>
> i used packages to install both software , and then ( after this troubles )
> reinstalled all important perl-mod via CPAN ..
>
> i also changed in /usr/sbin/MailScanner the require-argument fomr 5.005 to
> 5.8.2 .. but thats not the problem
>
> thanks for any suggestions
>
> best regards to all
>
> -c-
>
hi
When you say you see nothing useful in the debug, what do you see? Can
you send the output?
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
From mailscanner at ecs.soton.ac.uk Wed Feb 4 16:12:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: FixMaliciousSubjects is cutting legim Subject lines.
In-Reply-To: <200402041523.i14FNSwQ5906536@cg.c.is>
References: <6.0.1.1.2.20040204093642.08455e48@imap.ecs.soton.ac.uk>
<200402041523.i14FNSwQ5906536@cg.c.is>
Message-ID: <6.0.1.1.2.20040204161132.03b42008@imap.ecs.soton.ac.uk>
What is it reducing them to? I can't see anything in the code snippet that
would touch the sample subject line you gave.
At 15:25 04/02/2004, you wrote:
>Hi Julian.
>
>I have found that the FixMaliciousSubjects sub in SweepContent.pm is cutting
>of non-exploit subject lines. These mails are sent from Lotus Notes server.
>I have not seen this happening when receiving mail from other servers.
>
>Here is a header-snip of one such email:
>
>
>From: yy@yy.is
>In-Reply-To:
>
>Subject: Re: WinCABAS:
> =?iso-8859-1?Q?Bifei=F0averkst=E6=F0i_=C1rna_G=EDslasonar_hf=2C_MV128-02?=
> =?us-ascii?Q?=2E=2E?= =?iso-8859-1?Q?=ED__cabas=2C_G=F3l?=
>To: xx@xx.is
>
>
>I have disabled these three lines in SweepContent.pm to let these subjects
>through, but a more elegant soulution would be nice :)
>
># $newsubject =~ s/\s{20,}.*\..{1,4}\s*$//; # Delete file extensions at end
>of filename
># $newsubject =~ s/\s*$//g;
># $newsubject =~ s/\s{20,}//g;
>
>
>
>Thanks in advance !
>
>Sveinn G. Gunnarsson
>UNIX Specialist
>
>Og Vodafone
>Sidumuli 28
>108 Reykjavik
>Iceland
>www.ogvodafone.is
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From sysadmins at ENHTECH.COM Wed Feb 4 16:26:55 2004
From: sysadmins at ENHTECH.COM (Admin Team)
Date: Thu Jan 12 21:22:19 2006
Subject: Easily Training Spam Assassin?
In-Reply-To: <1075514831.21246.17.camel@jepdesk.projectdesign.com>
References: <0B646CB9C2952C46B0E819F6C42DA5DB19E856@lkl61.ltkalmar.se>
<6.0.1.1.2.20040129084433.03e2d220@imap.ecs.soton.ac.uk>
<1075514831.21246.17.camel@jepdesk.projectdesign.com>
Message-ID: <6.0.2.0.0.20040204110704.02458520@mail.enhtech.com>
I am trying to work out an ongoing method so that users with any user
agent, whether it be Outlook, or Eudora can easily submit spam/ham to an
account for proper classification. I am so overwhelmed by going through a
mailbox with hundreds of email's and sorting through each message. There
has to be an easier method and I was hoping someone could recommend that
method to me?
Errol Neal
From edu at ICARUS.COM.BR Wed Feb 4 16:38:20 2004
From: edu at ICARUS.COM.BR (Eduardo Andre)
Date: Thu Jan 12 21:22:19 2006
Subject: SpamAssassin Score
In-Reply-To: <6.0.2.0.0.20040204110704.02458520@mail.enhtech.com>
References: <0B646CB9C2952C46B0E819F6C42DA5DB19E856@lkl61.ltkalmar.se>
<6.0.1.1.2.20040129084433.03e2d220@imap.ecs.soton.ac.uk>
<1075514831.21246.17.camel@jepdesk.projectdesign.com>
<6.0.2.0.0.20040204110704.02458520@mail.enhtech.com>
Message-ID: <46352.200.244.152.3.1075912700.squirrel@10.0.1.3>
Hi,
somebody know what options MailScanner use in spamassassin command to
output the score of scannead emails?
Tnx.
Ed.
From jaearick at COLBY.EDU Wed Feb 4 17:06:56 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:22:19 2006
Subject: Fix for bayes rebuild bug on Solaris
In-Reply-To: <6.0.1.1.2.20040204093642.08455e48@imap.ecs.soton.ac.uk>
References: <6.0.1.1.2.20040202101726.07ace620@imap.ecs.soton.ac.uk>
<401E656B.16959.13A0CE4@localhost>
<6.0.1.1.2.20040202180427.037198c8@imap.ecs.soton.ac.uk>
<6.0.1.1.2.20040204093642.08455e48@imap.ecs.soton.ac.uk>
Message-ID:
Julian,
I applied the patch (had to do it by hand, an extra space in
there on the second chunk), uncommented bayes_auto_expire in
spam.assassin.prefs.conf, restarted. No apparent problems.
I just noticed the "autolearn=spam" note in mails tagged as spam
by SA. No mention of this in the docs. What is this about?
Jeff Earickson
Colby College
From raymond at PROLOCATION.NET Wed Feb 4 17:13:30 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:22:19 2006
Subject: Fix for bayes rebuild bug on Solaris
In-Reply-To:
Message-ID:
Hi!
> I applied the patch (had to do it by hand, an extra space in
> there on the second chunk), uncommented bayes_auto_expire in
> spam.assassin.prefs.conf, restarted. No apparent problems.
>
> I just noticed the "autolearn=spam" note in mails tagged as spam
> by SA. No mention of this in the docs. What is this about?
Most likely bayes autolearning ? :)
Bye,
Raymond.
From mailscanner at WOGRI.AT Wed Feb 4 17:17:27 2004
From: mailscanner at WOGRI.AT (Wolfgang Hennerbichler)
Date: Thu Jan 12 21:22:19 2006
Subject: (Kaspersky 5) Wrapper Script does not seem to work.
Message-ID: <1075915046.2886.77.camel@judas.stall>
Hi!
I am having heavy troubles using Mailscanner with Kaspersky version 5.0.
I want Mailscanner to start the client portion of kaspersky called
aveclient in version 5. I modified the wrapper-script slightly, and it
seems to work:
This is what the wrapper looks like:
===============================
#!/bin/sh
PackageDir=$1/bin
shift
Scanner=aveclient
ScanOptions="-p /var/run/aveserver -s "
if [ "x$1" = "x-IsItInstalled" ]; then
[ -x ${PackageDir}/$Scanner ] && exit 0
exit 1
fi
exec ${PackageDir}/$Scanner $ScanOptions "$@"
===============================================
when I start the wrapper-script like this: ./kavdaemonclient-wrapper /opt/kav/ /SampleVirus.exe
i get:
/SampleVirus.exe
INFECTED
LINFECTED I-Worm.Swen
so I assume this works. Also the return code ist other than zero:
./kavdaemonclient-wrapper /opt/kav/ /SampleVirus.exe > /dev/null && echo asfd
returns nothing, as it shoud.
