From MAILER-DAEMON at roadrunner.ecs.soton.ac.uk Thu Jul 29 02:09:28 2004 From: MAILER-DAEMON at roadrunner.ecs.soton.ac.uk (Mail System Internal Data) Date: Thu Jan 12 21:24:18 2006 Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA Message-ID: <1091063368@roadrunner.ecs.soton.ac.uk> This text is part of the internal format of your mail folder, and is not a real message. It is created automatically by the mail system software. If deleted, important folder data will be lost, and it will be re-created with the data reset to initial values. From jonathan at STDNET.COM Thu Jul 1 01:15:58 2004 From: jonathan at STDNET.COM (jonathan) Date: Thu Jan 12 21:26:02 2006 Subject: bug processing zip file with errors {Scanned} Message-ID: I am currently out of the office and will be returning on 7/6/2004. Please contact support@standardnetworks or 608-227-6100 in my absence. --Jonathan Lampe -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From xterm1 at TATORZ.COM Thu Jul 1 01:05:52 2004 From: xterm1 at TATORZ.COM (Brian) Date: Thu Jan 12 21:26:02 2006 Subject: bug processing zip file with errors {Scanned} In-Reply-To: <40E2C497.15129.1E1C72BD@localhost> References: <40E2C497.15129.1E1C72BD@localhost> Message-ID: <40E35560.1010209@Tatorz.com> >RH ES3.0 with sendmail 8.12.8, MailSacnner 4.31.6, Archive::Zip 1.09 and >Mcafee v4.24.0. >MailScanner process that picked up the file died silently (defunct) >Email never made it through. RedHat 9.0 sendmail-8.12.8-9.90 mailscanner-4.31.6-1 clamav-0.73-1.0.rh9.dag Mailscanner got the file and died as well! File was left in mqueue.in after MS died. HTH xterm1 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssl at AHSC.ARIZONA.EDU Thu Jul 1 02:20:55 2004 From: ssl at AHSC.ARIZONA.EDU (shanna leonard) Date: Thu Jan 12 21:26:02 2006 Subject: prob w/ bayes database.. Mailscanner killed lock ??? Message-ID: <40E366F7.9000201@ahsc.arizona.edu> hi. running Mailscanner 4.28.6, on solaris 9 in spam.assassin.prefs.conf I have bayes autolearn enabled bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam -1.0 #(default: 0.1) bayes_auto_learn_threshold_spam 17 #(default 12) I have been using sa-learn to feed spam and ham to my bayes filter periodically throughout the day. at one point while I was doing this today, it failed and I got about 4 messages like: Cannot open bayes databases /root/.spamassassin/bayes_* R/O: tie failed: Invalid argument I noticed whilst grepping the mail log file that MailScanner had killed a lock a few minutes before that Jun 30 13:02:43 peyote.test.ahsl.arizona.edu MailScanner[25688]: Delete bayes lockfile for 4222 (while I had been sa-learning another message) I pretty much have had to kill out and rebuild my bayes database. I am not sure but suspect the database became corrupt because Mailscanner was updating it with autolearn. so I am wondering how I can prevent this happenning again. will it be sufficient to turn autolearn off and reload mailscanner before running sa-learn? Or is there a way to tell Mailscanner to skip trying to autolearn if there is a lock? can I prevent mailscanner from killing off a lock file, and have it just skip the bayesan tests? Is MS unable to use bayes, if sa-learn is running & has a lock? -- ---- MHO --- shanna leonard arizona health sciences library 626-2923 ---------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rcooper at DWFORD.COM Thu Jul 1 02:24:54 2004 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:26:02 2006 Subject: bug processing zip file with errors In-Reply-To: <15564BB07119BB43A05A1E8483403E5843F5D0@sv-sbs01.sverica.com> Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Fred Broughton > Sent: Wednesday, June 30, 2004 5:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bug processing zip file with errors > > > What an idiot. After a complete stop and start everything is > flying. Rather strange message though from a corrupt zip that I > cannot open. " This is a message from the MailScanner E-Mail > Virus Protection Service > ------------------------------------------------------------------ > ---- The original e-mail attachment "PSt422.zip" is on the list > of unacceptable attachments for this site and has been replaced > by this warning message. Not strange, before I turned MS loose on the file I tried opening it with winzip, power archiver, winrar, pkzip and IZArc. IZArc was able to list the full contents, none of the others were able to open it. If the new Archive::Zip was able to list the contents but errored out when extracting MS will use the list to create 0 length files with the name of the archive members and your filename rules would cause the result you saw in your message. Rick -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From phred at SVERICA.COM Thu Jul 1 02:40:12 2004 From: phred at SVERICA.COM (Fred Broughton) Date: Thu Jan 12 21:26:02 2006 Subject: bug processing zip file with errors Message-ID: <15564BB07119BB43A05A1E8483403E5843F5DB@sv-sbs01.sverica.com> Makes sense. I had been unable to open the file to see what was really inside, but it sounds like the new module succeeded where others had failed ;-) -----Original Message----- From: Rick Cooper [mailto:rcooper@DWFORD.COM] Sent: Wednesday, June 30, 2004 20:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: **** Potential SPAM **** Re: bug processing zip file with errors > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Fred Broughton > Sent: Wednesday, June 30, 2004 5:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bug processing zip file with errors > > > What an idiot. After a complete stop and start everything is > flying. Rather strange message though from a corrupt zip that I > cannot open. " This is a message from the MailScanner E-Mail > Virus Protection Service > ------------------------------------------------------------------ > ---- The original e-mail attachment "PSt422.zip" is on the list > of unacceptable attachments for this site and has been replaced > by this warning message. Not strange, before I turned MS loose on the file I tried opening it with winzip, power archiver, winrar, pkzip and IZArc. IZArc was able to list the full contents, none of the others were able to open it. If the new Archive::Zip was able to list the contents but errored out when extracting MS will use the list to create 0 length files with the name of the archive members and your filename rules would cause the result you saw in your message. Rick -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rcooper at DWFORD.COM Thu Jul 1 02:45:52 2004 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:26:02 2006 Subject: bug processing zip file with errors In-Reply-To: <15564BB07119BB43A05A1E8483403E5843F5DB@sv-sbs01.sverica.com> Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Fred Broughton > Sent: Wednesday, June 30, 2004 8:40 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bug processing zip file with errors > > > Makes sense. I had been unable to open the file to see what was > really inside, but it sounds like the new module succeeded where > others had failed ;-) I didn't like what I saw much anyway. It appears that it's an install for PcTools version 4.22 and all the files are dated 1996 or 1997 except one dll and the main exe which are dated from 2000... sounds suspicious to me. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miksir at laudlink.ru Thu Jul 1 09:37:45 2004 From: miksir at laudlink.ru (D Kelmi) Date: Thu Jan 12 21:26:02 2006 Subject: allow .exe files in archives Message-ID: <1147485023.20040701123745@laudlink.ru> Hello all! Can i allow mails whith .exe files into zip archives (sure, if virus scanner say: all clean), but still rejecting always .exe files in letter? -- Best regards, D mailto:miksir@laudlink.ru -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jul 1 11:03:47 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:02 2006 Subject: allow .exe files in archives In-Reply-To: <1147485023.20040701123745@laudlink.ru> References: <1147485023.20040701123745@laudlink.ru> Message-ID: D Kelmi wrote: > Hello all! > > Can i allow mails whith .exe files into zip archives (sure, if virus > scanner say: all clean), but still rejecting always .exe files in letter? > you have 2 options: 1- You disable filename/type checking within zip files 2- You put the .exe deep enough. You use this setting to do either one: # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # To disable this feature set this to 0. Maximum Archive Depth = -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From adrian.inman at AFINITE.CO.UK Thu Jul 1 11:41:45 2004 From: adrian.inman at AFINITE.CO.UK (Adrian Inman) Date: Thu Jan 12 21:26:02 2006 Subject: Silent Virus Delivery Ruleset Message-ID: <88A76B051A89494AA8C49F4B89093C4504ECFA@harmony.afinite.co.uk> I want to be able to Still Deliver Silent Viruses to all users at a certain domain. This must be possible (I think), but I haven't seen any documentation. I have tried using spam delivery style ruleset files, but this doesn't work. All I have seen is rulesets which still deliver on a per virus basis, not per domain/address. Thanks in advance Adrian. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Thu Jul 1 12:08:20 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:26:02 2006 Subject: Bug: install.sh for Solaris In-Reply-To: References: <40E1F154.8FF476D7@ucsc.edu> Message-ID: On Wed, 30 Jun 2004, John Rudd wrote: > On Jun 30, 2004, at 9:17 AM, David Lee wrote: > [...] > > Rather it should probably allow > > arguments to the effect of "./install.sh --perlpath=/foo/bar". > > I like that idea. A lot. Errors could end with "See ./install.sh > --help" so they could see their options, and then they could assert > settings instead of just turning some tests off. I like that idea a > lot. I'm in the process of sketching this idea as a patch for 4.31.6 . While Julian is not yet wishing to go the full-blown "autoconf" route, I'm basing my sketch on a typical autoconf "configure" script, so that the autoconf route is open for the future of MailScanner. > As for Solaris pkgs, I think that would be something entirely parallel. > A pkg can already internally do tons of things (like what install.sh > is trying to do), so a good pkg would almost be considered a third > distribution type (PRM, TAR, PKG), with the pkg installation script > being a cousin to install.sh. There are two overlapping issues here: distribution type and installation type. My personal opinion is that we should head towards a single distribution type (as most GNU/OpenSource-like software). Then the options of RPM/PKG/deb would be concerned solely with local installation. > Though, I do think it's a good idea. Just saying it should be more > parallel to the install.sh concept than a child of it. Again, this is where something like "configure && make" (as distinct from "install.sh") could come into play. It would allow (OS permitting) local flexibility like "make install", "make rpm", "make pkg". I'm not wanting to push Julian too hard on "configure". But I'm aiming to let my work in this area at least be compatible with any such future moves and flexibility in case we can, over time, persuade him! Does that sound about right? -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Thu Jul 1 12:26:37 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:26:02 2006 Subject: Bug: install.sh for Solaris In-Reply-To: <1088631760.14228.17.camel@bach.kevinspicer.co.uk> References: <40E1F154.8FF476D7@ucsc.edu> <1088631760.14228.17.camel@bach.kevinspicer.co.uk> Message-ID: On Wed, 30 Jun 2004, Kevin Spicer wrote: > On Wed, 2004-06-30 at 22:10, John Rudd wrote: > > > Rather it should probably allow > > > arguments to the effect of "./install.sh --perlpath=/foo/bar". > > > > I like that idea. A lot. Errors could end with "See ./install.sh > > --help" so they could see their options, and then they could assert > > settings instead of just turning some tests off. I like that idea a > > lot. > > When I wrote the non-rpm install script for MailScanner-MRTG I did it > that way (--help and all) you'd be amazed by... > > 1) How many options even a simple program can have > 2) How long the script ends up Ah! That's where "autoconf" really helps. (I haven't looked at MS-MRTG, have you considered autoconf for that?) The package maintainer writes a relatively short "configure.in". The package distributor uses autoconf to generate a "configure" (possibly long) automatically from that. The local sys.admins. (thousands of them) simply use that "configure" and "make". Those few of us who want to produce patches related to configuration and distribution geekily peek and tweak inside that "configure.in". > 3) How many people either > 3a) don't read the install docs, install with all the default settings > and then complain about it putting things in the wrong place "configure" (autoconf) etc. is reasonably well-known these days. The defaults are usually reasonable for most of the people most of the time. Folk who don't at least skim-read an "INSTALL" ... well that's their problem, so long as we have set reasonable defaults (see above). > 3b) do read the install docs, customise everything in sight, complain > because it doesn't work Again, our job is to get reasonable defaults for most people most of the time. At least the "mangle it because I can" brigade can be reaqsonably requested to provide some useful "under the bonnet" technical feedback. > 3c) Don't even notice the install script, install it the way they > always did, complain because you've added some critical file and not > told them where to copy it to. Hence most packages provding some sort of summary of recent changes, suitable for skim-reading. > With hindsight I'm inclined to think this might not be the best way. At > least with configure and make most users will have portable skills from > other installs. The way I'm suggesting is intended to be compatible with any future migration towards configure and make. Hope that helps. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linda.antil at NIST.GOV Thu Jul 1 14:38:20 2004 From: linda.antil at NIST.GOV (Linda Pelleu Antil) Date: Thu Jan 12 21:26:02 2006 Subject: Bug: install.sh for Solaris In-Reply-To: <1088631760.14228.17.camel@bach.kevinspicer.co.uk> References: <40E1F154.8FF476D7@ucsc.edu> Message-ID: <5.1.0.14.2.20040701093219.01cce420@email.nist.gov> At 10:42 PM 6/30/2004 +0100, you wrote: >On Wed, 2004-06-30 at 22:10, John Rudd wrote: > > > Rather it should probably allow > > > arguments to the effect of "./install.sh --perlpath=/foo/bar". > > > > I like that idea. A lot. Errors could end with "See ./install.sh > > --help" so they could see their options, and then they could assert > > settings instead of just turning some tests off. I like that idea a > > lot. > >When I wrote the non-rpm install script for MailScanner-MRTG I did it >that way (--help and all) you'd be amazed by... > >1) How many options even a simple program can have >2) How long the script ends up >3) How many people either > 3a) don't read the install docs, install with all the default settings >and then complain about it putting things in the wrong place > 3b) do read the install docs, customise everything in sight, complain >because it doesn't work > 3c) Don't even notice the install script, install it the way they >always did, complain because you've added some critical file and not >told them where to copy it to. As someone who is about to do a non-standard install I thought I'd better check on this. We want to install MailScanner in a non-standard location (no big deal) and use a version of perl also located in a non-standard location. I did not want to do a lot of customizing of the install script and possibly miss something, so my plan was just to install the old way (using the MailScanner-4.31.6-1.tar.gz in the perl-tar directory). If I do that, will I run into problems? Any suggestions on a preferred approach. Thanks- Linda -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Thu Jul 1 15:11:30 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:26:02 2006 Subject: Making sendmail only accept mail to genuine Exchange users Message-ID: <38531FBA30509D418523F41CC6E981D827EFFE@securenetdc.securenet.co.il> Hi All, I am using sendmail-8.12.8-4 and mailscanner-4.25-14, I am wondering if someone has tried to implement this architecture? http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html if so what is your opinion about it? Its working good? Thanks a lot. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040701/68ddeca6/attachment.html From georgelist at CONPOINT.COM Thu Jul 1 15:07:39 2004 From: georgelist at CONPOINT.COM (George Edwards) Date: Thu Jan 12 21:26:02 2006 Subject: MS not scoring spam messages Message-ID: <000d01c45f74$c4e762c0$6401a8c0@toshibaGEORGE> I am getting a lot of spam to go through that MS does not seem to be scanning at all. No time out errors either. According to the header MS sees the mail, but only adds the sending address, no scoring. MS is catching most spam, but still a ton gets through like this. Has anyone else experienced this? Does anyone know why MS may be doing this? Sample header follows. Thanks for any help, George From: "Madeline Frazier" To: Subject: MS Encarta Encyclopedia wn Standart 2004 Date: Thu, 1 Jul 2004 01:03:57 -0500 Message-ID: <4227757675.619@mail.ru> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000A_01C45F3F.13CF7D40" X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-MailScanner-From: bppjp@angelfire.com X-RCPT-TO: X-UIDL: 332806919 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jul 1 15:20:14 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:02 2006 Subject: MS not scoring spam messages In-Reply-To: <000d01c45f74$c4e762c0$6401a8c0@toshibaGEORGE> References: <000d01c45f74$c4e762c0$6401a8c0@toshibaGEORGE> Message-ID: George Edwards wrote: > I am getting a lot of spam to go through that MS does not seem to be > scanning at all. No time out errors either. According to the header MS > sees the mail, but only adds the sending address, no scoring. MS is > catching most spam, but still a ton gets through like this. Has anyone else > experienced this? Does anyone know why MS may be doing this? Sample header > follows. > > Thanks for any help, > George > > > From: "Madeline Frazier" > To: > Subject: MS Encarta Encyclopedia wn Standart 2004 > Date: Thu, 1 Jul 2004 01:03:57 -0500 > Message-ID: <4227757675.619@mail.ru> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_000A_01C45F3F.13CF7D40" > X-Mailer: Microsoft Outlook, Build 10.0.4510 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 > X-MailScanner-From: bppjp@angelfire.com > X-RCPT-TO: > X-UIDL: 332806919 Funny, I have at least these headers on all messages: X-camo-route-MailScanner-Information: Contactez le gestionnaire de courriels X-camo-route-MailScanner: Found to be clean X-MailScanner-From: user@domain.com Maybe you should use: # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = yes -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From georgelist at CONPOINT.COM Thu Jul 1 15:50:45 2004 From: georgelist at CONPOINT.COM (George Edwards) Date: Thu Jan 12 21:26:02 2006 Subject: MS not scoring spam messages References: <000d01c45f74$c4e762c0$6401a8c0@toshibaGEORGE> Message-ID: <002501c45f7a$ca3227f0$6401a8c0@toshibaGEORGE> ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Thursday, July 01, 2004 9:20 AM Subject: Re: MS not scoring spam messages > George Edwards wrote: > > I am getting a lot of spam to go through that MS does not seem to be > > scanning at all. No time out errors either. According to the header MS > > sees the mail, but only adds the sending address, no scoring. MS is > > catching most spam, but still a ton gets through like this. Has anyone else > > experienced this? Does anyone know why MS may be doing this? Sample header > > follows. > > > > Thanks for any help, > > George > > > > > > From: "Madeline Frazier" > > To: > > Subject: MS Encarta Encyclopedia wn Standart 2004 > > Date: Thu, 1 Jul 2004 01:03:57 -0500 > > Message-ID: <4227757675.619@mail.ru> > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="----=_NextPart_000_000A_01C45F3F.13CF7D40" > > X-Mailer: Microsoft Outlook, Build 10.0.4510 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 > > X-MailScanner-From: bppjp@angelfire.com > > X-RCPT-TO: > > X-UIDL: 332806919 > Funny, I have at least these headers on all messages: > > X-camo-route-MailScanner-Information: Contactez le gestionnaire de courriels > X-camo-route-MailScanner: Found to be clean > X-MailScanner-From: user@domain.com > > Maybe you should use: > > # Do you want to always include the Spam Report in the SpamCheck > # header, even if the message wasn't spam? > # This can also be the filename of a ruleset. > Always Include SpamAssassin Report = yes I do have this set to yes. And I get the SA report on almost all headers. The header does look incomplete though. I am having customers forward to me the spam that get's through. They are forwarding the spam as an attachment, so none of the headers get stripped. Usually I get a normal header. These that have this type of header seem to always come from the same few advertisers. George -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu Jul 1 16:01:42 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:26:02 2006 Subject: Making sendmail only accept mail to genuine Exchange users In-Reply-To: <38531FBA30509D418523F41CC6E981D827EFFE@securenetdc.securenet.co.il> Message-ID: <20040701150143.982E721C2F0@mail.fsl.com> ? > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Idan Plotnik > Sent: Thursday, July 01, 2004 10:12 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Making sendmail only accept mail to genuine Exchange users > Hi All, > I am using sendmail-8.12.8-4 and mailscanner-4.25-14, I am wondering if > > someone has tried to implement this architecture? > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html > if so what is your opinion about it? Its working good? We've installed this methodology at many client sites and it works quit well. Why would you want to install a fairly old version of MailScanner? Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Thu Jul 1 16:13:30 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:26:02 2006 Subject: MS not scoring spam messages {Scanned} References: <000d01c45f74$c4e762c0$6401a8c0@toshibaGEORGE> <002501c45f7a$ca3227f0$6401a8c0@toshibaGEORGE> Message-ID: <012a01c45f7d$fb273d20$6300a8c0@SSILVA2K> | | | > George Edwards wrote: | > > I am getting a lot of spam to go through that MS does not seem to be | > > scanning at all. No time out errors either. According to the header MS | > > sees the mail, but only adds the sending address, no scoring. MS is | > > catching most spam, but still a ton gets through like this. Has anyone | else | > > experienced this? Does anyone know why MS may be doing this? Sample | header | > > follows. | > > | > > Thanks for any help, | > > George | > > | > > | > > From: "Madeline Frazier" | > > To: | > > Subject: MS Encarta Encyclopedia wn Standart 2004 | > > Date: Thu, 1 Jul 2004 01:03:57 -0500 | > > Message-ID: <4227757675.619@mail.ru> | > > MIME-Version: 1.0 | > > Content-Type: multipart/alternative; | > > boundary="----=_NextPart_000_000A_01C45F3F.13CF7D40" | > > X-Mailer: Microsoft Outlook, Build 10.0.4510 | > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 | > > X-MailScanner-From: bppjp@angelfire.com | > > X-RCPT-TO: | > > X-UIDL: 332806919 | > Funny, I have at least these headers on all messages: | > | > X-camo-route-MailScanner-Information: Contactez le gestionnaire de | courriels | > X-camo-route-MailScanner: Found to be clean | > X-MailScanner-From: user@domain.com | > | > Maybe you should use: | > | > # Do you want to always include the Spam Report in the SpamCheck | > # header, even if the message wasn't spam? | > # This can also be the filename of a ruleset. | > Always Include SpamAssassin Report = yes | | | I do have this set to yes. And I get the SA report on almost all headers. | The header does look incomplete though. I am having customers forward to me | the spam that get's through. They are forwarding the spam as an attachment, | so none of the headers get stripped. Usually I get a normal header. These | that have this type of header seem to always come from the same few | advertisers. | | George | Could you possibly have this whitelisted? Maybe a typo in an IP address or something similar? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From georgelist at CONPOINT.COM Thu Jul 1 16:23:53 2004 From: georgelist at CONPOINT.COM (George Edwards) Date: Thu Jan 12 21:26:02 2006 Subject: MS not scoring spam messages {Scanned} References: <000d01c45f74$c4e762c0$6401a8c0@toshibaGEORGE> <002501c45f7a$ca3227f0$6401a8c0@toshibaGEORGE> <012a01c45f7d$fb273d20$6300a8c0@SSILVA2K> Message-ID: <002f01c45f7f$6b4759e0$6401a8c0@toshibaGEORGE> ----- Original Message ----- From: "Scott Silva" To: Sent: Thursday, July 01, 2004 10:13 AM Subject: Re: MS not scoring spam messages {Scanned} > | > | > | > George Edwards wrote: > | > > I am getting a lot of spam to go through that MS does not seem to be > | > > scanning at all. No time out errors either. According to the header > MS > | > > sees the mail, but only adds the sending address, no scoring. MS is > | > > catching most spam, but still a ton gets through like this. Has > anyone > | else > | > > experienced this? Does anyone know why MS may be doing this? Sample > | header > | > > follows. > | > > > | > > Thanks for any help, > | > > George > | > > > | > > > | > > From: "Madeline Frazier" > | > > To: > | > > Subject: MS Encarta Encyclopedia wn Standart 2004 > | > > Date: Thu, 1 Jul 2004 01:03:57 -0500 > | > > Message-ID: <4227757675.619@mail.ru> > | > > MIME-Version: 1.0 > | > > Content-Type: multipart/alternative; > | > > boundary="----=_NextPart_000_000A_01C45F3F.13CF7D40" > | > > X-Mailer: Microsoft Outlook, Build 10.0.4510 > | > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 > | > > X-MailScanner-From: bppjp@angelfire.com > | > > X-RCPT-TO: > | > > X-UIDL: 332806919 > | > Funny, I have at least these headers on all messages: > | > > | > X-camo-route-MailScanner-Information: Contactez le gestionnaire de > | courriels > | > X-camo-route-MailScanner: Found to be clean > | > X-MailScanner-From: user@domain.com > | > > | > Maybe you should use: > | > > | > # Do you want to always include the Spam Report in the SpamCheck > | > # header, even if the message wasn't spam? > | > # This can also be the filename of a ruleset. > | > Always Include SpamAssassin Report = yes > | > | > | I do have this set to yes. And I get the SA report on almost all headers. > | The header does look incomplete though. I am having customers forward to > me > | the spam that get's through. They are forwarding the spam as an > attachment, > | so none of the headers get stripped. Usually I get a normal header. > These > | that have this type of header seem to always come from the same few > | advertisers. > | > | George > | > Could you possibly have this whitelisted? Maybe a typo in an IP address or > something similar? All emails that I have whitelisted still show the score but has in parenthesis the word whitelisted. So it is not whitelisted either-- Just to varify in the past I did search the whitelist to make sure they had not somehow gotten listed there. George -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From TGFurnish at HERFFJONES.COM Thu Jul 1 16:27:10 2004 From: TGFurnish at HERFFJONES.COM (Trever Furnish) Date: Thu Jan 12 21:26:02 2006 Subject: Presort for SquirrelMail and other IMAP users Message-ID: <8FFC76593085ED4A80D3601BC41EFCDF09326764@inex1.herffjones.hj-int> Doing it that way will be much slower than just using a procmail recipe, *and* it will be different for every mail client, so if you ever want to use something other than squirrelmail, you'll have to come up with a new way. With procmail, the messages are not delivered to one spool and then moved to another - they're just delivered to the correct folder immediately. -----Original Message----- From: G. Armour Van Horn [mailto:vanhorn@WHIDBEY.COM] Sent: Wednesday, June 30, 2004 11:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Presort for SquirrelMail and other IMAP users That's good news, but can you give us a hint of where Squirrel has filters? The only thing I could find on the subject at squirrelmail.org was a wishlist item to add it. If I'm missing something obvious I would be delighted to learn what it is. Van Michele Neylon : Blacknight Solutions wrote: On Tue, 2004-06-29 at 22:33, G. Armour Van Horn wrote: This probably isn't directly related to MailScanner, but I thought someone here must have an answer. I'm running Sendmail/MailScanner/SpamAssassin with good results on three servers. On each one, there are at least a few users who need web access, so I use an IMAP server and SquirrelMail. I just had a user wonder if there was a way all the MS-tagged spam could be moved into a spam folder automatically, and I think it would be a great idea. There is, however, on SquirrelMail plugin that accomplishes this, and I have no idea at all of what would be involved. So, any suggestions on how to include this presort? You don't need to do it system-wide unless you really really want to. Squirrel supports filters, so you can easily filter all mail with an MS subject tag into a separate folder. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html . -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040701/dc57a8b3/attachment.html From steve.swaney at FSL.COM Thu Jul 1 16:29:45 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:26:02 2006 Subject: MS not scoring spam messages {Scanned} In-Reply-To: <002f01c45f7f$6b4759e0$6401a8c0@toshibaGEORGE> Message-ID: <20040701152946.B90EA21C2F0@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of George Edwards > Sent: Thursday, July 01, 2004 11:24 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MS not scoring spam messages {Scanned} > > ----- Original Message ----- > From: "Scott Silva" > To: > Sent: Thursday, July 01, 2004 10:13 AM > Subject: Re: MS not scoring spam messages {Scanned} > > > > | > > | > > | > George Edwards wrote: > > | > > I am getting a lot of spam to go through that MS does not seem to > be > > | > > scanning at all. No time out errors either. According to the > header > > MS > > | > > sees the mail, but only adds the sending address, no scoring. MS > is > > | > > catching most spam, but still a ton gets through like this. Has > > anyone > > | else > > | > > experienced this? Does anyone know why MS may be doing this? > Sample > > | header > > | > > follows. > > | > > > > | > > Thanks for any help, > > | > > George Have you installed the Mail::SpamAssassin::SpamCopURI module. See: www.surbl.org. A package which includes a configuration file is available at: http://www.fsl.com/support Download SURBL/URI install files Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kvue at WADSNET.COM Thu Jul 1 16:48:51 2004 From: kvue at WADSNET.COM (Kham Vue) Date: Thu Jan 12 21:26:02 2006 Subject: Yahoo groups bouncing In-Reply-To: <20040701150143.982E721C2F0@mail.fsl.com> Message-ID: <002b01c45f82$ed73c130$fa00010a@THINKPAD1800> I'm using MS as relay and I'm getting a few bounced or 550 access denied especially from yahoo groups. Anyone got a clue why? Here's my network: [ router ] ---- [MS server] --- [firewall] --- [real mail server] Here's my MX records: - outside: MX (20) ==> MS server, MX (50) ==> real mail server - inside: MX (20) ==> real mail server ---------- error msg -------------- ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to relay.domain.com.: >>> MAIL From: <<< 550 5.0.0 Access denied 554 ... Service unavailable ------------------------------------------- Kham Vue Wadsworth Internet Service (WADSNET) email: kvue@wadsnet.com "Complex systems lead to complex problems." - CAIB Report -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at lists.com.ar Thu Jul 1 00:04:14 2004 From: mailscanner at lists.com.ar (Mariano Absatz) Date: Thu Jan 12 21:26:02 2006 Subject: Archive::Zip 1.11 Message-ID: <40E31CBE.30017.1F74CDFA@localhost> Hi Ned, do you have a timeframe for publishing Archive::Zip 1.11? I have a large MailScanner installation (from where I got the sample corrupt zip file we used for testing today) that I want to upgrade... but I'm a little scary with the 'alpha1' status. If you intend to advance it to 'release' (or at least 'beta') within the next few days or so, I'd rather wait, otherwise, I'd like at least to hear from you if you have reports of problems about this release (I don't see any public forum for discussing Archive::Zip, that's why I'm contacting you directly about this). I have it working OK in a small installation I control by myself, but the large installation will require rpm packaging, 'management approval' and the like... I don't care much about packaging and installing twice in a few days... 