The Problem is, that when Mailscanner starts this script, mailscanner never
detects any virus, although it SURELY starts the wrapper script (i tried this
with using a touch /tmp/asdf command just before the exec-part). Doesn't
Mailscanner look at the return-code of the program? Due to which criteria does
mailscanner decide that the object is a virus? I just don't know a solution.
Thank you for help!
wogri
--
wogri@wogri.at
http://www.wogri.at
--
wogri@wogri.at
http://www.wogri.at
From martinh at SOLID-STATE-LOGIC.COM Wed Feb 4 18:31:35 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:22:19 2006
Subject: New installation -- and problems i never had
In-Reply-To: <200402041704.38202.mailing-oit@tttech.com>
References: <200402041604.02066.mailing-oit@tttech.com>
<200402041636.00869.mailing-oit@tttech.com>
<402112F8.5070001@solid-state-logic.com>
<200402041704.38202.mailing-oit@tttech.com>
Message-ID: <1202.81.86.182.54.1075919495.squirrel@mail.solid-state-logic.com>
>> MailScanner.conf. I get lot more info about the SA setup when I set
>> that...
>
> ;-) thats exactly my problem .. and absolutely no idea why .. shouldnt it
> lokk
> like the -D output of spamassassin
>
> I attached my config also .. but i think its in the modules within
> MS= 4.25.14-3
> SA= 2.63
>
>
> -c-
>
> Log Spam = no
Try changing that to yes..
the output when using debug (in my case) drops to the terminal, rather
than syslog, so it would be good to get a dump from that too..
Also how did you install SA? from the RPM's or from CPAN. If you installed
from the RPM's do it from CPAN instead, that way you know you have all the
dependencies.
It's also worth checking that all the MailScanner perl modules are
installed as well, again CPAN is useful in this and better than the RPM's.
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
From test at NEXTMILL.NET Wed Feb 4 18:40:15 2004
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:22:19 2006
Subject: Announce: MailWatch for MailScanner 0.5
Message-ID:
Fedora Core 1
MailWatch .5
Perl-DBD-mysql-2.9002-1.i386.rpm does this:
Feb 4 10:14:51 mailcheck MailScanner[4329]: Database ping failure
attempting to re-connect
Feb 4 10:14:51 mailcheck MailScanner[4266]: Cannot insert row: MySQL
server has gone away
So I tried using Perl-DBD-mysql-2.1028 and it just pauses on the
MailScanner[xxxxx]: Initialising database connection
line for about 4 seconds and then continues thru, nothing gets delivered.
Nothing is logged to the Mysql Database.
Mailscanner/Mailwatch web interface accesses database fine
New database setup, using root username and a root password,
/usr/lib/MailScanner/MailScanner/Mailwatch.pm has correct root
username/pw/localhost settings
Any advise or troubleshooting techniques would be greatly appreciated
From mkettler at EVI-INC.COM Wed Feb 4 16:46:41 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:22:19 2006
Subject: Easily Training Spam Assassin?
In-Reply-To: <6.0.2.0.0.20040204110704.02458520@mail.enhtech.com>
References: <0B646CB9C2952C46B0E819F6C42DA5DB19E856@lkl61.ltkalmar.se>
<6.0.1.1.2.20040129084433.03e2d220@imap.ecs.soton.ac.uk>
<1075514831.21246.17.camel@jepdesk.projectdesign.com>
<6.0.2.0.0.20040204110704.02458520@mail.enhtech.com>
Message-ID: <6.0.0.22.0.20040204114321.02617a00@xanadu.evi-inc.com>
At 11:26 AM 2/4/2004, Admin Team wrote:
>I am trying to work out an ongoing method so that users with any user
>agent, whether it be Outlook, or Eudora can easily submit spam/ham to an
>account for proper classification. I am so overwhelmed by going through a
>mailbox with hundreds of email's and sorting through each message. There
>has to be an easier method and I was hoping someone could recommend that
>method to me?
The best recommendation I've heard is to have users forward their spam/ham
as an attachment with COMPLETE headers.
Then set up an account, ie: spam_training27@evi-inc.com, and use procmail
or some other system to automatically strip off attachments to the address
and feed em to sa-learn.
However, this will only work if your users mailclient is capable of
forwarding as an attachment with complete headers... normal forwards with
inline text won't work.
I'd be VERY careful about training mail that has damaged headers.. SA
learns a lot from the headers..
From mkettler at EVI-INC.COM Wed Feb 4 16:49:14 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:22:19 2006
Subject: SpamAssassin Score
In-Reply-To: <46352.200.244.152.3.1075912700.squirrel@10.0.1.3>
References: <0B646CB9C2952C46B0E819F6C42DA5DB19E856@lkl61.ltkalmar.se>
<6.0.1.1.2.20040129084433.03e2d220@imap.ecs.soton.ac.uk>
<1075514831.21246.17.camel@jepdesk.projectdesign.com>
<6.0.2.0.0.20040204110704.02458520@mail.enhtech.com>
<46352.200.244.152.3.1075912700.squirrel@10.0.1.3>
Message-ID: <6.0.0.22.0.20040204114724.027f8e48@xanadu.evi-inc.com>
At 11:38 AM 2/4/2004, you wrote:
>somebody know what options MailScanner use in spamassassin command to
>output the score of scannead emails?
Your english is a bit rough, so it's tough for me to understand exactly
what your asking.
It looks like you're wondering what options MailScanner passes to
spamassassin. It doesn't.
MailScanner doesn't use the spamassassin command-line.. it directly loads
the perl API and calls that.
From mailscanner at ecs.soton.ac.uk Wed Feb 4 18:55:31 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: (Kaspersky 5) Wrapper Script does not seem to work.
In-Reply-To: <1075915046.2886.77.camel@judas.stall>
References: <1075915046.2886.77.camel@judas.stall>
Message-ID: <6.0.1.1.2.20040204185443.037b79b0@imap.ecs.soton.ac.uk>
At 17:17 04/02/2004, you wrote:
>Hi!
>
>I am having heavy troubles using Mailscanner with Kaspersky version 5.0.