'management approval', OTOH is quite a different story :-) and if the software is labeled 'alpha', worse yet... So I'd simply like to know how you feel about the release cycle for this new version in order to decide what to do. Thanx a lot for your prompt patch today. TIA -- Mariano Absatz El Baby ---------------------------------------------------------- Allow me to introduce my selves. From mailscanner at LISTS.COM.AR Thu Jul 1 21:50:59 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:26:03 2006 Subject: ruleset processing - matching order Message-ID: <40E44F03.7952.B06C15@localhost> Hi, so far, I've used rulesets very sparingly and now I have a doubt I couldn't resolve just by looking at the FAQ (or the MAQ, for that matter). It is clear that the 'default' action is different from the rest in that is always used as a last resort, but... what happens if you have more than one rule that match a given message? is the first one applied? or the last one? Example: High Scoring Spam Actions = %rules-dir%/hispam.actions.rules and, in hispam.actions.rules: FromOrTo: default delete From: someone@example.com deliver forward guy@example.net From: 10.9.8.7 deliver So, normally, hi-spam messages are deleted. If a hi-spam message comes from 'someone@example.com' it is delivered to the intended recipient and a copy is delivered to 'guy@example.net'. If a hi-spam message comes from the IP 10.9.8.7, it is delivered to the intended recipient. Now, what would happen if a message comes from the IP 10.9.8.7 and the envelope from is 'someone@example.com'? is it delivered? and a copy to 'guy@example.net'? If I changed the order, would the copy to 'guy@example.net' NOT be delivered? TIA -- Mariano Absatz El Baby ---------------------------------------------------------- It said, "Insert disk #3," but only two will fit! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Thu Jul 1 18:13:59 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:26:03 2006 Subject: Bug: install.sh for Solaris In-Reply-To: <5.1.0.14.2.20040701093219.01cce420@email.nist.gov> References: <40E1F154.8FF476D7@ucsc.edu> <5.1.0.14.2.20040701093219.01cce420@email.nist.gov> Message-ID: <40E44657.1020008@ucgbook.com> Linda Pelleu Antil wrote: > As someone who is about to do a non-standard install I thought I'd > better check on this. We want to install MailScanner in a non-standard > location > (no big deal) and use a version of perl also located in a non-standard > location. > I did not want to do a lot of customizing of the install script and > possibly miss > something, so my plan was just to install the old way (using the > MailScanner-4.31.6-1.tar.gz > in the perl-tar directory). If I do that, will I run into problems? Any > suggestions on > a preferred approach. The MailScanner-4.31.6-1.tar.gz is exactly the same file as provided before. The install script ends (after the perl stuff) with simply unpacking it in /opt. You can simply do that yourself as you used to and skip the install script if you want. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.31.6, SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.73 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linda.antil at NIST.GOV Thu Jul 1 18:45:38 2004 From: linda.antil at NIST.GOV (Linda Pelleu Antil) Date: Thu Jan 12 21:26:03 2006 Subject: Bug: install.sh for Solaris In-Reply-To: <40E44657.1020008@ucgbook.com> References: <5.1.0.14.2.20040701093219.01cce420@email.nist.gov> <40E1F154.8FF476D7@ucsc.edu> <5.1.0.14.2.20040701093219.01cce420@email.nist.gov> Message-ID: <5.1.0.14.2.20040701134400.03901328@email.nist.gov> At 07:13 PM 7/1/2004 +0200, you wrote: >Linda Pelleu Antil wrote: >>As someone who is about to do a non-standard install I thought I'd >>better check on this. We want to install MailScanner in a non-standard >>location >>(no big deal) and use a version of perl also located in a non-standard >>location. >>I did not want to do a lot of customizing of the install script and >>possibly miss >>something, so my plan was just to install the old way (using the >>MailScanner-4.31.6-1.tar.gz >>in the perl-tar directory). If I do that, will I run into problems? Any >>suggestions on >>a preferred approach. > >The MailScanner-4.31.6-1.tar.gz is exactly the same file as provided >before. The install script ends (after the perl stuff) with simply >unpacking it in /opt. You can simply do that yourself as you used to and >skip the install script if you want. > > >-- >/Peter Bonivart Thanks very much, Peter! Linda -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From l_candelario at CRC.UPR.CLU.EDU Thu Jul 1 18:50:55 2004 From: l_candelario at CRC.UPR.CLU.EDU (Larry Candelario Lugo) Date: Thu Jan 12 21:26:03 2006 Subject: Out of office Message-ID: -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alden at ENGINENO9INC.COM Thu Jul 1 18:51:33 2004 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:26:03 2006 Subject: Problem releasing file from quarantine In-Reply-To: <200406302317.i5UNHWD12873@engine.engineno9inc.com> Message-ID: I have been TRYING to release a file from quarantine, but I keep getting the same error. According to the MAQ, all I have to do is copy the df- and qf- files to the mqueue. I also included the file that was tagged as a possible virus (PETERSON.rel.doc). Unfortunately, the file never reaches the destination. I found the offending rule in filename.rules.conf ("deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$"), but I am loathe to change it. By now, we've had the sender change the name of the doc and resend it. But I am wondering what I can do in the future to release a file from quarantine. Any help would be appreciated. I am running MailScanner 4.30.3 on a P4, RH 9.0 with ClamAV, all RBLs, URIs in SpamAssassin. Regards, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 12E New York, NY 10019 (212) 981-1122 (212) 725-7202 fax -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jul 1 19:11:19 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:03 2006 Subject: Problem releasing file from quarantine In-Reply-To: References: <200406302317.i5UNHWD12873@engine.engineno9inc.com> Message-ID: Alden Levy wrote: > I have been TRYING to release a file from quarantine, but I keep getting the > same error. According to the MAQ, all I have to do is copy the df- and qf- > files to the mqueue. I also included the file that was tagged as a possible > virus (PETERSON.rel.doc). Unfortunately, the file never reaches the > destination. > > I found the offending rule in filename.rules.conf ("deny > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$"), but I am loathe to change it. > > By now, we've had the sender change the name of the doc and resend it. But I > am wondering what I can do in the future to release a file from quarantine. > Any help would be appreciated. What do you have in your logs? I think that once the df and qf files are in mqueue, it should not be processed by MailScanner again. Make sure mqueue is your outgoing queue. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From scs at UWB.EDU.PL Thu Jul 1 19:27:47 2004 From: scs at UWB.EDU.PL (Grzesiek =?iso-8859-2?b?U3RhbGXxY3p5aw==?=) Date: Thu Jan 12 21:26:03 2006 Subject: Mailscanner + ClamAV + DrWeb simple question? Message-ID: <1088706467.40e457a3d8fbe@poczta.uwb.edu.pl> Hey there! I've got Mailscanner 4.31 and ClamAV version 0.71 and DrWeb. And I've got a question: If I have two antyvirus, then whether they filter e-mails together ,or first one and then second? In logos Maillwatch I have something like this: "DrWeb: Found virus Win32.HLLM.Beagle.37964 in file the_message.cpl ClamAV: the_message.cpl contains Worm.Bagle.AC" In my virus.scannres.conf are: clamav /opt/MailScanner/lib/clamav-wrapper /usr/local/bin drweb /opt/MailScanner/lib/drweb-wrapper /opt/drweb In my Mailscanner.conf I have: virus scanners=drweb clamav THX for your help. -- Pozdrawiam. Mi?ego dnia. ____________________________________________________________________________ Grzesiek scss@poczta.of.pl lub scs@uwb.edu.pl -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jul 1 19:43:32 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:03 2006 Subject: Mailscanner + ClamAV + DrWeb simple question? In-Reply-To: <1088706467.40e457a3d8fbe@poczta.uwb.edu.pl> References: <1088706467.40e457a3d8fbe@poczta.uwb.edu.pl> Message-ID: Grzesiek Stale?czyk wrote: > Hey there! > > I've got Mailscanner 4.31 and ClamAV version 0.71 and DrWeb. > And I've got a question: > If I have two antyvirus, then whether they filter e-mails together ,or first > one and > then second? They are both loaded at the beginning of a batch, and they scan each message one after the other. I'm foreseeing your question : http://www.mailscanner.biz/maq/#stopav -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From test at NEXTMILL.NET Thu Jul 1 21:39:02 2004 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:26:03 2006 Subject: Ignore large attachments?? Message-ID: Is there a setting in MailScanner to ignore large attachments? I want to never scan/extract/analyze messages that have attachments over say 3 megs. This is because the chance of a message over 3 megs being spam or a virus is pretty much improbable. Is there a setting I can change somewhere? I've looked and couldn't find such a setting and would appreciate any and all advise I can get. Expanding large attachments places a great load and increases the likelyhood off hitting the timeout or maxsize settings for the expansion process, sometimes causing a Denial of Service message to be generated and incorrectly tagging the message as spam. Since these larger attachment messages are legit I'd rather just not have the scanner process them at all except to allow them thru. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From SJCJonker at SJC.NL Thu Jul 1 21:47:14 2004 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:26:03 2006 Subject: Ignore large attachments?? In-Reply-To: References: Message-ID: <40E47852.20005@SJC.nl> Hello Brian, Brian Lewis said the following on 01-Jul-04 22:39: > Is there a setting in MailScanner to ignore large attachments? I want to > never scan/extract/analyze messages that have attachments over say 3 > megs. This is because the chance of a message over 3 megs being spam or a > virus is pretty much improbable. Is there a setting I can change First of all I don't know of such a setting, but I'm assuming it's not available because; While now a days it's more common to receive email based viruses where the payload is small, I don't think this is wise to skip certain attachments. What to think of a word file, with embedded graphics AND a macro virus, or a zip file with some data AND a small executable that slipped in which is actually some sort of bot, spyware, virus or other types of malware. Just my 2 Euri cents.. -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From wdwrn at FRIENDLYCITY.NET Thu Jul 1 22:05:17 2004 From: wdwrn at FRIENDLYCITY.NET (Walt Wyndroski) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? References: <1088706467.40e457a3d8fbe@poczta.uwb.edu.pl> Message-ID: <012601c45faf$1e87ac60$0201a8c0@jabbacom.net> Hello all, I've been doing some serious googling over the 2-3 days about how to implement a type of ACL (access control list) for Sendmail which would help in preventing the spoofing of my domain to my users. The only thing I can find are rulesets which are inserted direclty into the sendmail.cf, which is something that I really want to avoid. I was hoping MailScanner would allow me to do this. Here is my setup: Kernel Version 2.4.22-1.2194.nptlsmp SendMail RPM Version sendmail-8.12.10-1.1.1 Procmail RPM Version procmail-3.22-11 MailScanner RPM Version mailscanner-4.30.2-1 If an email arrives at my mail server with the from header as user@mydomain, I need to further look at the message to see if the message originated from one of the subnets for which I relay. If it did, I'll accept it. If it didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, please point me in the right direction and accept my apologies for being on the wrong list. :) Otherwise, if MailScanner can already do this or if someone has already written a custom function for this, please point me in the right direction. Walt Wyndroski -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Thu Jul 1 22:08:55 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:26:03 2006 Subject: Ignore large attachments?? {Scanned} References: Message-ID: <01ce01c45faf$a135ce30$6300a8c0@SSILVA2K> Scott Silva wrote -- | Is there a setting in MailScanner to ignore large attachments? I want to | never scan/extract/analyze messages that have attachments over say 3 | megs. This is because the chance of a message over 3 megs being spam or a | virus is pretty much improbable. Is there a setting I can change | somewhere? I've looked and couldn't find such a setting and would | appreciate any and all advise I can get. Expanding large attachments | places a great load and increases the likelyhood off hitting the timeout | or maxsize settings for the expansion process, sometimes causing a Denial | of Service message to be generated and incorrectly tagging the message as | spam. Since these larger attachment messages are legit I'd rather just | not have the scanner process them at all except to allow them thru. | You can set the maximum size scanned with spamassassin since this would be the slowest and most processor intensive task with large attachments. But I would still virus scan everything, regardless of size, just for safety sake. ---Just when you get a better mouse trap, Along comes a bigger mouse!!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Thu Jul 1 22:18:33 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:26:03 2006 Subject: ruleset processing - matching order {Scanned} References: <40E44F03.7952.B06C15@localhost> Message-ID: <01d401c45fb0$fab671c0$6300a8c0@SSILVA2K> | Hi, | | so far, I've used rulesets very sparingly and now I have a doubt I couldn't | resolve just by looking at the FAQ (or the MAQ, for that matter). | | It is clear that the 'default' action is different from the rest in that is | always used as a last resort, but... what happens if you have more than one | rule that match a given message? is the first one applied? or the last one? | | Example: | | High Scoring Spam Actions = %rules-dir%/hispam.actions.rules | | and, in hispam.actions.rules: | | | FromOrTo: default delete | From: someone@example.com deliver forward guy@example.net | From: 10.9.8.7 deliver I believe the default needs to be last or nothing will ever get past it. "FromorTo: default " = bam! goodbye message. I am pretty sure rules are top to bottom, stopping at first match. | | So, normally, hi-spam messages are deleted. | | If a hi-spam message comes from 'someone@example.com' it is delivered to the | intended recipient and a copy is delivered to 'guy@example.net'. | | If a hi-spam message comes from the IP 10.9.8.7, it is delivered to the | intended recipient. | | Now, what would happen if a message comes from the IP 10.9.8.7 and the | envelope from is 'someone@example.com'? is it delivered? and a copy to | 'guy@example.net'? | | If I changed the order, would the copy to 'guy@example.net' NOT be delivered? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robv at DISASTER.COM Thu Jul 1 22:25:06 2004 From: robv at DISASTER.COM (Vicchiullo, Rob) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? Message-ID: <8BD06A60242B4341B8919A4AC958C1D032D082@busted.dandd.com> Hey you find a solution for this please share it with us, I need the same thing. =) Rob V -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Walt Wyndroski Sent: Thursday, July 01, 2004 5:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Implement Access Control List With MailScanner??? Hello all, I've been doing some serious googling over the 2-3 days about how to implement a type of ACL (access control list) for Sendmail which would help in preventing the spoofing of my domain to my users. The only thing I can find are rulesets which are inserted direclty into the sendmail.cf, which is something that I really want to avoid. I was hoping MailScanner would allow me to do this. Here is my setup: Kernel Version 2.4.22-1.2194.nptlsmp SendMail RPM Version sendmail-8.12.10-1.1.1 Procmail RPM Version procmail-3.22-11 MailScanner RPM Version mailscanner-4.30.2-1 If an email arrives at my mail server with the from header as user@mydomain, I need to further look at the message to see if the message originated from one of the subnets for which I relay. If it did, I'll accept it. If it didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, please point me in the right direction and accept my apologies for being on the wrong list. :) Otherwise, if MailScanner can already do this or if someone has already written a custom function for this, please point me in the right direction. Walt Wyndroski -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Thu Jul 1 22:30:18 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? {Scanned} References: <1088706467.40e457a3d8fbe@poczta.uwb.edu.pl> <012601c45faf$1e87ac60$0201a8c0@jabbacom.net> Message-ID: <01dc01c45fb2$9b623ae0$6300a8c0@SSILVA2K> | Hello all, | I've been doing some serious googling over the 2-3 days about how to | implement a type of ACL (access control list) for Sendmail which would help | in preventing the spoofing of my domain to my users. The only thing I can | find are rulesets which are inserted direclty into the sendmail.cf, which is | something that I really want to avoid. I was hoping MailScanner would allow | me to do this. Here is my setup: | | Kernel Version 2.4.22-1.2194.nptlsmp | SendMail RPM Version sendmail-8.12.10-1.1.1 | Procmail RPM Version procmail-3.22-11 | MailScanner RPM Version mailscanner-4.30.2-1 | | If an email arrives at my mail server with the from header as user@mydomain, | I need to further look at the message to see if the message originated from | one of the subnets for which I relay. If it did, I'll accept it. If it | didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, | please point me in the right direction and accept my apologies for being on | the wrong list. :) Otherwise, if MailScanner can already do this or if | someone has already written a custom function for this, please point me in | the right direction. http://www.sendmail.org/m4/anti_spam.html particularly the section; FEATURE(`relay_mail_from') put the IP addresses of the subnets you relay in the access file. Don't put the domains in as they are easy to fake. I was caught here and it is easy to do and a little harder to find out why sooo much junk gets through. If you relay for the network 11.22.33.0 then you would have; 11.22.33.0 RELAY in /etc/mail/access Also read this; http://www.sendmail.org/tips/relaying.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robv at DISASTER.COM Thu Jul 1 22:36:12 2004 From: robv at DISASTER.COM (Vicchiullo, Rob) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? {Scanned} Message-ID: <8BD06A60242B4341B8919A4AC958C1D032D084@busted.dandd.com> Don't think he is looking for relaying restrictions. He is trying to prevent mail that says it's from his users that is destined for other users of his. So let's say a message comes in from the outside that is for joe@mydomain.com and it says its from jill@mydomain.com It didn't originate from my mail server yet it says its from one of my users. Rob V -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva Sent: Thursday, July 01, 2004 5:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Implement Access Control List With MailScanner??? {Scanned} | Hello all, | I've been doing some serious googling over the 2-3 days about how to | implement a type of ACL (access control list) for Sendmail which would help | in preventing the spoofing of my domain to my users. The only thing I can | find are rulesets which are inserted direclty into the sendmail.cf, which is | something that I really want to avoid. I was hoping MailScanner would allow | me to do this. Here is my setup: | | Kernel Version 2.4.22-1.2194.nptlsmp | SendMail RPM Version sendmail-8.12.10-1.1.1 | Procmail RPM Version procmail-3.22-11 | MailScanner RPM Version mailscanner-4.30.2-1 | | If an email arrives at my mail server with the from header as user@mydomain, | I need to further look at the message to see if the message originated from | one of the subnets for which I relay. If it did, I'll accept it. If it | didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, | please point me in the right direction and accept my apologies for being on | the wrong list. :) Otherwise, if MailScanner can already do this or if | someone has already written a custom function for this, please point me in | the right direction. http://www.sendmail.org/m4/anti_spam.html particularly the section; FEATURE(`relay_mail_from') put the IP addresses of the subnets you relay in the access file. Don't put the domains in as they are easy to fake. I was caught here and it is easy to do and a little harder to find out why sooo much junk gets through. If you relay for the network 11.22.33.0 then you would have; 11.22.33.0 RELAY in /etc/mail/access Also read this; http://www.sendmail.org/tips/relaying.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From wdwrn at FRIENDLYCITY.NET Thu Jul 1 22:41:30 2004 From: wdwrn at FRIENDLYCITY.NET (Walt Wyndroski) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? References: <1088706467.40e457a3d8fbe@poczta.uwb.edu.pl> <012601c45faf$1e87ac60$0201a8c0@jabbacom.net> Message-ID: <013501c45fb4$2b93b930$0201a8c0@jabbacom.net> Actually, this thought just occured to me: The rulesets in MailScanner are structured as From:, FromOrTo:, To:, FromAndTo:. If I could use FromAndFrom: then I could build a rule as follows: From: mydomain.com From: Accept From: mydomain.com From: 0.0.0.0/0 Deny OR: Can I use rulesets within rulesets? For instance, in the blacklist.rules could I put: From: mydomain.com /etc/MailScanner/rules/mydomain.com.txt And inside "/etc/MailScanner/rules/mydomain.com.txt" I would put: From: NO From: default YES or From: /!()/ YES What do you all think? Walt Wyndroski ----- Original Message ----- From: "Walt Wyndroski" To: Sent: Thursday, July 01, 2004 5:05 PM Subject: Implement Access Control List With MailScanner??? > Hello all, > I've been doing some serious googling over the 2-3 days about how to > implement a type of ACL (access control list) for Sendmail which would help > in preventing the spoofing of my domain to my users. The only thing I can > find are rulesets which are inserted direclty into the sendmail.cf, which is > something that I really want to avoid. I was hoping MailScanner would allow > me to do this. Here is my setup: > > Kernel Version 2.4.22-1.2194.nptlsmp > SendMail RPM Version sendmail-8.12.10-1.1.1 > Procmail RPM Version procmail-3.22-11 > MailScanner RPM Version mailscanner-4.30.2-1 > > If an email arrives at my mail server with the from header as user@mydomain, > I need to further look at the message to see if the message originated from > one of the subnets for which I relay. If it did, I'll accept it. If it > didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, > please point me in the right direction and accept my apologies for being on > the wrong list. :) Otherwise, if MailScanner can already do this or if > someone has already written a custom function for this, please point me in > the right direction. > > Walt Wyndroski > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Thu Jul 1 22:59:33 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? {Scanned} References: <8BD06A60242B4341B8919A4AC958C1D032D084@busted.dandd.com> Message-ID: <01f601c45fb6$b631f370$6300a8c0@SSILVA2K> But if the mail pretends to come from one of his users, but is actually coming from outside, then IP based relay checks are exactly what he needs. If it is coming from an outside source, with an internal from address, it is still a relay attempt. But if you used domain based relay checks, then these messages would get through. I stop 50 to 100 attemps at this very thing every day. Many are attemps to relay by skipping the MX priorities, and making messages look like they came from our other server. | Don't think he is looking for relaying restrictions. | He is trying to prevent mail that says it's from his users that is | destined for other users of his. | | So let's say a message comes in from the outside that is for | joe@mydomain.com and it says its from jill@mydomain.com | It didn't originate from my mail server yet it says its from one of my | users. | | | | Rob V | | -----Original Message----- | From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On | Behalf Of Scott Silva | Sent: Thursday, July 01, 2004 5:30 PM | To: MAILSCANNER@JISCMAIL.AC.UK | Subject: Re: Implement Access Control List With MailScanner??? {Scanned} | | | Hello all, | | I've been doing some serious googling over the 2-3 days about how | to | | implement a type of ACL (access control list) for Sendmail which would | help | | in preventing the spoofing of my domain to my users. The only thing I | can | | find are rulesets which are inserted direclty into the sendmail.cf, | which | is | | something that I really want to avoid. I was hoping MailScanner would | allow | | me to do this. Here is my setup: | | | | Kernel Version 2.4.22-1.2194.nptlsmp | | SendMail RPM Version sendmail-8.12.10-1.1.1 | | Procmail RPM Version procmail-3.22-11 | | MailScanner RPM Version mailscanner-4.30.2-1 | | | | If an email arrives at my mail server with the from header as | user@mydomain, | | I need to further look at the message to see if the message originated | from | | one of the subnets for which I relay. If it did, I'll accept it. If it | | didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for | this, | | please point me in the right direction and accept my apologies for | being | on | | the wrong list. :) Otherwise, if MailScanner can already do this or if | | someone has already written a custom function for this, please point | me in | | the right direction. | | http://www.sendmail.org/m4/anti_spam.html | particularly the section; | FEATURE(`relay_mail_from') | | put the IP addresses of the subnets you relay in the access file. | Don't put the domains in as they are easy to fake. I was caught here | and it is easy to do and a little harder to find out why sooo much | junk gets through. | | If you relay for the network 11.22.33.0 then you would have; | 11.22.33.0 RELAY | in /etc/mail/access | | Also read this; | http://www.sendmail.org/tips/relaying.html | | | -- | This message has been scanned for viruses and | dangerous content by MailScanner, and is | believed to be clean. | | -------------------------- MailScanner list ---------------------- | To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk | Before posting, please see the Most Asked Questions at | http://www.mailscanner.biz/maq/ and the archives at | http://www.jiscmail.ac.uk/lists/mailscanner.html | | -------------------------- MailScanner list ---------------------- | To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk | Before posting, please see the Most Asked Questions at | http://www.mailscanner.biz/maq/ and the archives at | http://www.jiscmail.ac.uk/lists/mailscanner.html | | -- | This message has been scanned for viruses and | dangerous content by MailScanner, and is | believed to be clean. | | -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ka at PACIFIC.NET Thu Jul 1 23:06:52 2004 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? In-Reply-To: <8BD06A60242B4341B8919A4AC958C1D032D082@busted.dandd.com> References: <8BD06A60242B4341B8919A4AC958C1D032D082@busted.dandd.com> Message-ID: <40E48AFC.3000302@pacific.net> You don't have users that use their email addresses from outside your domain? Nobody checks email from home on their cable ISP, and uses @yourdomain email addresses? Using MailScanner From and To rulesets as you have suggested would stop the envelope sender being set to yourdomain, but the sender could still set the 'From:' header to yourdomain. :-( I think you'd need to also kill it with sendmail (maybe a milter) or maybe an SA rule that matched META conditions (yourdomain in the From Header) and NOT (one of your relays). Ken A Vicchiullo, Rob wrote: > Hey you find a solution for this please share it with us, I need the > same thing. =) > > > > Rob V > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Walt Wyndroski > Sent: Thursday, July 01, 2004 5:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Implement Access Control List With MailScanner??? > > Hello all, > I've been doing some serious googling over the 2-3 days about how to > implement a type of ACL (access control list) for Sendmail which would > help > in preventing the spoofing of my domain to my users. The only thing I > can > find are rulesets which are inserted direclty into the sendmail.cf, > which is > something that I really want to avoid. I was hoping MailScanner would > allow > me to do this. Here is my setup: > > Kernel Version 2.4.22-1.2194.nptlsmp > SendMail RPM Version sendmail-8.12.10-1.1.1 > Procmail RPM Version procmail-3.22-11 > MailScanner RPM Version mailscanner-4.30.2-1 > > If an email arrives at my mail server with the from header as > user@mydomain, > I need to further look at the message to see if the message originated > from > one of the subnets for which I relay. If it did, I'll accept it. If it > didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, > please