>
>I want Mailscanner to start the client portion of kaspersky called
>aveclient in version 5. I modified the wrapper-script slightly, and it
>seems to work:
>
>This is what the wrapper looks like:
>
>===============================
>#!/bin/sh
>PackageDir=$1/bin
>shift
>Scanner=aveclient
>
>ScanOptions="-p /var/run/aveserver -s "
>
>if [ "x$1" = "x-IsItInstalled" ]; then
> [ -x ${PackageDir}/$Scanner ] && exit 0
> exit 1
>fi
>
>exec ${PackageDir}/$Scanner $ScanOptions "$@"
>
>===============================================
>
>
>when I start the wrapper-script like this: ./kavdaemonclient-wrapper
>/opt/kav/ /SampleVirus.exe
>
>i get:
>
>/SampleVirus.exe
>INFECTED
>LINFECTED I-Worm.Swen
>
>so I assume this works. Also the return code ist other than zero:
> ./kavdaemonclient-wrapper /opt/kav/ /SampleVirus.exe > /dev/null && echo
> asfd
>
>returns nothing, as it shoud.
>
>The Problem is, that when Mailscanner starts this script, mailscanner never
>detects any virus, although it SURELY starts the wrapper script (i tried this
>with using a touch /tmp/asdf command just before the exec-part). Doesn't
>Mailscanner look at the return-code of the program?
No. That only tells it that it found a virus somewhere. It scans lots of
messages at once, and parses the output of the virus scanner.
> Due to which criteria does
>mailscanner decide that the object is a virus? I just don't know a solution.
>
>Thank you for help!
>
>wogri
>
>--
>wogri@wogri.at
>http://www.wogri.at
>--
>wogri@wogri.at
>http://www.wogri.at
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Wed Feb 4 18:53:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: Fix for bayes rebuild bug on Solaris
In-Reply-To:
References:
Message-ID: <6.0.1.1.2.20040204185322.03763bf8@imap.ecs.soton.ac.uk>
At 17:13 04/02/2004, you wrote:
>Hi!
>
> > I applied the patch (had to do it by hand, an extra space in
> > there on the second chunk), uncommented bayes_auto_expire in
> > spam.assassin.prefs.conf, restarted. No apparent problems.
> >
> > I just noticed the "autolearn=spam" note in mails tagged as spam
> > by SA. No mention of this in the docs. What is this about?
>
>Most likely bayes autolearning ? :)
Someone wanted notification of when a message was auto-learned, so they got
it.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From jflowers at EZO.NET Wed Feb 4 19:08:12 2004
From: jflowers at EZO.NET (Jim Flowers)
Date: Thu Jan 12 21:22:19 2006
Subject: Redirecting multiple domains to multiple mail servers
Message-ID: <20040204190812.M93179@ezo.net>
Assuming sendmail for your outbound transport, there are seemingly endless
possibilities. Perhaps the simplest all-in-one method is to use mailertable
entrys:
domain1.com server1.whatever.com
domain2.com server6.whatever.com
domainsoandso.com server2.whatever.com
domainwhatnot.com [192.168.0.101]
Note that you can avoid some potential dns looping problems by using ip
addresses and including them in the brackets [] to prevent lookups. If you
anticipate multiple fqdn (including host portion) then you may also want to
include:
.domain1.com server1.whatever.com
.domain2.com server6.whatever.com
.domainsoandso.com server2.whatever.com
.domainwhatnot.com [192.168.0.101]
You will also have to identify these as acceptable domains using a relay-
domains table or, if you prefer, virtual-domains after adding
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains')
to your mc file. You DON'T want to identify them as local.
The access file can still be used in all it's glory but you can't use
virtusertable to reroute individual users as mailertable bypasses that.
With a relay, using access to validate real users and reject all others is
probably a good idea but can be tedious if you have many users (say more
than 100).
If routing user1@domain1.com to one mail server and user2@domain1.com to a
different mail server is needed there are better approaches using
virtusertable or aliases.
original message -----------------------------------------
domain1.com ----> server1.whatever.com
domain2.com ----> server6.whatever.com
domainsoandso.com ----> server2.whatever.com
domainwhatnot.com ----> 192.168.0.101
--
Jim Flowers
From campbell at CNPAPERS.COM Wed Feb 4 19:11:45 2004
From: campbell at CNPAPERS.COM (Stephe Campbell)
Date: Thu Jan 12 21:22:19 2006
Subject: Upgrade Autolearn problems
Message-ID: <002401c3eb52$bcccf460$5001a8c0@cnpapers.net>
I upgraded to the latest greatest on Monday. I noticed the listing about
having to whitelist this mailing list today and thought nothing of it, as I
have always received the mailings from this list.
I upgraded MailWatch today, and was watching the screen go by, and noticed
that this list was flagged as spam. So I looked at the headers and sure
enough, there is an "autolearn" component in the header. After going back to
when the upgrade of MS took place and reviewing some of those headers, they
too have "autolearn". Now I'm not getting any mail at all.
I checked my MailScanner.conf and it has the following in it:
SpamAssassin Auto Whitelist = no
So now I'm lost. And I also don't know if I'll ever hear from you again.
Is there some new function in the new MS that turns this on, related to
something else?
Steve Campbell
campbell@cnpapers.com
Charleston Newspapers
From campbell at CNPAPERS.COM Wed Feb 4 19:15:40 2004
From: campbell at CNPAPERS.COM (Stephe Campbell)
Date: Thu Jan 12 21:22:19 2006
Subject: Upgrade Autolearn problems
Message-ID: <004b01c3eb53$472f4900$5001a8c0@cnpapers.net>
After whitelisting this mail list, I am now receiving from you all again, so
maybe I will hear from you again.
Steve Campbell
campbell@cnpapers.com
Charleston Newspapers
From hermit921 at YAHOO.COM Wed Feb 4 19:18:08 2004
From: hermit921 at YAHOO.COM (hermit921)
Date: Thu Jan 12 21:22:19 2006
Subject: untagged messages
In-Reply-To:
References:
Message-ID: <6.0.0.22.2.20040204104406.01e4a2b8@pop.mail.yahoo.com>
I am still trying to figure out why some messages don't get tagged by
MailScanner 4-23, postfix 2. Every email should get tagged with at least
one MailScanner header, but some don't.
I came up with an idea. Is this feasible:
Spammer sets up his client to use our mail server as his smtp
gateway. Should work for any message addressed to a user in our domain,
but he can't send mail outside. So spammer addresses a message to
usera@mydomain, with CC or BCC to userb, userc, userd, etc. Now I get
fuzzy....
One message appears here, postfix dumps it in the hold queue. Postfix
splits it up at the same time, so only the original message gets the
MailScanner headers. Since I can't track the original, I can't verify the
presence of headers.
Am I way off?
From acschmitt at BPA.GOV Wed Feb 4 19:42:31 2004
From: acschmitt at BPA.GOV (Schmitt, Andy C - CIDD-2)
Date: Thu Jan 12 21:22:19 2006
Subject: untagged messages
Message-ID: <242663BECAD80B4DAAF2E62788F96917044F3401@exhq01.bud.bpa.gov>
This may be completely off base, since I don't know if you already posted your network config, but are you delivering directly to Unix accounts after MailScanner, or forwarding on to an Exchange box on an internal network?