point me in the right direction and accept my apologies for being > on > the wrong list. :) Otherwise, if MailScanner can already do this or if > someone has already written a custom function for this, please point me > in > the right direction. > > Walt Wyndroski > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mark at TIPPINGMAR.COM Fri Jul 2 01:38:29 2004 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? In-Reply-To: <012601c45faf$1e87ac60$0201a8c0@jabbacom.net> Message-ID: <239186F8-CBC0-11D8-9524-0003939C8BF6@tippingmar.com> On Thursday, July 1, 2004, at 02:05 PM, Walt Wyndroski wrote: > > If an email arrives at my mail server with the from header as > user@mydomain, > I need to further look at the message to see if the message originated > from > one of the subnets for which I relay. If it did, I'll accept it. If it > didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for > this, > please point me in the right direction and accept my apologies for > being on > the wrong list. :) Otherwise, if MailScanner can already do this or if > someone has already written a custom function for this, please point > me in > the right direction. > I think I saw a message about this maybe a month or so ago. The suggested solution was to use the rulesets for spam.whitelist.rules and spam.blacklist.rules in the following clever way: In your spam.whitelist.rules: From: mydomain.com and From: our.ip.add.ress yes From: mydomain.com and From: our.oth.era.dres yes FromOrTo: default no In your spam.blacklist.rules: From: mydomain.com yes FromOrTo: default no I know that seems scary, but evidently the whitelist takes precedence and you won't be blacklisting your own mail. Caution, I haven't tried it myself. Alternatively, publish SPF records for your domain and either push spf into sendmail using a milter or wait for spamassassin 3.0 to use spf as part of your spam check. Mark Nienberg -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From wdwrn at FRIENDLYCITY.NET Fri Jul 2 01:46:48 2004 From: wdwrn at FRIENDLYCITY.NET (Walt Wyndroski) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? References: <8BD06A60242B4341B8919A4AC958C1D032D082@busted.dandd.com> <40E48AFC.3000302@pacific.net> Message-ID: <017201c45fce$0ec54ed0$0201a8c0@jabbacom.net> I found a round-about-solution. It's not pretty, but it seems to be working. 1) In my spam.blacklist.rules, I added the following which forces mydomain.com to be automatically spam. From: mydomain.com yes FromOrTo: default no 2) I then added the following to my MailScanner.conf. Spam Modify Subject = %rules-dir%/spam.modify.rules High Scoring Spam Modify Subject = %rules-dir%/spam.modify.rules In my spam.modify.rules I added: From: mydomain.com no FromOrTo: default yes This prevents the subject from being modified with the {Spam?} tag for emails form my domain. All others are tagged as they should be. 3) I then added the following to my MailScanner.conf. Spam Actions = %rules-dir%/spam.actions.rules In spam.actions.rules, I added the following: From: /[\@\.]mydomain\.com$/ and From: 10. deliver From: /[\@\.]mydomain\.com$/ delete FromOrTo: default deliver This allows mail from mydomain.com AND from hosts in the 10.0.0.0/8 network to be delivered properly. All other mail from mydomain.com is deleted. Like I said, it's not pretty, but works. Maybe Julian will write a much simpler function for this, at least I hope so. :) Walt Wyndroski ----- Original Message ----- From: "Ken A" To: Sent: Thursday, July 01, 2004 6:06 PM Subject: Re: Implement Access Control List With MailScanner??? > You don't have users that use their email addresses from outside your > domain? Nobody checks email from home on their cable ISP, and uses > @yourdomain email addresses? > > Using MailScanner From and To rulesets as you have suggested would stop > the envelope sender being set to yourdomain, but the sender could still > set the 'From:' header to yourdomain. :-( > > I think you'd need to also kill it with sendmail (maybe a milter) or > maybe an SA rule that matched META conditions (yourdomain in the From > Header) and NOT (one of your relays). > > Ken A > > > Vicchiullo, Rob wrote: > > > Hey you find a solution for this please share it with us, I need the > > same thing. =) > > > > > > > > Rob V > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Walt Wyndroski > > Sent: Thursday, July 01, 2004 5:05 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Implement Access Control List With MailScanner??? > > > > Hello all, > > I've been doing some serious googling over the 2-3 days about how to > > implement a type of ACL (access control list) for Sendmail which would > > help > > in preventing the spoofing of my domain to my users. The only thing I > > can > > find are rulesets which are inserted direclty into the sendmail.cf, > > which is > > something that I really want to avoid. I was hoping MailScanner would > > allow > > me to do this. Here is my setup: > > > > Kernel Version 2.4.22-1.2194.nptlsmp > > SendMail RPM Version sendmail-8.12.10-1.1.1 > > Procmail RPM Version procmail-3.22-11 > > MailScanner RPM Version mailscanner-4.30.2-1 > > > > If an email arrives at my mail server with the from header as > > user@mydomain, > > I need to further look at the message to see if the message originated > > from > > one of the subnets for which I relay. If it did, I'll accept it. If it > > didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, > > please point me in the right direction and accept my apologies for being > > on > > the wrong list. :) Otherwise, if MailScanner can already do this or if > > someone has already written a custom function for this, please point me > > in > > the right direction. > > > > Walt Wyndroski > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From vanhorn at WHIDBEY.COM Fri Jul 2 02:15:58 2004 From: vanhorn at WHIDBEY.COM (G. Armour Van Horn) Date: Thu Jan 12 21:26:03 2006 Subject: Passing some file of a certain type In-Reply-To: References: Message-ID: <40E4B74E.6010500@whidbey.com> I have a client that uses *.reg files which they create as the licenses for the software they write. Naturally, he promptly insisted that I disable the blocking of that filetype, so I am now allowing them in both filename and filetype.rules.conf. However, could anyone suggest a rule that would allow RSD*.reg but deny all other *.reg files? Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Fri Jul 2 02:18:19 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:26:03 2006 Subject: Passing some file of a certain type In-Reply-To: <40E4B74E.6010500@whidbey.com> Message-ID: <200407020118.i621ILLV000669@nkpanama.com> Allow them first with a regular expression, before the deny rule. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of G. Armour Van Horn Sent: Thursday, July 01, 2004 8:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Passing some file of a certain type I have a client that uses *.reg files which they create as the licenses for the software they write. Naturally, he promptly insisted that I disable the blocking of that filetype, so I am now allowing them in both filename and filetype.rules.conf. However, could anyone suggest a rule that would allow RSD*.reg but deny all other *.reg files? Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alden at ENGINENO9INC.COM Fri Jul 2 02:41:20 2004 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:26:03 2006 Subject: Problem releasing file from quarantine In-Reply-To: <200407012317.i61NHcD05428@engine.engineno9inc.com> Message-ID: Date: Thu, 1 Jul 2004 14:11:19 -0400 From: Ugo Bellavance Subject: Re: Problem releasing file from quarantine Alden Levy wrote: >> I have been TRYING to release a file from quarantine, but I keep getting the >> same error. According to the MAQ, all I have to do is copy the df- and qf- >> files to the mqueue. I also included the file that was tagged as a possible >> virus (PETERSON.rel.doc). Unfortunately, the file never reaches the >> destination. >> >> I found the offending rule in filename.rules.conf ("deny >> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$"), but I am loathe to change it. >> >> By now, we've had the sender change the name of the doc and resend it. But I >> am wondering what I can do in the future to release a file from quarantine. >> Any help would be appreciated. >What do you have in your logs? I think that once the df and qf files >are in mqueue, it should not be processed by MailScanner again. Make >sure mqueue is your outgoing queue. My outgoing queue for that particular email is where I put it (I had tried to put it in /var/spool/mqueue as well, but that didn't work). I tailed the maillog when I put it in the correct mqueue and I got: Jul 1 21:48:41 engine sendmail[7765]: i621mfR07765: from=MS@engineno9inc.com, size=1343, class=0, nrcpts=1, msgid=<200407020148.i621mfR07765@engine.engineno9inc.com>, relay=root@localhost Jul 1 21:48:41 engine virthostmail[7770]: Chrooting to /home/virtual/site2/fst Jul 1 21:48:41 engine MailScanner[3565]: Notices: Warned about 1 messages Jul 1 21:48:41 engine virthostmail[7773]: Chrooting to /home/virtual/site1/fst Jul 1 21:48:41 engine sendmail[7772]: i621mf907772: from=, size=20759, class=0, nrcpts=1, msgid=, proto=ESMTP, relay=root@localhost Jul 1 21:48:41 engine sendmail[7764]: i5TLNTD18954: to=, delay=2+04:25:12, xdelay=00:00:00, mailer=virthostmail, pri=214559, relay=RECEIVEDOMAIN, dsn=2.0.0, stat=Sent (i621mf907772 Message accepted for delivery) Jul 1 21:48:41 engine sendmail[7776]: i621mfT07776: from=, size=1593, class=0, nrcpts=1, msgid=<200407020148.i621mfR07765@engine.engineno9inc.com>, proto=ESMTP, relay=root@localhost Jul 1 21:48:41 engine sendmail[7775]: i621mf907772: to=, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=49543, dsn=2.0.0, stat=Sent Jul 1 21:48:41 engine sendmail[7769]: i621mfR07765: to=MS@engineno9inc.com, ctladdr=MS@engineno9inc.com (0/0), delay=00:00:00, xdelay=00:00:00, mailer=virthostmail, pri=31343, relay=engineno9inc.com, dsn=2.0.0, stat=Sent (i621mfT07776 Message accepted for delivery) Jul 1 21:48:41 engine sendmail[7778]: i621mfT07776: to=alden, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31230, dsn=2.0.0, stat=Sent (obviously, I have changed the sender's domain and the recipient's domain) Any thoughts? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Fri Jul 2 03:08:43 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? In-Reply-To: <012601c45faf$1e87ac60$0201a8c0@jabbacom.net> Message-ID: <200407020208.i6228jLV001608@nkpanama.com> You should look into SMTP authentication which might be one way of dealing with some of the spoofed messages - that way you don't relay for ANYONE unless they authenticate first. The added bonus is that you DO relay for anyone who DOES, so support for any possible or future roaming users becomes easier. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Walt Wyndroski Sent: Thursday, July 01, 2004 4:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Implement Access Control List With MailScanner??? Hello all, I've been doing some serious googling over the 2-3 days about how to implement a type of ACL (access control list) for Sendmail which would help in preventing the spoofing of my domain to my users. The only thing I can find are rulesets which are inserted direclty into the sendmail.cf, which is something that I really want to avoid. I was hoping MailScanner would allow me to do this. Here is my setup: Kernel Version 2.4.22-1.2194.nptlsmp SendMail RPM Version sendmail-8.12.10-1.1.1 Procmail RPM Version procmail-3.22-11 MailScanner RPM Version mailscanner-4.30.2-1 If an email arrives at my mail server with the from header as user@mydomain, I need to further look at the message to see if the message originated from one of the subnets for which I relay. If it did, I'll accept it. If it didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, please point me in the right direction and accept my apologies for being on the wrong list. :) Otherwise, if MailScanner can already do this or if someone has already written a custom function for this, please point me in the right direction. Walt Wyndroski -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Fri Jul 2 03:10:06 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? In-Reply-To: <013501c45fb4$2b93b930$0201a8c0@jabbacom.net> Message-ID: <200407020210.i622A9LV001745@nkpanama.com> This would break compatibility for roaming users. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Walt Wyndroski Sent: Thursday, July 01, 2004 4:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Implement Access Control List With MailScanner??? Actually, this thought just occured to me: The rulesets in MailScanner are structured as From:, FromOrTo:, To:, FromAndTo:. If I could use FromAndFrom: then I could build a rule as follows: From: mydomain.com From: Accept From: mydomain.com From: 0.0.0.0/0 Deny OR: Can I use rulesets within rulesets? For instance, in the blacklist.rules could I put: From: mydomain.com /etc/MailScanner/rules/mydomain.com.txt And inside "/etc/MailScanner/rules/mydomain.com.txt" I would put: From: NO From: default YES or From: /!()/ YES What do you all think? Walt Wyndroski ----- Original Message ----- From: "Walt Wyndroski" To: Sent: Thursday, July 01, 2004 5:05 PM Subject: Implement Access Control List With MailScanner??? > Hello all, > I've been doing some serious googling over the 2-3 days about how to > implement a type of ACL (access control list) for Sendmail which would help > in preventing the spoofing of my domain to my users. The only thing I can > find are rulesets which are inserted direclty into the sendmail.cf, which is > something that I really want to avoid. I was hoping MailScanner would allow > me to do this. Here is my setup: > > Kernel Version 2.4.22-1.2194.nptlsmp > SendMail RPM Version sendmail-8.12.10-1.1.1 > Procmail RPM Version procmail-3.22-11 > MailScanner RPM Version mailscanner-4.30.2-1 > > If an email arrives at my mail server with the from header as user@mydomain, > I need to further look at the message to see if the message originated from > one of the subnets for which I relay. If it did, I'll accept it. If it > didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, > please point me in the right direction and accept my apologies for being on > the wrong list. :) Otherwise, if MailScanner can already do this or if > someone has already written a custom function for this, please point me in > the right direction. > > Walt Wyndroski > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Jul 2 03:05:03 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:03 2006 Subject: Yahoo groups bouncing In-Reply-To: <002b01c45f82$ed73c130$fa00010a@THINKPAD1800> References: <20040701150143.982E721C2F0@mail.fsl.com> <002b01c45f82$ed73c130$fa00010a@THINKPAD1800> Message-ID: Kham Vue wrote: > I'm using MS as relay and I'm getting a few bounced or 550 access denied > especially from yahoo groups. > > Anyone got a clue why? Yahoo has had some downtime lately... some because of akamai, some... ? probably just that. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From m.sapsed at BANGOR.AC.UK Fri Jul 2 09:02:10 2004 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:26:03 2006 Subject: Passing some file of a certain type References: <40E4B74E.6010500@whidbey.com> Message-ID: <40E51682.9000603@bangor.ac.uk> G. Armour Van Horn wrote: > I have a client that uses *.reg files which they create as the licenses > for the software they write. Naturally, he promptly insisted that I > disable the blocking of that filetype, so I am now allowing them in both > filename and filetype.rules.conf. > > However, could anyone suggest a rule that would allow RSD*.reg but deny > all other *.reg files? allow ^RSD.*\.reg$ - - deny \.reg$ Registry attack Registry Attack making sure the white space is tabs would do it I think... Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kenny.m.chau at XOXY.NET Fri Jul 2 09:53:43 2004 From: kenny.m.chau at XOXY.NET (Kenny Chauun) Date: Thu Jan 12 21:26:03 2006 Subject: (Kaspersky 5) Wrapper Script does not seem to work. Message-ID: Hi! I am new to the list and facing exactly the same issue as this article. In short, the problem is: MailScanner cannot work with KAV 5's aveserver/aveclient component. My investigation reveals that the reason being: aveclient doesn't accept the "." argument of MailScanner as a wildcard for all or directory. Proof: #aveclient -p/var/run/aveserver -s . /tmp/. ERROR not a regular file #aveclient -p/var/run/aveserver -s out.mail out.mail OK Any help is greatly appreciated. Thanks, K On Wed, 4 Feb 2004 18:55:31 +0000, Julian Field wrote: >At 17:17 04/02/2004, you wrote: >>Hi! >> >>I am having heavy troubles using Mailscanner with Kaspersky version 5.0. >> >>I want Mailscanner to start the client portion of kaspersky called >>aveclient in version 5. I modified the wrapper-script slightly, and it >>seems to work: >> >>This is what the wrapper looks like: >> >>=============================== >>#!/bin/sh >>PackageDir=$1/bin >>shift >>Scanner=aveclient >> >>ScanOptions="-p /var/run/aveserver -s " >> >>if [ "x$1" = "x-IsItInstalled" ]; then >> [ -x ${PackageDir}/$Scanner ] && exit 0 >> exit 1 >>fi >> >>exec ${PackageDir}/$Scanner $ScanOptions "$@" >> >>=============================================== >> >> >>when I start the wrapper-script like this: ./kavdaemonclient-wrapper >>/opt/kav/ /SampleVirus.exe >> >>i get: >> >>/SampleVirus.exe >>INFECTED >>LINFECTED I-Worm.Swen >> >>so I assume this works. Also the return code ist other than zero: >> ./kavdaemonclient-wrapper /opt/kav/ /SampleVirus.exe > /dev/null && echo >> asfd >> >>returns nothing, as it shoud. >> >>The Problem is, that when Mailscanner starts this script, mailscanner never >>detects any virus, although it SURELY starts the wrapper script (i tried this >>with using a touch /tmp/asdf command just before the exec-part). Doesn't >>Mailscanner look at the return-code of the program? > >No. That only tells it that it found a virus somewhere. It scans lots of >messages at once, and parses the output of the virus scanner. > >> Due to which criteria does >>mailscanner decide that the object is a virus? I just don't know a solution. >> >>Thank you for help! >> >>wogri >> >>-- >>wogri@wogri.at >>http://www.wogri.at >>-- >>wogri@wogri.at >>http://www.wogri.at > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gib at TMISNET.COM Fri Jul 2 11:06:53 2004 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:26:03 2006 Subject: SURBL/URI checks - FreeBSD bayes starter Database In-Reply-To: <20040630150207.886B821C2BC@mail.fsl.com> References: <801403078973F243A6A74322E134AF500124CFF2@mail.herefordshire.gov.uk> <20040630150207.886B821C2BC@mail.fsl.com> Message-ID: <6.1.1.1.2.20040702200326.0339bfd0@207.158.56.7> Hi Steve. I downloaded and installed your SURBL/URI package and it installed and worked perfectly. I also wanted to let you know your FREEBSD bayes Starter DB appears to be labeled incorrectly. It says it's a .gz package but it appears to actually be a tarball. I couldn't expand it with gunzip, but tar -xvf opened it up with no problems. gib At 11:02 AM 6/30/2004 -0400, you wrote: >Thanks to all who suggested corrections, I've upgraded the SURBL/URI package >and tested on our scanners. The new package is available at: > > http://www.fsl.com/support/index.html > >Download from the SURBL/URI install files link. > >Steve > >Stephen Swaney >President >Fortress Systems Ltd. >Steve.Swaney@FSL.com > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >Fortress Systems Ltd. >www.fsl.com > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's "Friendly ISP" -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From wdwrn at FRIENDLYCITY.NET Fri Jul 2 13:28:12 2004 From: wdwrn at FRIENDLYCITY.NET (Walt Wyndroski) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? References: <200407020210.i622A9LV001745@nkpanama.com> Message-ID: <002c01c46030$0a9a2f30$0201a8c0@jabbacom.net> Here is some more information on my setup: 1) Over 3000 users. 2) I allow relaying only for the 8 Class C networks which we use/serve. 3) I DO NOT allow relaying for my domain name. 4) Roaming users can user our web interface if they wish to send mail as being from our domain. 5) I am blocking outbound and inbound port 25 for all of my network except for my mail server obviously, my T-1 customers, and static ip customers. So doing SMTP auth will not be a wise choice for me as some of our users who connect to remote mail servers must relay through ours. This prevent virus infected email from being spewed out from our networks or least minimizes it. 6) Unfortunately, the security of my mail server and network must come before the needs of any roaming users which I may or may not have. Security is inversely proprortional to convenience. Walt Wyndroski ----- Original Message ----- From: "Alex Neuman" To: Sent: Thursday, July 01, 2004 10:10 PM Subject: Re: Implement Access Control List With MailScanner??? > This would break compatibility for roaming users. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Walt Wyndroski > Sent: Thursday, July 01, 2004 4:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Implement Access Control List With MailScanner??? > > Actually, this thought just occured to me: The rulesets in MailScanner are > structured as From:, FromOrTo:, To:, FromAndTo:. If I could use FromAndFrom: > then I could build a rule as follows: > > From: mydomain.com From: Accept > From: mydomain.com From: 0.0.0.0/0 Deny > > OR: > > Can I use rulesets within rulesets? For instance, in the blacklist.rules > could I put: > > From: mydomain.com /etc/MailScanner/rules/mydomain.com.txt > > And inside "/etc/MailScanner/rules/mydomain.com.txt" I would put: > > From: NO > From: default YES or From: /!()/ YES > > What do you all think? > > Walt Wyndroski > > > > ----- Original Message ----- > From: "Walt Wyndroski" > To: > Sent: Thursday, July 01, 2004 5:05 PM > Subject: Implement Access Control List With MailScanner??? > > > > Hello all, > > I've been doing some serious googling over the 2-3 days about how to > > implement a type of ACL (access control list) for Sendmail which would > help > > in preventing the spoofing of my domain to my users. The only thing I can > > find are rulesets which are inserted direclty into the sendmail.cf, which > is > > something that I really want to avoid. I was hoping MailScanner would > allow > > me to do this. Here is my setup: > > > > Kernel Version 2.4.22-1.2194.nptlsmp > > SendMail RPM Version sendmail-8.12.10-1.1.1 > > Procmail RPM Version procmail-3.22-11 > > MailScanner RPM Version mailscanner-4.30.2-1 > > > > If an email arrives at my mail server with the from header as > user@mydomain, > > I need to further look at the message to see if the message originated > from > > one of the subnets for which I relay. If it did, I'll accept it. If it > > didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, > > please point me in the right direction and accept my apologies for being > on > > the wrong list. :) Otherwise, if MailScanner can already do this or if > > someone has already written a custom function for this, please point me in > > the right direction. > > > > Walt Wyndroski > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Fri Jul 2 13:27:26 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:26:03 2006 Subject: Making sendmail only accept mail to genuine Exchange users Message-ID: <38531FBA30509D418523F41CC6E981D827F001@securenetdc.securenet.co.il> Hi Stephen, Thanks for your answer. I will upgrade it soon. I have some questions about this methodology if you don?t mind: 1. in this phase i don?t want to use the VBscript so I create and copy the file " whitelist-addresses.txt" manually to the /etc/mail directory. 2. I don?t understend what this line means in the perl script: my $exchangebox="exchange.yourdomain.com"; I saw that when I run the script he create the files mailhost and mailhost.db that contain the mail address from the whitelist-addresses file and add the value that he has in the $exchangebox variable, why ??? How the MailScanner know to translate the DNS name to the IP address ? And If I put there IP Address its not working. 3. why I need to put the Exchnage IP address inside the "access" file ? the access file contain the domain name that the Sendmail will authorize RELAY to. I don?t send my emails through the MailScanner, just incoming emails. 4. why I need to delete all the entries in the mailertable file ? How the sendmail will know to send the emails to the Exchnage server ? In the mailertable I configure "domain_name ip_addr_exchnage" Thanks a lot. http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html -----Original Message----- From: Stephen Swaney [mailto:steve.swaney@FSL.COM] Sent: Thursday, July 01, 2004 5:02 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Making sendmail only accept mail to genuine Exchange users ? > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Idan Plotnik > Sent: Thursday, July 01, 2004 10:12 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Making sendmail only accept mail to genuine Exchange users > Hi All, > I am using sendmail-8.12.8-4 and mailscanner-4.25-14, I am wondering if > > someone has tried to implement this architecture? > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html > if so what is your opinion about it? Its working good? We've installed this methodology at many client sites and it works quit well. Why would you want to install a fairly old version of MailScanner? Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kvue at WADSNET.COM Fri Jul 2 13:50:32 2004 From: kvue at WADSNET.COM (Kham Vue) Date: Thu Jan 12 21:26:03 2006 Subject: Yahoo groups bouncing In-Reply-To: Message-ID: <001801c46033$2ba9bf80$fa00010a@THINKPAD1800> Why would downtime be a problem when my relay server is bouncing it? ------------------------------------------- Kham Vue Wadsworth Internet Service (WADSNET) email: kvue@wadsnet.com "Complex systems lead to complex problems." - CAIB Report -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Thursday, July 01, 2004 10:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Yahoo groups bouncing Kham Vue wrote: > I'm using MS as relay and I'm getting a few bounced or 550 access > denied especially from yahoo groups. > > Anyone got a clue why? Yahoo has had some downtime lately... some because of akamai, some... ? probably just that. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Jul 2 14:08:48 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:03 2006 Subject: Yahoo groups bouncing In-Reply-To: <001801c46033$2ba9bf80$fa00010a@THINKPAD1800> References: <001801c46033$2ba9bf80$fa00010a@THINKPAD1800> Message-ID: Kham Vue wrote: > Why would downtime be a problem when my relay server is bouncing it? > Sorry, I thought it was going to yahoo, not from. > ------------------------------------------- > Kham Vue -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From diego.fabara at ALEGROPCS.COM Fri Jul 2 14:33:05 2004 From: diego.fabara at ALEGROPCS.COM (Diego Fabara) Date: Thu Jan 12 21:26:03 2006 Subject: Scan Virus and delete it in this moment ?? Message-ID: <52C877445DFA6942B6575319B402CEBD5CA1FD@uiovivex01.TELECSA.INTRA> I've MailScanner and Clamav Av. How to do scan and deleted simultaneously the files infected before to moved to quarantine ?? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040702/355d775a/attachment.html From TGFurnish at HERFFJONES.COM Fri Jul 2 15:35:28 2004 From: TGFurnish at HERFFJONES.COM (Trever Furnish) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? Message-ID: <8FFC76593085ED4A80D3601BC41EFCDF0373381D@inex1.herffjones.hj-int> Um, what you're looking for is called SPF. http://spf.pobox.com Since you're using Sendmail, that means your process would be like this: 1. Publish an SPF record for your domain(s). 2. Install the Sendmail SPF milter from spf.pobox.com. There's a wizard on the spf site above that will walk you through creating an initial "SPF record" for your domains - it's just a text record with a specific format. The contents of the record list the allowed sender addresses for mail claiming to be from your domain. Anything you don't list will not be allowed to deliver mail claiming to be from your domain to any servers that honor the SPF record you publish. If you have users who currently send mail claiming to be from your domain using other SMTP servers, you have additional issues to work out, and you have some options: - Designate the ISPs your people use as valid senders for your domain. - That may open you up too much though. - Use authenticated SMTP to allow your users to relay through your own server from outside your network. - Many "home user" ISPs now block connections to port 25 though. (Ie Comcast has started doing that.) - Use a vpn for your users - if they want to send mail from your domain, this allows them to come from your trusted network. I want to stress that not everyone has to support remote users - if you don't, then you ought to have no major problem with spf. -- Trever > -----Original Message----- > From: Walt Wyndroski [mailto:wdwrn@FRIENDLYCITY.NET] > Sent: Friday, July 02, 2004 7:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Implement Access Control List With MailScanner??? > > > Here is some more information on my setup: > > 1) Over 3000 users. > 2) I allow relaying only for the 8 Class C networks which we > use/serve. > 3) I DO NOT allow relaying for my domain name. > 4) Roaming users can user our web interface if they wish to > send mail as > being from our domain. > 5) I am blocking outbound and inbound port 25 for all of my > network except > for my mail server obviously, my T-1 customers, and static ip > customers. So > doing SMTP auth will not be a wise choice for me as some of > our users who > connect to remote mail servers must relay through ours. This > prevent virus > infected email from being spewed out from our networks or > least minimizes > it. > 6) Unfortunately, the security of my mail server and network must come > before the needs of any roaming users which I may or may not > have. Security > is inversely proprortional to convenience. > > Walt Wyndroski > > ----- Original Message ----- > From: "Alex Neuman" > To: > Sent: Thursday, July 01, 2004 10:10 PM > Subject: Re: Implement Access Control List With MailScanner??? > > > > This would break compatibility for roaming users. > > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > > Of Walt Wyndroski > > Sent: Thursday, July 01, 2004 4:42 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Implement Access Control List With MailScanner??? > > > > Actually, this thought just occured to me: The rulesets in > MailScanner are > > structured as From:, FromOrTo:, To:, FromAndTo:. If I could use > FromAndFrom: > > then I could build a rule as follows: > > > > From: mydomain.com From: Accept > > From: mydomain.com From: 0.0.0.0/0 Deny > > > > OR: > > > > Can I use rulesets within rulesets? For instance, in the > blacklist.rules > > could I put: > > > > From: mydomain.com /etc/MailScanner/rules/mydomain.com.txt > > > > And inside "/etc/MailScanner/rules/mydomain.com.txt" I would put: > > > > From: NO > > From: default YES or From: /!