The reason why I ask is that here, we use MS Exchange for internal mail, and it seems like headers get replaced at random times by the words "Microsoft Mail Internet Headers 2.0" followed by a sanitized version of headers, which still shows the server route, but nothing useful such as MailScanner headers. I've heard vague rumors as to why this happens, but have not heard of anyone being able to fix it.
-----Original Message-----
From: hermit921 [mailto:hermit921@YAHOO.COM]
Sent: Wednesday, February 04, 2004 11:18 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: untagged messages
I am still trying to figure out why some messages don't get tagged by
MailScanner 4-23, postfix 2. Every email should get tagged with at least
one MailScanner header, but some don't.
I came up with an idea. Is this feasible:
Spammer sets up his client to use our mail server as his smtp
gateway. Should work for any message addressed to a user in our domain,
but he can't send mail outside. So spammer addresses a message to
usera@mydomain, with CC or BCC to userb, userc, userd, etc. Now I get
fuzzy....
One message appears here, postfix dumps it in the hold queue. Postfix
splits it up at the same time, so only the original message gets the
MailScanner headers. Since I can't track the original, I can't verify the
presence of headers.
Am I way off?
From mailscanner at ecs.soton.ac.uk Wed Feb 4 21:31:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: Upgrade Autolearn problems
In-Reply-To: <002401c3eb52$bcccf460$5001a8c0@cnpapers.net>
References: <002401c3eb52$bcccf460$5001a8c0@cnpapers.net>
Message-ID: <6.0.1.1.2.20040204213109.03d1b320@imap.ecs.soton.ac.uk>
At 19:11 04/02/2004, you wrote:
>I upgraded to the latest greatest on Monday. I noticed the listing about
>having to whitelist this mailing list today and thought nothing of it, as I
>have always received the mailings from this list.
>
>I upgraded MailWatch today, and was watching the screen go by, and noticed
>that this list was flagged as spam. So I looked at the headers and sure
>enough, there is an "autolearn" component in the header. After going back to
>when the upgrade of MS took place and reviewing some of those headers, they
>too have "autolearn". Now I'm not getting any mail at all.
>
>I checked my MailScanner.conf and it has the following in it:
>
>SpamAssassin Auto Whitelist = no
Autolearn is related to the Bayes engine, it's nothing to do with
auto-whitelisting.
>So now I'm lost. And I also don't know if I'll ever hear from you again.
>
>Is there some new function in the new MS that turns this on, related to
>something else?
>
>
>
>Steve Campbell
>campbell@cnpapers.com
>Charleston Newspapers
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From campbell at CNPAPERS.COM Wed Feb 4 21:18:06 2004
From: campbell at CNPAPERS.COM (Stephe Campbell)
Date: Thu Jan 12 21:22:19 2006
Subject: Fix for bayes rebuild bug on Solaris
Message-ID: <00ae01c3eb64$622429e0$5001a8c0@cnpapers.net>
Mr. Field,
Can you explain what you mean by your reply to the reference to the
autolearn=spam
"Someone wanted notification of when a message was auto-learned, so they got
it."
This is causing quite a problem here and I do not know where it's coming
from or how to stop it. Is this related anyway to MailWatch. And I also
haven't noticed any material to read.
Please and thank you.
Steve Campbell
campbell@cnpapers.com
Charleston Newspapers
From hermit921 at yahoo.com Wed Feb 4 20:06:33 2004
From: hermit921 at yahoo.com (hermit921)
Date: Thu Jan 12 21:22:19 2006
Subject: untagged messages
In-Reply-To: <242663BECAD80B4DAAF2E62788F96917044F3401@exhq01.bud.bpa.go v>
References: <242663BECAD80B4DAAF2E62788F96917044F3401@exhq01.bud.bpa.gov>
Message-ID: <6.0.0.22.2.20040204120547.01e66e88@pop.mail.yahoo.com>
Postfix sends mail on to our internal mail server running sendmail on unix.
hermit921
At 11:42 AM 2/4/2004, you wrote:
>This may be completely off base, since I don't know if you already posted
>your network config, but are you delivering directly to Unix accounts
>after MailScanner, or forwarding on to an Exchange box on an internal network?
>
>The reason why I ask is that here, we use MS Exchange for internal mail,
>and it seems like headers get replaced at random times by the words
>"Microsoft Mail Internet Headers 2.0" followed by a sanitized version of
>headers, which still shows the server route, but nothing useful such as
>MailScanner headers. I've heard vague rumors as to why this happens, but
>have not heard of anyone being able to fix it.
>
>
>-----Original Message-----
>From: hermit921 [mailto:hermit921@YAHOO.COM]
>Sent: Wednesday, February 04, 2004 11:18 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: untagged messages
>
>
>I am still trying to figure out why some messages don't get tagged by
>MailScanner 4-23, postfix 2. Every email should get tagged with at least
>one MailScanner header, but some don't.
>
>I came up with an idea. Is this feasible:
>Spammer sets up his client to use our mail server as his smtp
>gateway. Should work for any message addressed to a user in our domain,
>but he can't send mail outside. So spammer addresses a message to
>usera@mydomain, with CC or BCC to userb, userc, userd, etc. Now I get
>fuzzy....
>
>One message appears here, postfix dumps it in the hold queue. Postfix
>splits it up at the same time, so only the original message gets the
>MailScanner headers. Since I can't track the original, I can't verify the
>presence of headers.
>
>Am I way off?
From jflowers at EZO.NET Wed Feb 4 20:06:58 2004
From: jflowers at EZO.NET (Jim Flowers)
Date: Thu Jan 12 21:22:19 2006
Subject: Mailscanner & Freebsd
Message-ID: <20040204200659.M8361@ezo.net>
You would probably have much better luck installing the FreeBSD port (which
is where mta.sh and mailscanner.sh come from) instead of the method in
INSTALL.FreeBSD. It puts things in the usual FreeBSD places and uses
traditional FreeBSD methods as well as installing any depends that are
needed.
The port maintainer may be a few versions behind (4.26.4) because MS is
evolving so rapidly. Not to worry. Just download the latest version
(MailScanner-4.26.7-1.tar.gz) to /usr/ports/distfiles and run md5
MailScanner-4.26.7-1.tar.gz to give you the line to update the port distinfo
and edit the Makefile to include:
PORTVERSION= 4.26.7
DISTNAME= MailScanner-4.26.7
DISTFILES= MailScanner-4.26.7-1.tar.gz
and run make; make install. Some details in the FreeBSD README file.
--
Jim Flowers
From mailscanner at ecs.soton.ac.uk Wed Feb 4 21:57:52 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: Fix for bayes rebuild bug on Solaris
In-Reply-To: <00ae01c3eb64$622429e0$5001a8c0@cnpapers.net>
References: <00ae01c3eb64$622429e0$5001a8c0@cnpapers.net>
Message-ID: <6.0.1.1.2.20040204215641.03cf3690@imap.ecs.soton.ac.uk>
At 21:18 04/02/2004, you wrote:
>Mr. Field,
>
>Can you explain what you mean by your reply to the reference to the
>autolearn=spam
It's merely an indication that the message was autolearned by the Bayes
database as being ham or spam.
>"Someone wanted notification of when a message was auto-learned, so they got
>it."
>
>This is causing quite a problem here and I do not know where it's coming
>from or how to stop it.
Why is it a problem? I don't understand. It's just a little notification,
it wasn't intended to cause any problems for anyone.
> Is this related anyway to MailWatch.
No.
> And I also
>haven't noticed any material to read.
>
>Please and thank you.
>
>Steve Campbell
>campbell@cnpapers.com
>Charleston Newspapers
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at ecs.soton.ac.uk Wed Feb 4 22:07:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: Fix for bayes rebuild bug on Solaris
In-Reply-To: <00ae01c3eb64$622429e0$5001a8c0@cnpapers.net>
References: <00ae01c3eb64$622429e0$5001a8c0@cnpapers.net>
Message-ID: <6.0.1.1.2.20040204220627.0453f608@imap.ecs.soton.ac.uk>
Feel free to comment out line 437 of SA.pm if you don't like it. It just
says this:
$longHitList .= ", autolearn=$AutoLearn" unless $AutoLearn eq 'no';
At 21:18 04/02/2004, you wrote:
>Mr. Field,
>
>Can you explain what you mean by your reply to the reference to the
>autolearn=spam
>
>"Someone wanted notification of when a message was auto-learned, so they got
>it."
>
>This is causing quite a problem here and I do not know where it's coming
>from or how to stop it. Is this related anyway to MailWatch. And I also
>haven't noticed any material to read.
>
>Please and thank you.
>
>Steve Campbell
>campbell@cnpapers.com
>Charleston Newspapers
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From campbell at CNPAPERS.COM Wed Feb 4 21:54:18 2004
From: campbell at CNPAPERS.COM (Stephe Campbell)
Date: Thu Jan 12 21:22:19 2006
Subject: Upgrade Autolearn problems
References: <002401c3eb52$bcccf460$5001a8c0@cnpapers.net>
<6.0.1.1.2.20040204213109.03d1b320@imap.ecs.soton.ac.uk>
Message-ID: <00c601c3eb69$70d4e600$5001a8c0@cnpapers.net>
Mr. Field,
OK, my mistake. Total confusion here on my part.
Thanks for the quick answer. Do you have any ideas though on why the list
began catching a high bayes score. Do I need to "refresh" my Bayes files
(relearn or something)? Almost everything is receiving high Bayesian
probabilities. Seems like a SA problem, but I haven't changed that for a
while.
Thanks and sorry for the extra effort I caused.
Steve Campbell
campbell@cnpapers.com
Charleston Newspapers
----- Original Message -----
From: "Julian Field"
To:
Sent: Wednesday, February 04, 2004 4:31 PM
Subject: Re: Upgrade Autolearn problems
> At 19:11 04/02/2004, you wrote:
> >I upgraded to the latest greatest on Monday. I noticed the listing about
> >having to whitelist this mailing list today and thought nothing of it, as
I
> >have always received the mailings from this list.
> >
> >I upgraded MailWatch today, and was watching the screen go by, and
noticed
> >that this list was flagged as spam. So I looked at the headers and sure
> >enough, there is an "autolearn" component in the header. After going back
to
> >when the upgrade of MS took place and reviewing some of those headers,
they
> >too have "autolearn". Now I'm not getting any mail at all.
> >
> >I checked my MailScanner.conf and it has the following in it:
> >
> >SpamAssassin Auto Whitelist = no
>
> Autolearn is related to the Bayes engine, it's nothing to do with
> auto-whitelisting.
>
>
> >So now I'm lost. And I also don't know if I'll ever hear from you again.
> >
> >Is there some new function in the new MS that turns this on, related to
> >something else?
> >
> >
> >
> >Steve Campbell
> >campbell@cnpapers.com
> >Charleston Newspapers
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From jaearick at COLBY.EDU Wed Feb 4 21:53:25 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:22:19 2006
Subject: Fix for bayes rebuild bug on Solaris
In-Reply-To: <00ae01c3eb64$622429e0$5001a8c0@cnpapers.net>
References: <00ae01c3eb64$622429e0$5001a8c0@cnpapers.net>
Message-ID:
Y'all,
I'm running 4.26.8 with the following settings on Solaris 9,
with no problems due to the bayes autolearn (but I'm worried because
of your tale of woe):
* SpamAssassin Auto Whitelist = no
* the patch to SA.pm that Julian put out this morning
* uncommented "bayes_auto_expire 0" in spam.assassin.prefs.conf,
per Julian's patch instructions this morning.
* I have the auto_whitelist_path defined in this file, but there
is no whitelist file in /var/spool/spamassassin. I wouldn't expect
there to be. I ran auto-whitelist once in the past, but it was
such a pig that I turned it off, per Julian's advice.
Do you have gobs of lock and/or expire files in /var/spool/spamassassin?
What OS are you running on? Have you disabled any force-expire or
force-rebuild in your ham/spam autolearn script?
I've checked my spamassassin tagging numbers for today, both regular
and high-test spam, and my numbers look about right. If everything
was getting tagged as spam my phone would be ringing.
Jeff Earickson
Colby College
PS. Note to Southerners on this list. Please don't be offended by
my "Y'all" greeting that I sometimes use in my emails. Having lived
in Mississippi and Alabama for many years, I have concluded that this
pronoun is one of the South's great contributions to the English language.
I once had an HP software engineer in Atlanta blow up because he
thought my emails were poking fun at the Southern dialect (I live in Maine now).
It was a total misunderstanding on his part and I hope not to repeat it.
Now if the Queen would only use "Y'all", the revival of second-person
plural in English would be complete.
On Wed, 4 Feb 2004, Stephe Campbell wrote:
> Date: Wed, 4 Feb 2004 16:18:06 -0500
> From: Stephe Campbell
> Reply-To: MailScanner mailing list
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Fix for bayes rebuild bug on Solaris
>
> Mr. Field,
>
> Can you explain what you mean by your reply to the reference to the
> autolearn=spam
>
> "Someone wanted notification of when a message was auto-learned, so they got
> it."
>
> This is causing quite a problem here and I do not know where it's coming
> from or how to stop it. Is this related anyway to MailWatch. And I also
> haven't noticed any material to read.
>
> Please and thank you.
>
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
>
From mailscanner at ecs.soton.ac.uk Wed Feb 4 22:28:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:22:19 2006
Subject: Upgrade Autolearn problems
In-Reply-To: <00c601c3eb69$70d4e600$5001a8c0@cnpapers.net>
References: <002401c3eb52$bcccf460$5001a8c0@cnpapers.net>
<6.0.1.1.2.20040204213109.03d1b320@imap.ecs.soton.ac.uk>
<00c601c3eb69$70d4e600$5001a8c0@cnpapers.net>
Message-ID: <6.0.1.1.2.20040204222736.0414fed0@imap.ecs.soton.ac.uk>
It's possible your Bayes database has been poisoned beyond recovery :-(
No ideas otherwise, I'm afraid.