( subnet(s)>)/ YES > > > > What do you all think? > > > > Walt Wyndroski > > > > > > > > ----- Original Message ----- > > From: "Walt Wyndroski" > > To: > > Sent: Thursday, July 01, 2004 5:05 PM > > Subject: Implement Access Control List With MailScanner??? > > > > > > > Hello all, > > > I've been doing some serious googling over the 2-3 > days about how to > > > implement a type of ACL (access control list) for > Sendmail which would > > help > > > in preventing the spoofing of my domain to my users. The > only thing I > can > > > find are rulesets which are inserted direclty into the > sendmail.cf, > which > > is > > > something that I really want to avoid. I was hoping > MailScanner would > > allow > > > me to do this. Here is my setup: > > > > > > Kernel Version 2.4.22-1.2194.nptlsmp > > > SendMail RPM Version sendmail-8.12.10-1.1.1 > > > Procmail RPM Version procmail-3.22-11 > > > MailScanner RPM Version mailscanner-4.30.2-1 > > > > > > If an email arrives at my mail server with the from header as > > user@mydomain, > > > I need to further look at the message to see if the > message originated > > from > > > one of the subnets for which I relay. If it did, I'll > accept it. If it > > > didn't, I'll discard it. If anyone knows of a Sendmail m4 > rule for this, > > > please point me in the right direction and accept my > apologies for being > > on > > > the wrong list. :) Otherwise, if MailScanner can already > do this or if > > > someone has already written a custom function for this, > please point me > in > > > the right direction. > > > > > > Walt Wyndroski > > > > > > -------------------------- MailScanner list ---------------------- > > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > > Before posting, please see the Most Asked Questions at > > > http://www.mailscanner.biz/maq/ and the archives at > > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Fri Jul 2 15:32:34 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:26:03 2006 Subject: Making sendmail only accept mail to genuine Exchange users Message-ID: <5C0296D26910694BB9A9BBFC577E7AB002019A31@pascal.priv.bmrb.co.uk> -----Original Message----- >From: Idan Plotnik [mailto:idan@SECURENET.CO.IL] >I have some questions about this methodology if you don't mind: >1. in this phase i don't want to use the VBscript so I create and copy the > file " whitelist-addresses.txt" manually to the /etc/mail directory. That is fine >2. I don't understend what this line means in the perl script: > my $exchangebox="exchange.yourdomain.com"; > I saw that when I run the script he create the files mailhost and > mailhost.db that contain the mail address from the whitelist-addresses > file and add the value that he has in the $exchangebox variable, why ??? So that sendmail knows where to route the mail to (see below). > How the MailScanner know to translate the DNS name to the IP address ? > And If I put there IP Address its not working. Because it is expecting a dns name, and its not mailscanner its sendmail. It should resolve correctly if your DNS is set up correctly - if not a hosts file entry may help. >3. why I need to put the Exchnage IP address inside the "access" file ? the > access file contain the domain name that the Sendmail will authorize > RELAY to. > I don't send my emails through the MailScanner, just incoming emails. You don't RELAY to, you RELAY for. Normally you relay for your own domain (incoming or outgoing), but in this setup you no longer relay _to_ your domain, only from it. In order to relay from your domain you permit relay for your internal servers (IP addresses in the access file only apply to sending hosts AFAIK). If your internal boxes don't relay through your mailscanner box then you don't need to add them. >4. why I need to delete all the entries in the mailertable file ? > How the sendmail will know to send the emails to the Exchnage server ? > In the mailertable I configure "domain_name ip_addr_exchnage" Because in this setup you are no longer relaying for your domain, you are accepting mail on your sendmail box as if they were local accounts and then redirecting each address in the mailhost file to the server specified on the same line. If the user doesn't appear in the mailhost file then they are considered not to exist and therefore reject as an invalid address - this is the 'trick' that the whole technique relies upon. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Jul 2 15:44:32 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:03 2006 Subject: Scan Virus and delete it in this moment ?? In-Reply-To: <52C877445DFA6942B6575319B402CEBD5CA1FD@uiovivex01.TELECSA.INTRA> References: <52C877445DFA6942B6575319B402CEBD5CA1FD@uiovivex01.TELECSA.INTRA> Message-ID: Diego Fabara wrote: > > > I?ve MailScanner and Clamav Av. > > > > How to do scan and deleted simultaneously the files infected before to > moved to quarantine ?? What do you want to do exactly? You cannot delete files _and_ put it in quarantine... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From listonly at WEBPRESENCEGROUP.NET Fri Jul 2 15:56:57 2004 From: listonly at WEBPRESENCEGROUP.NET (David Thurman) Date: Thu Jan 12 21:26:03 2006 Subject: sendmail relay question, please [SCANNED] In-Reply-To: <00bd01c45e16$99a47580$5a01a8c0@cnpapers.net> Message-ID: On 6/29/04 3:21 PM, "Steve Campbell" wrote: > I tried that, but with no success. I'm using Webmin to administer this, I > don't think this is causing any problems, though. Just threw that in in case > someone had the same experience. I used the following: > > cnpapers.com esmtp:[10.0.0.100] > > > Thank you very much anyway. What OS are you using? -- David Thurman The Web Presence Group http://www.the-presence.com Web Development/E-Commerce/CMS/Hosting/Dedicated Servers 800-399-6441/309-679-0774 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Fri Jul 2 16:05:06 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:26:03 2006 Subject: CheckModuleVersion: minor enhancement Message-ID: Julian, Many thanks for allowing "install.sh" to work on other OSes (in addition to Linux). As part of trying to smooth one or two of its rough edges, I'd like to request the attached patch to "CheckModuleVersion". This simply re-enables the commented-out "print ..." statements if given a "-v" (verbose) flag. (It is standalone and should have no other interaction; however, it is very useful when trying to debug perl-module installation aspects.) -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- --- CheckModuleVersion.orig Tue Jun 1 16:13:24 2004 +++ CheckModuleVersion Fri Jul 2 14:35:49 2004 @@ -2,24 +2,28 @@ use strict; +require "getopts.pl"; + +&Getopts('v'); + my $module = shift; my $minimum = shift; my($result, $version, $versionvar); -#print "Checking installation status of Perl module $module...\n"; +print "Checking installation status of Perl module $module...\n" if $main::opt_v; $versionvar = $module . "::VERSION"; $version = eval "require $module and defined \$$versionvar and \$$versionvar"; if ($@) { - #print "Module $module is not installed.\n"; + print "Module $module is not installed.\n" if $main::opt_v; exit(1); } if ($version >= $minimum) { - #print "Module is installed and version number is okay\n"; + print "Module is installed and version number is okay ($version >= $minimum)\n" if $main::opt_v; exit(0); } else { - #print "Module is installed but needs to be at least version $minimum (currently $version)\n"; + print "Module is installed but needs to be at least version $minimum (currently $version)\n" if $main::opt_v; exit(1); } From ka at PACIFIC.NET Fri Jul 2 16:10:23 2004 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:26:03 2006 Subject: Implement Access Control List With MailScanner??? In-Reply-To: <002c01c46030$0a9a2f30$0201a8c0@jabbacom.net> References: <200407020210.i622A9LV001745@nkpanama.com> <002c01c46030$0a9a2f30$0201a8c0@jabbacom.net> Message-ID: <40E57ADF.2030602@pacific.net> Walt Wyndroski wrote: > Here is some more information on my setup: > > 1) Over 3000 users. > 2) I allow relaying only for the 8 Class C networks which we use/serve. > 3) I DO NOT allow relaying for my domain name. > 4) Roaming users can user our web interface if they wish to send mail as > being from our domain. > 5) I am blocking outbound and inbound port 25 for all of my network except > for my mail server obviously, my T-1 customers, and static ip customers. So > doing SMTP auth will not be a wise choice for me as some of our users who > connect to remote mail servers must relay through ours. This prevent virus > infected email from being spewed out from our networks or least minimizes > it. > 6) Unfortunately, the security of my mail server and network must come > before the needs of any roaming users which I may or may not have. Security > is inversely proprortional to convenience. And convenience is directly proportional to customer satisfaction.. But I notice you call them 'users' not 'customers', so perhaps that's not an issue. :-) Ken > Walt Wyndroski > > ----- Original Message ----- > From: "Alex Neuman" > To: > Sent: Thursday, July 01, 2004 10:10 PM > Subject: Re: Implement Access Control List With MailScanner??? > > > >>This would break compatibility for roaming users. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf > >>Of Walt Wyndroski >>Sent: Thursday, July 01, 2004 4:42 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Implement Access Control List With MailScanner??? >> >>Actually, this thought just occured to me: The rulesets in MailScanner are >>structured as From:, FromOrTo:, To:, FromAndTo:. If I could use > > FromAndFrom: > >>then I could build a rule as follows: >> >>From: mydomain.com From: Accept >>From: mydomain.com From: 0.0.0.0/0 Deny >> >>OR: >> >>Can I use rulesets within rulesets? For instance, in the blacklist.rules >>could I put: >> >>From: mydomain.com /etc/MailScanner/rules/mydomain.com.txt >> >>And inside "/etc/MailScanner/rules/mydomain.com.txt" I would put: >> >>From: NO >>From: default YES or From: /!()/ YES >> >>What do you all think? >> >>Walt Wyndroski >> >> >> >>----- Original Message ----- >>From: "Walt Wyndroski" >>To: >>Sent: Thursday, July 01, 2004 5:05 PM >>Subject: Implement Access Control List With MailScanner??? >> >> >> >>>Hello all, >>> I've been doing some serious googling over the 2-3 days about how to >>>implement a type of ACL (access control list) for Sendmail which would >> >>help >> >>>in preventing the spoofing of my domain to my users. The only thing I > > can > >>>find are rulesets which are inserted direclty into the sendmail.cf, > > which > >>is >> >>>something that I really want to avoid. I was hoping MailScanner would >> >>allow >> >>>me to do this. Here is my setup: >>> >>> Kernel Version 2.4.22-1.2194.nptlsmp >>>SendMail RPM Version sendmail-8.12.10-1.1.1 >>>Procmail RPM Version procmail-3.22-11 >>>MailScanner RPM Version mailscanner-4.30.2-1 >>> >>>If an email arrives at my mail server with the from header as >> >>user@mydomain, >> >>>I need to further look at the message to see if the message originated >> >>from >> >>>one of the subnets for which I relay. If it did, I'll accept it. If it >>>didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this, >>>please point me in the right direction and accept my apologies for being >> >>on >> >>>the wrong list. :) Otherwise, if MailScanner can already do this or if >>>someone has already written a custom function for this, please point me > > in > >>>the right direction. >>> >>>Walt Wyndroski >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>Before posting, please see the Most Asked Questions at >>>http://www.mailscanner.biz/maq/ and the archives at >>>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From newcomer at DICKINSON.EDU Fri Jul 2 16:16:04 2004 From: newcomer at DICKINSON.EDU (Don Newcomer) Date: Thu Jan 12 21:26:03 2006 Subject: SophosSAVI Message-ID: Help! I'm using MailScanner 4.31.6 and overnight, something happened and now my mailscanner log is filled with Jul 2 11:13:42 alpha MailScanner[403612]: SophosSAVI::ERROR:: The main body of virus data is out of date (542):: ./i62FDbo0000065659/msg-403612-24.dat I'm only hoping that it's not allowing viruses through but I have my doubts. Anyone else seen this? I'm running sophos-autoupdate hourly and it does run successfully. Don Newcomer Senior Manager, Systems Infrastructure Systems Department Library and Information Services Dickinson College P.O. Box 1773 Carlisle, PA 17013 717-245-1256 (Voice) 717-245-1690 (FAX) newcomer@dickinson.edu -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kodak at FRONTIERHOMEMORTGAGE.COM Fri Jul 2 16:23:24 2004 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:26:03 2006 Subject: SophosSAVI In-Reply-To: Message-ID: <004f01c46048$84e15c10$0501a8c0@darkside> Don Newcomer <> wrote: > Jul 2 11:13:42 alpha MailScanner[403612]: SophosSAVI::ERROR:: The > main body of virus data is out of date (542):: > ./i62FDbo0000065659/msg-403612-24.dat > > I'm only hoping that it's not allowing viruses through but I have my > doubts. Anyone else seen this? I'm running sophos-autoupdate hourly > and > it does run successfully. When's the last time you updated the engine? --J(K) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Fri Jul 2 16:25:53 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:26:03 2006 Subject: SophosSAVI In-Reply-To: References: Message-ID: <40E57E81.7060406@solid-state-logic.com> Don did a major update at 02.05 GMT today and it failed really nastily - came in to 850 in the mailq and the thing hung - no updates to the virus defs...so MS hung trying to start itself. all cleared out in under an hour once I figured out what was wrong.. maybe Sophos went down during the night?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Don Newcomer wrote: > Help! I'm using MailScanner 4.31.6 and overnight, something happened and > now my mailscanner log is filled with > > Jul 2 11:13:42 alpha MailScanner[403612]: SophosSAVI::ERROR:: The main body of > virus data is out of date (542):: ./i62FDbo0000065659/msg-403612-24.dat > > I'm only hoping that it's not allowing viruses through but I have my > doubts. Anyone else seen this? I'm running sophos-autoupdate hourly and > it does run successfully. > > Don Newcomer > Senior Manager, Systems > Infrastructure Systems Department > Library and Information Services > Dickinson College > P.O. Box 1773 > Carlisle, PA 17013 > 717-245-1256 (Voice) > 717-245-1690 (FAX) > newcomer@dickinson.edu > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From newcomer at DICKINSON.EDU Fri Jul 2 16:28:13 2004 From: newcomer at DICKINSON.EDU (Don Newcomer) Date: Thu Jan 12 21:26:03 2006 Subject: SophosSAVI In-Reply-To: <004f01c46048$84e15c10$0501a8c0@darkside> References: <004f01c46048$84e15c10$0501a8c0@darkside> Message-ID: It was last updated in the beginning of June with the CD they send out. Don Newcomer Senior Manager, Systems Infrastructure Systems Department Library and Information Services Dickinson College P.O. Box 1773 Carlisle, PA 17013 717-245-1256 (Voice) 717-245-1690 (FAX) newcomer@dickinson.edu On Fri, 2 Jul 2004, Jason Balicki wrote: > Don Newcomer <> wrote: > > Jul 2 11:13:42 alpha MailScanner[403612]: SophosSAVI::ERROR:: The > > main body of virus data is out of date (542):: > > ./i62FDbo0000065659/msg-403612-24.dat > > > > I'm only hoping that it's not allowing viruses through but I have my > > doubts. Anyone else seen this? I'm running sophos-autoupdate hourly > > and > > it does run successfully. > > When's the last time you updated the engine? > > --J(K) > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From newcomer at DICKINSON.EDU Fri Jul 2 16:28:37 2004 From: newcomer at DICKINSON.EDU (Don Newcomer) Date: Thu Jan 12 21:26:03 2006 Subject: SophosSAVI In-Reply-To: <40E57E81.7060406@solid-state-logic.com> References: <40E57E81.7060406@solid-state-logic.com> Message-ID: Actually it's still happening. Don Newcomer Senior Manager, Systems Infrastructure Systems Department Library and Information Services Dickinson College P.O. Box 1773 Carlisle, PA 17013 717-245-1256 (Voice) 717-245-1690 (FAX) newcomer@dickinson.edu On Fri, 2 Jul 2004, Martin Hepworth wrote: > Don > > did a major update at 02.05 GMT today and it failed really nastily - > came in to 850 in the mailq and the thing hung - no updates to the virus > defs...so MS hung trying to start itself. > > all cleared out in under an hour once I figured out what was wrong.. > > maybe Sophos went down during the night?