At 21:54 04/02/2004, you wrote:
>Mr. Field,
>
>OK, my mistake. Total confusion here on my part.
>
>Thanks for the quick answer. Do you have any ideas though on why the list
>began catching a high bayes score. Do I need to "refresh" my Bayes files
>(relearn or something)? Almost everything is receiving high Bayesian
>probabilities. Seems like a SA problem, but I haven't changed that for a
>while.
>
>Thanks and sorry for the extra effort I caused.
>
>Steve Campbell
>campbell@cnpapers.com
>Charleston Newspapers
>
>
>----- Original Message -----
>From: "Julian Field"
>To:
>Sent: Wednesday, February 04, 2004 4:31 PM
>Subject: Re: Upgrade Autolearn problems
>
>
> > At 19:11 04/02/2004, you wrote:
> > >I upgraded to the latest greatest on Monday. I noticed the listing about
> > >having to whitelist this mailing list today and thought nothing of it, as
>I
> > >have always received the mailings from this list.
> > >
> > >I upgraded MailWatch today, and was watching the screen go by, and
>noticed
> > >that this list was flagged as spam. So I looked at the headers and sure
> > >enough, there is an "autolearn" component in the header. After going back
>to
> > >when the upgrade of MS took place and reviewing some of those headers,
>they
> > >too have "autolearn". Now I'm not getting any mail at all.
> > >
> > >I checked my MailScanner.conf and it has the following in it:
> > >
> > >SpamAssassin Auto Whitelist = no
> >
> > Autolearn is related to the Bayes engine, it's nothing to do with
> > auto-whitelisting.
> >
> >
> > >So now I'm lost. And I also don't know if I'll ever hear from you again.
> > >
> > >Is there some new function in the new MS that turns this on, related to
> > >something else?
> > >
> > >
> > >
> > >Steve Campbell
> > >campbell@cnpapers.com
> > >Charleston Newspapers
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From mailscanner at WOGRI.AT Thu Feb 5 07:18:38 2004
From: mailscanner at WOGRI.AT (Wolfgang Hennerbichler)
Date: Thu Jan 12 21:22:19 2006
Subject: (Kaspersky 5) Wrapper Script does not seem to work.
In-Reply-To: <6.0.1.1.2.20040204185443.037b79b0@imap.ecs.soton.ac.uk>
References: <1075915046.2886.77.camel@judas.stall>
<6.0.1.1.2.20040204185443.037b79b0@imap.ecs.soton.ac.uk>
Message-ID: <1075965518.2885.95.camel@judas.stall>
On Wed, 2004-02-04 at 19:55, Julian Field wrote:
> >The Problem is, that when Mailscanner starts this script, mailscanner never
> >detects any virus, although it SURELY starts the wrapper script (i tried this
> >with using a touch /tmp/asdf command just before the exec-part). Doesn't
> >Mailscanner look at the return-code of the program?
>
> No. That only tells it that it found a virus somewhere. It scans lots of
> messages at once, and parses the output of the virus scanner.
Ah. Sounds logically. So I guess the only chance I have, is to upgrade
Mailscanner (I have a debian-box, on which this scenario (without the
daemons, but I read what Julian thinks about virus-scanner daemons)
works perfectly, and mailscanner is in a new version.
Hm... I wonder, if I upgrade this box (it is a SuSE 7.2), rpm behaves as
.deb, and does not overwrite my config-files, or asks to overwrite. I
don't have much experience with rpms.
Thank you, Julian
wogri
--
wogri@wogri.at
http://www.wogri.at
From campbell at CNPAPERS.COM Wed Feb 4 23:04:34 2004
From: campbell at CNPAPERS.COM (Stephe Campbell)
Date: Thu Jan 12 21:22:19 2006
Subject: Upgrade Autolearn problems
References: <002401c3eb52$bcccf460$5001a8c0@cnpapers.net>
<6.0.1.1.2.20040204213109.03d1b320@imap.ecs.soton.ac.uk>
<00c601c3eb69$70d4e600$5001a8c0@cnpapers.net>
<6.0.1.1.2.20040204222736.0414fed0@imap.ecs.soton.ac.uk>
Message-ID: <001d01c3eb73$419ed300$5001a8c0@cnpapers.net>
Mr. Field:
Looks like a pretty good idea to me. Mail is flowing again after I deleted
my Bayes files.
Now that I've had experience with this and know a little about what I'm
thinking, will the new expiry (Rebuild Bayes Every) function in MS generally
take care of this?
Steve Campbell
campbell@cnpapers.com
Charleston Newspapers
----- Original Message -----
From: "Julian Field"
To:
Sent: Wednesday, February 04, 2004 5:28 PM
Subject: Re: Upgrade Autolearn problems
> It's possible your Bayes database has been poisoned beyond recovery :-(
> No ideas otherwise, I'm afraid.
>
> At 21:54 04/02/2004, you wrote:
> >Mr. Field,
> >
> >OK, my mistake. Total confusion here on my part.
> >
> >Thanks for the quick answer. Do you have any ideas though on why the list
> >began catching a high bayes score. Do I need to "refresh" my Bayes files
> >(relearn or something)? Almost everything is receiving high Bayesian
> >probabilities. Seems like a SA problem, but I haven't changed that for a
> >while.
> >
> >Thanks and sorry for the extra effort I caused.
> >
> >Steve Campbell
> >campbell@cnpapers.com
> >Charleston Newspapers
> >
> >
> >----- Original Message -----
> >From: "Julian Field"
> >To:
> >Sent: Wednesday, February 04, 2004 4:31 PM
> >Subject: Re: Upgrade Autolearn problems
> >
> >
> > > At 19:11 04/02/2004, you wrote:
> > > >I upgraded to the latest greatest on Monday. I noticed the listing
about
> > > >having to whitelist this mailing list today and thought nothing of
it, as
> >I
> > > >have always received the mailings from this list.
> > > >
> > > >I upgraded MailWatch today, and was watching the screen go by, and
> >noticed
> > > >that this list was flagged as spam. So I looked at the headers and
sure
> > > >enough, there is an "autolearn" component in the header. After going
back
> >to
> > > >when the upgrade of MS took place and reviewing some of those
headers,
> >they
> > > >too have "autolearn". Now I'm not getting any mail at all.
> > > >
> > > >I checked my MailScanner.conf and it has the following in it:
> > > >
> > > >SpamAssassin Auto Whitelist = no
> > >
> > > Autolearn is related to the Bayes engine, it's nothing to do with
> > > auto-whitelisting.
> > >
> > >
> > > >So now I'm lost. And I also don't know if I'll ever hear from you
again.
> > > >
> > > >Is there some new function in the new MS that turns this on, related
to
> > > >something else?
> > > >
> > > >
> > > >
> > > >Steve Campbell
> > > >campbell@cnpapers.com
> > > >Charleston Newspapers
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > Professional Support Services at www.MailScanner.biz
> > > MailScanner thanks transtec Computers for their support
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From frmitchell at BROOKES.AC.UK Wed Feb 4 23:05:47 2004
From: frmitchell at BROOKES.AC.UK (Faye Mitchell)
Date: Thu Jan 12 21:22:19 2006
Subject: Debian wierdness
Message-ID: <40217ACB.28029.5860BD9@localhost>
Hi,
Just curious (and hopefull) - has any other debian user experienced
this?
Mailscanner/exim/SpamAssassin combo working perfectly (although
struggling a little under MyDoom :-) ) on my little debian box. Next day,
Mailscanner is pointblankly refusing to copy messages from the
incoming exim mail spool to the outgoing one. The previous evening I
installed routed and I noticed dselect picked up some security updates
for perl modules. Apart from that, no change to the box or to any of the
config files.
I tried putting Mailscanner into debug mode, but all mailscanner is
saying is that it's starting and then no more logs from Mailscanner. It's
still happily running as witnessed by top, and kicking in and out as it
should - it's just not doing anything :-(. I tried putting the AV to none
(thinking that may Sophos was causing the problem), but still no joy :-(
I tried doing a debug run and it seemed to be trying to start up SA
(despite the Spam Checks config option being set to no - for a variety
of reasons (primarily performance related) I want exim to do the Spam
checks, not MailScanner) and getting no where. I altered the config file
so that use SpamAssassin was set to no, and commented out the lines
in the mail MailScanner prog that initialised it to be on the safe side.
And now it starts working.
Has anybody else experienced this and knows why it behaved the way
it did? I've got the thing working, but I'd kind of like to know why it
stopped working in the first place!
TTFN
Faye
--
-=+=-
Faye Mitchell, Senior Lecturer,
Department of Computing,
Oxford Brookes University
email frmitchell@brookes.ac.uk
WWW http://wwwcms.brookes.ac.uk/~p0072371/
PGP public Key @
http://macallan.brookes.ac.uk/Personal/pgp/dr.f.mitchell.asc
Tel. Work +44 1865 48 4544
Disclaimer: The views represented here, should in no way be taken to
be the opinion or views of Oxford Brookes University.
-=+=-
Thought for the day:
Light? Heck I can't even see the tunnel!
From peter at UCGBOOK.COM Wed Feb 4 23:07:36 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:22:19 2006
Subject: Upgrade Autolearn problems
In-Reply-To: <001d01c3eb73$419ed300$5001a8c0@cnpapers.net>
References: <002401c3eb52$bcccf460$5001a8c0@cnpapers.net>
<6.0.1.1.2.20040204213109.03d1b320@imap.ecs.soton.ac.uk>
<00c601c3eb69$70d4e600$5001a8c0@cnpapers.net>
<6.0.1.1.2.20040204222736.0414fed0@imap.ecs.soton.ac.uk>
<001d01c3eb73$419ed300$5001a8c0@cnpapers.net>
Message-ID: <40217B38.3020604@ucgbook.com>
Stephe Campbell wrote:
> Now that I've had experience with this and know a little about what I'm
> thinking, will the new expiry (Rebuild Bayes Every) function in MS generally
> take care of this?
The rebuild will sync new tokens into the main db and the expire will
flush old tokens out. It seems that SA is unable to do this itself in
many cases. It can help with SA timeouts but it will not help against
Bayes poisoning.
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
From rzewnickie at RFA.ORG Wed Feb 4 23:34:03 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:22:19 2006
Subject: Debian wierdness
In-Reply-To: <40217ACB.28029.5860BD9@localhost>
References: <40217ACB.28029.5860BD9@localhost>
Message-ID: <20040204233403.GI6691@rfa.org>
We also had issues around the time we did the perl update. I couldn't
exactly pin it down to being related vs. just a coincidence. But, in our
case the bayes database seemed to have gotten corrupted somehow around
the time of the upgrade. Again, I'm not certain it's related, but I have
not had any other issues with the bayes database previously.
After I moved the existing bayes_* files asside everything was fine ...
I retrained bayes with my saved corpus of ~1000 known spam and several
thousand more site specific known ham.
-Eric Rz.
[OT] PS We have this line in our crontab to check for new packages every
night:
05 5 * * * root apt-get -qq update && apt-get -dqq upgrade && apt-get -sqq upgrade
It checks for and downloads updated packages, but does not install them.
When there are new packages root gets an email. Another good thing is to
subscribe to the debian security announce list. That way you get an
explanation for any packages updated for security fixes. -edrz
On Wed, Feb 04, 2004 at 11:05:47PM -0000, Faye Mitchell wrote:
> Hi,
>
> Just curious (and hopefull) - has any other debian user experienced
> this?
>
> Mailscanner/exim/SpamAssassin combo working perfectly (although
> struggling a little under MyDoom :-) ) on my little debian box. Next day,
> Mailscanner is pointblankly refusing to copy messages from the
> incoming exim mail spool to the outgoing one. The previous evening I
> installed routed and I noticed dselect picked up some security updates
> for perl modules. Apart from that, no change to the box or to any of the
> config files.
>
> I tried putting Mailscanner into debug mode, but all mailscanner is
> saying is that it's starting and then no more logs from Mailscanner. It's
> still happily running as witnessed by top, and kicking in and out as it
> should - it's just not doing anything :-(. I tried putting the AV to none
> (thinking that may Sophos was causing the problem), but still no joy :-(
>
> I tried doing a debug run and it seemed to be trying to start up SA
> (despite the Spam Checks config option being set to no - for a variety
> of reasons (primarily performance related) I want exim to do the Spam
> checks, not MailScanner) and getting no where. I altered the config file
> so that use SpamAssassin was set to no, and commented out the lines
> in the mail MailScanner prog that initialised it to be on the safe side.
>
> And now it starts working.
>
> Has anybody else experienced this and knows why it behaved the way
> it did? I've got the thing working, but I'd kind of like to know why it
> stopped working in the first place!
>
> TTFN
>
> Faye
>
>
> --
> -=+=-
> Faye Mitchell, Senior Lecturer,
> Department of Computing,
> Oxford Brookes University
> email frmitchell@brookes.ac.uk
> WWW http://wwwcms.brookes.ac.uk/~p0072371/
> PGP public Key @
> http://macallan.brookes.ac.uk/Personal/pgp/dr.f.mitchell.asc
> Tel. Work +44 1865 48 4544
> Disclaimer: The views represented here, should in no way be taken to
> be the opinion or views of Oxford Brookes University.
> -=+=-
>
> Thought for the day:
> Light? Heck I can't even see the tunnel!
From kevin at KEVINSPICER.CO.UK Wed Feb 4 23:55:25 2004
From: kevin at KEVINSPICER.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:22:19 2006
Subject: Beating bayes
Message-ID: <1075938926.2858.99.camel@bach.kevinspicer.co.uk>
Interesting article on beating bayes filters at the BBC
http://news.bbc.co.uk/1/hi/technology/3458457.stm
Discuss...
--
Kevin Spicer (kevin AT kevinspicer DOT co DOT uk)
This message is digitally signed using the GNU Privacy Guard.
My public key may be obtained from http://www.keyserver.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040204/af99f890/attachment.bin
From sveinn at SVEINNG.COM Thu Feb 5 00:14:30 2004
From: sveinn at SVEINNG.COM (Sveinn Gunnarsson)
Date: Thu Jan 12 21:22:19 2006
Subject: FixMaliciousSubjects is cutting legim Subject lines.
In-Reply-To: <6.0.1.1.2.20040204161132.03b42008@imap.ecs.soton.ac.uk>
Message-ID:
The Subject line apperas last in the headers of the modified emails like this:
--%<------
X-OgVodafone-MailScanner-SpamScore: ss
Subject: Re: WinCABAS:
---%<------
Thanks,
Svenni...
> What is it reducing them to? I can't see anything in the code snippet that
> would touch the sample subject line you gave.
>
> At 15:25 04/02/2004, you wrote:
> >Hi Julian.
> >
> >I have found that the FixMaliciousSubjects sub in SweepContent.pm is cutting
> >of non-exploit subject lines. These mails are sent from Lotus Notes server.
> >I have not seen this happening when receiving mail from other servers.
> >
> >Here is a header-snip of one such email:
> >
> >
> >From: yy@yy.is
> >In-Reply-To:
> >
> >Subject: Re: WinCABAS:
> > =?iso-8859-1?Q?Bifei=F0averkst=E6=F0i_=C1rna_G=EDslasonar_hf=2C_MV128-02?=
> > =?us-ascii?Q?=2E=2E?= =?iso-8859-1?Q?=ED__cabas=2C_G=F3l?=
> >To: xx@xx.is
> >
> >
> >I have disabled these three lines in SweepContent.pm to let these subjects
> >through, but a more elegant soulution would be nice :)
> >
> ># $newsubject =~ s/\s{20,}.*\..{1,4}\s*$//; # Delete file extensions at end
> >of filename
> ># $newsubject =~ s/\s*$//g;
> ># $newsubject =~ s/\s{20,}//g;
> >
> >
> >
> >Thanks in advance !
> >
> >Sveinn G. Gunnarsson
> >UNIX Specialist
> >
> >Og Vodafone
> >Sidumuli 28
> >108 Reykjavik
> >Iceland
> >www.ogvodafone.is
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
From test at NEXTMILL.NET Thu Feb 5 00:16:05 2004
From: test at NEXTMILL.NET (Brian Lewis)
Date: Thu Jan 12 21:22:19 2006
Subject: Announce: MailWatch for MailScanner 0.5
Message-ID:
Got it working!! installed
MySQL-shared-3.23.58-1.i386.rpm
MySQL-bevel-3.23.58-1.i386.rpm
then reran Perl Makefile.pl, make, make test, and make install which
successfully installed DBD:mysql v2.1028-8 and now Mailwatch talks to the
MySQL server properly!!! Very Very slick!!
Now we just need quarantine messages to database, self cleaning up to
remove older database entries after a period of time (two settings, one
for MESSAGE CONTENT and one for MESSAGE HEADER info) and the option to
release a message for delivery and this product will be really sweet!
From mkettler at EVI-INC.COM Thu Feb 5 00:42:03 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:22:19 2006
Subject: Beating bayes
In-Reply-To: <1075938926.2858.99.camel@bach.kevinspicer.co.uk>
References: <1075938926.2858.99.camel@bach.kevinspicer.co.uk>
Message-ID: <6.0.0.22.0.20040204193553.0269baa0@xanadu.evi-inc.com>
At 06:55 PM 2/4/2004, you wrote:
>Interesting article on beating bayes filters at the BBC
>http://news.bbc.co.uk/1/hi/technology/3458457.stm
>
>Discuss...
It points out the fundamental reason why SpamAssassin isn't a pure bayes
system. It's also why SA tokenizes headers, not just message bodies when it
does bayes (if you tokenize headers, that section isn't as easy to
obfuscate and/or add poison to).
And let's face it.. my most recent bayes-poison loaded spam got:
BAYES_99 5.40, HTML_MESSAGE 0.10, RCVD_IN_BL_SPAMCOP_NET 1.50,
RCVD_IN_DSBL 0.71, RCVD_IN_DYNABLOCK 1.50, RCVD_IN_SORBS 0.10)
Some benefit the 280 words of bayes poison they stuffed at the end got them.
For reference the email in question is a bayes-poison loaded, random
charachter-insert obfuscated super v-drug spam.
It offered to:
"Suxper chajrge your lolve linfe!"
/yawn.
From joebaker at DCRESEARCH.COM Thu Feb 5 02:09:07 2004
From: joebaker at DCRESEARCH.COM (Joe Baker)
Date: Thu Jan 12 21:22:19 2006
Subject: Maximum Notifications Limit
Message-ID: <1075946947.31331.89.camel@mail.dcresearch.com>
There should be a maximum number of virus infection notifications sent
per day value. After so many infection bounce notifications, the system
should stop sending them. Otherwise our messages that alert "senders"
that they have sent a virus infected message could bring the Internet
to it's knees. Typically, I register a new virus as "silent" in the
configurations right away. Here's an interesting article on the
subject.
http://www.raeinternet.com/newsletter/interview_skulason_092303.html
--
Joe Baker
Digital Communications Research, Inc.
From kfliong at WOFS.COM Thu Feb 5 02:16:22 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:22:19 2006
Subject: Announce: MailWatch for MailScanner 0.5
In-Reply-To: <013b01c3eaa8$10b70120$4c04a8c0@Plnt3domain>
References: <67D9E7698329D411936E00508B6590B902773E43@neelix.lbsltd.co.uk>
<013b01c3eaa8$10b70120$4c04a8c0@Plnt3domain>
Message-ID: <6.0.0.22.0.20040205100713.03a69f90@192.168.10.2>
I can't wait to upgrade my mailwatch to 0.5. But as of now, only my
company's email is working as we have problems with our broadband internet
connection.
But have one question. The last time i tried to go to mailwatch screen, it
took me very long to connect and usually it will timeout. Since then I have
had other problems and didn't have time to check mailwatch properly. Could
this be due to mysql queries taking too long? Maybe if my database is
indexed, the queries will go faster? I only tried keeping 1 month's of data
as this itself is taking over 700mb. Could this be the problem?
Thanks for continuing the effort to improve mailwatch. It is a very good
tool for mailscanner users.
At 06:50 AM 2/4/2004, you wrote:
>Thank you. Its now working...
>
>----- Original Message -----
>From: "Steve Freegard"