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Don Newcomer wrote: > > Help! I'm using MailScanner 4.31.6 and overnight, something happened and > > now my mailscanner log is filled with > > > > Jul 2 11:13:42 alpha MailScanner[403612]: SophosSAVI::ERROR:: The main body of > > virus data is out of date (542):: ./i62FDbo0000065659/msg-403612-24.dat > > > > I'm only hoping that it's not allowing viruses through but I have my > > doubts. Anyone else seen this? I'm running sophos-autoupdate hourly and > > it does run successfully. > > > > Don Newcomer > > Senior Manager, Systems > > Infrastructure Systems Department > > Library and Information Services > > Dickinson College > > P.O. Box 1773 > > Carlisle, PA 17013 > > 717-245-1256 (Voice) > > 717-245-1690 (FAX) > > newcomer@dickinson.edu > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Fri Jul 2 16:45:35 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:26:03 2006 Subject: SophosSAVI In-Reply-To: References: <40E57E81.7060406@solid-state-logic.com> Message-ID: <40E5831F.6000407@solid-state-logic.com> Don have you tried fetching the updates manually?? That way you'll have a clue as to where the problem may be? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Don Newcomer wrote: > Actually it's still happening. > > > Don Newcomer > Senior Manager, Systems > Infrastructure Systems Department > Library and Information Services > Dickinson College > P.O. Box 1773 > Carlisle, PA 17013 > 717-245-1256 (Voice) > 717-245-1690 (FAX) > newcomer@dickinson.edu > > On Fri, 2 Jul 2004, Martin Hepworth wrote: > > >>Don >> >>did a major update at 02.05 GMT today and it failed really nastily - >>came in to 850 in the mailq and the thing hung - no updates to the virus >>defs...so MS hung trying to start itself. >> >>all cleared out in under an hour once I figured out what was wrong.. >> >>maybe Sophos went down during the night?? >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Don Newcomer wrote: >> >>>Help! I'm using MailScanner 4.31.6 and overnight, something happened and >>>now my mailscanner log is filled with >>> >>>Jul 2 11:13:42 alpha MailScanner[403612]: SophosSAVI::ERROR:: The main body of >>>virus data is out of date (542):: ./i62FDbo0000065659/msg-403612-24.dat >>> >>>I'm only hoping that it's not allowing viruses through but I have my >>>doubts. Anyone else seen this? I'm running sophos-autoupdate hourly and >>>it does run successfully. >>> >>>Don Newcomer >>>Senior Manager, Systems >>>Infrastructure Systems Department >>>Library and Information Services >>>Dickinson College >>>P.O. Box 1773 >>>Carlisle, PA 17013 >>>717-245-1256 (Voice) >>>717-245-1690 (FAX) >>>newcomer@dickinson.edu >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>Before posting, please see the Most Asked Questions at >>>http://www.mailscanner.biz/maq/ and the archives at >>>http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From diego.fabara at ALEGROPCS.COM Fri Jul 2 17:03:20 2004 From: diego.fabara at ALEGROPCS.COM (Diego Fabara) Date: Thu Jan 12 21:26:03 2006 Subject: Scan Virus and delete it in this moment ?? Message-ID: <52C877445DFA6942B6575319B402CEBD689861@uiovivex01.TELECSA.INTRA> I've a lot of mails in quarantine. 1. Virus files reported by Clamav 2. Attachments files stopped by Filenames rules.. Then I'd like to check it and try first to disinfect this files (1) and no delete others files (2) because would be false positive attachments. My quarantine time is 45 days, and I have been checking all files into folder, to decide delete them or not manually. How to do this automatically ?? > -----Mensaje original----- > De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre > de Ugo Bellavance > Enviado el: Viernes, 02 de Julio de 2004 9:45 > Para: MAILSCANNER@JISCMAIL.AC.UK > Asunto: Re: Scan Virus and delete it in this moment ?? > > Diego Fabara wrote: > > > > > > > I've MailScanner and Clamav Av. > > > > > > > > How to do scan and deleted simultaneously the files infected before to > > moved to quarantine ?? > > What do you want to do exactly? You cannot delete files _and_ put it in > quarantine... > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Jul 2 17:37:13 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:03 2006 Subject: Scan Virus and delete it in this moment ?? In-Reply-To: <52C877445DFA6942B6575319B402CEBD689861@uiovivex01.TELECSA.INTRA> References: <52C877445DFA6942B6575319B402CEBD689861@uiovivex01.TELECSA.INTRA> Message-ID: Diego Fabara wrote: > I've a lot of mails in quarantine. > > 1. Virus files reported by Clamav > 2. Attachments files stopped by Filenames rules.. > Then I'd like to check it and try first to disinfect this files (1) and > no delete others files (2) because would be false positive attachments. > > My quarantine time is 45 days, and I have been checking all files into > folder, to decide delete them or not manually. > > How to do this automatically ?? > > Hmmm, still a bit hard to understand (by the way, if you speak french (I'm not good enough in spanish to debug), e-mail me offlist. But I think this might help you # Should I attempt to disinfect infected attachments and then deliver # the clean ones. "Disinfection" involves removing viruses from files # (such as removing macro viruses from documents). "Cleaning" is the # replacement of infected attachments with "VirusWarning.txt" text # attachments. # Less than 1% of viruses in the wild can be successfully disinfected, # as macro viruses are now a rare occurrence. So the default has been # changed to "no" as it gives a significant performance improvement. # # This can also be the filename of a ruleset. Deliver Disinfected Files = yes On the other hand, I really wonder why you'd like to do that?... I haven't see a virus that could be disinfected for ages. Another option is to have notices sent # Notify the local system administrators ("Notices To") when any infections # are found? # This can also be the filename of a ruleset. Send Notices = yes This way, if the volume is not too high, you can go through your messages once a day. You could use MailWatch, as well, to visualise the messages. Finally, maybe you could write a script that would parse the logfile for disinfection entries. Hope this helps, Ugo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Fri Jul 2 18:18:14 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:26:04 2006 Subject: install.sh etc.: tighter "perl" specification Message-ID: Julian, I attach a pair of patches to tighten up both the determination of, and the use of, "perl" where there are multiple possibilities, typically "/usr/bin/perl" and "/usr/local/bin/perl". Use: I change occurence of "perl ..." to "$PERL ...". (And where it calls "./CheckModuleVersion" this becomes "$PERL ./CheckModuleVersion".) This Determination: The "ignore-perl" technique didn't allow flexibility in choice of "perl". It also potentially allowed ambiguity to slip through. So I changed "ignore-perl" into "--perl=/path/to/perl", thereby making the user with such a system have to think about which version they really want. (Behaviour with only a single "perl": progresses as before; behaviour with two perls with no disambiguation stops as before.) The two patches are: install.sh: involves both determination and use. install.tar-fns.sh: involves use (so depends upon "install.sh"). As a side-effect, I tidied up the argument handling to be option-like. (It also has the advantages of (a) compatibility with autoconf's "./configure" for possible future flexibility and (b) transitionally bringing this to the attention of folk who had use the "ignore-perl" syntax. But you can, if you wish, ignore this part of the change for the time being.) I'm also working on some of the annoying little wrinkles that beset the installation of perl modules on Solaris (and other?) systems. But more on that later. Hope that helps. Best wishes. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- --- install.sh.orig Tue Jun 1 16:13:24 2004 +++ install.sh Fri Jul 2 17:58:37 2004 @@ -18,6 +18,66 @@ echo } +################### +# Parse arguments: "./install.sh --help" for more details. +# This is blatantly plagiarised from the typical "./configure" produced by +# "autoconf". If we need to get more complicated, then we should probably +# migrate towards using "autoconf" itself. (Hence not optimising this part, to +# preserve resemblance and encourage compability with "autoconf" conventions.) + +as_me=`(basename "$0") 2>/dev/null` + +ac_init_help= +perl= +nodeps= +for ac_option +do + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` + + case $ac_option in + --perl=*) + perl=$ac_optarg ;; + + --nodeps) + nodeps=$ac_option ;; + + --help | -h) + ac_init_help=long ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *) { echo "$as_me: error: unrecognized argument: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + esac +done + +if test "$ac_init_help" = "long"; then + cat <<_ACEOF +Usage: $0 [OPTION]... [VAR=VALUE]... + + -h, --help display this help and exit + --perl=PERL location of perl binary to use + --nodeps ignore dependencies when installing MailScanner + +_ACEOF + +fi + +test -n "$ac_init_help" && exit 0 + +# Set variables for later use +PERL=$perl +NODEPS=$nodeps + +################### +# Main program + # Are we on an RPM system? If so, use rpm commands to do everything echo if [ -x /bin/rpmbuild ]; then @@ -63,15 +123,11 @@ DISTTYPE=rpm fi -# -# Read the installation-specific stuff and do any extra checks -# -. ./install.${DISTTYPE}-fns.sh - -# Check they don't have 2 Perl installations, this will cause all sorts -# of grief later. -echo -if [ \! "x$1" = "xignore-perl" ] ; then +# Have they not explicitly specified a perl installation? +if [ "x$PERL" = "x" ] ; then + # Check they don't have 2 Perl installations, this will cause all sorts + # of grief later. + echo if [ -x /usr/bin/perl -a -f /usr/local/bin/perl -a -x /usr/local/bin/perl ] ; then echo You appear to have 2 versions of Perl installed, @@ -82,22 +138,26 @@ echo echo If you do not want to do that, and really want to continue, echo then you will need to run this script as - echo ' ./install.sh ignore-perl' + echo " $0 --perl=/path/to/perl" + echo substituting \'/path/to\' appropriately. echo exit 1 else - echo Good, you appear to only have 1 copy of Perl installed. + PERLPATH="/usr/bin /usr/local/bin" + PERL=`findprog perl $PERLPATH` + echo Good, you appear to only have 1 copy of Perl installed: $PERL fi -fi -# Check to see if they want to ignore dependencies in the final -# MailScanner RPM install. -if [ "x$1" = "xnodeps" -o "x$2" = "xnodeps" ] -then - NODEPS='--nodeps' -else - NODEPS= fi +if [ \! -x $PERL ] ; then + echo No executable perl $PERL . Exiting. + exit 1 +fi + +# +# Read the installation-specific stuff and do any extra checks +# +. ./install.${DISTTYPE}-fns.sh # JKF This needs to be a lot cleverer to correctly check # JKF /usr/perl5/bin and /usr/lib/perl5/*/bin and /usr/lib/perl5/bin as well. @@ -141,7 +201,7 @@ echo echo If this fails due to dependency checks, and you wish to ignore echo these problems, you can run -echo ' ./install.sh nodeps' +echo " $0 --nodeps" sleep 2 echo @@ -153,7 +213,7 @@ do # If the module version is already installed, go onto the next one # (unless it is MIME-tools which is always rebuilt. - if ./CheckModuleVersion ${MODNAME} ${VERS} ; then + if $PERL ./CheckModuleVersion ${MODNAME} ${VERS} ; then echo Oh good, module ${MODNAME} version ${VERS} is already installed. echo sleep 2 -------------- next part -------------- --- install.tar-fns.sh.orig Tue Jun 1 16:13:24 2004 +++ install.tar-fns.sh Thu Jul 1 21:34:48 2004 @@ -52,7 +52,7 @@ # If we are using gcc on Solaris, we need to fix up the command-line flags if [ "x$CCISGCC" = "xyes" -a "x$ARCHITECT" = "xsolaris" ]; then - CONFIGPM=`perl -e 'foreach (@INC) { print("$_"),exit if (-f "$_/Config.pm"); }'` + CONFIGPM=`$PERL -e 'foreach (@INC) { print("$_"),exit if (-f "$_/Config.pm"); }'` echo echo As you are running gcc on Solaris, the Makefiles created when echo installing Perl modules won\'t work properly, so I am temporarily @@ -60,7 +60,7 @@ echo when I have finished. echo Found Config.pm in $CONFIGPM mkdir -p ${TMPINSTALL}${CONFIGPM} - perl -p -e 's/-KPIC|-xO3|-xdepend//g' $CONFIGPM/Config.pm > ${TMPINSTALL}${CONFIGPM}/Config.pm + $PERL -p -e 's/-KPIC|-xO3|-xdepend//g' $CONFIGPM/Config.pm > ${TMPINSTALL}${CONFIGPM}/Config.pm PERL5OPT="-I${TMPINSTALL}${CONFIGPM}" export PERL5OPT sleep 10 @@ -126,12 +126,12 @@ ( cd ${TMPBUILDDIR}/${MODFILE}-${VERS} if [ "x$TEST" = "xyes" ]; then - perl Makefile.PL - #[ "x$CCISGCC" = "xyes" ] && perl -pi.bak -e 's/-KPIC|-xO3|-xdepend//g' Makefile + $PERL Makefile.PL + #[ "x$CCISGCC" = "xyes" ] && $PERL -pi.bak -e 's/-KPIC|-xO3|-xdepend//g' Makefile $MAKE && $MAKE test && $MAKE install else - perl Makefile.PL && $MAKE && $MAKE install - [ "x$CCISGCC" = "xyes" ] && perl -pi.bak -e 's/-KPIC|-xO3|-xdepend//g' Makefile + $PERL Makefile.PL && $MAKE && $MAKE install + [ "x$CCISGCC" = "xyes" ] && $PERL -pi.bak -e 's/-KPIC|-xO3|-xdepend//g' Makefile $MAKE && $MAKE install fi ) @@ -202,7 +202,7 @@ fi unpackarchive /opt `ls ${PERL_DIR}/MailScanner*.tar.gz | tail -1` - VERNUM=`cd ${PERL_DIR}; ls MailScanner*.tar.gz | perl -pe 's/^MailScanner-([0-9.]+).*$/$1/' | tail -1` + VERNUM=`cd ${PERL_DIR}; ls MailScanner*.tar.gz | $PERL -pe 's/^MailScanner-([0-9.]+).*$/$1/' | tail -1` echo Have just installed version ${VERNUM}. # Create the symlink if not already present From diego.fabara at ALEGROPCS.COM Fri Jul 2 19:13:12 2004 From: diego.fabara at ALEGROPCS.COM (Diego Fabara) Date: Thu Jan 12 21:26:04 2006 Subject: Send mails ... Message-ID: <52C877445DFA6942B6575319B402CEBD689918@uiovivex01.TELECSA.INTRA> I've lot of mails in my /ar/spool/MailScanner /incoming queue with date later, that I see don't sent the MailScanner. How do you force to send this mails. ?? Thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040702/b2ac1b2c/attachment.html From Denis.Beauchemin at USHERBROOKE.CA Fri Jul 2 19:34:19 2004 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:26:04 2006 Subject: Send mails ... In-Reply-To: <52C877445DFA6942B6575319B402CEBD689918@uiovivex01.TELECSA.INTRA> References: <52C877445DFA6942B6575319B402CEBD689918@uiovivex01.TELECSA.INTRA> Message-ID: <40E5AAAB.4030608@USherbrooke.ca> Diego Fabara wrote: > I?ve lot of mails in my /ar/spool/MailScanner /incoming queue with > date later, that I see don?t sent the MailScanner. > > How do you force to send this mails. ?? > > Thanks > Diego, None of my servers have any file under /var/spool/MailScanner/incoming/*. This directory tree is for temporary files. It shouldn't contain files with dates in the future. If it does contain files with dates in the future it is probably because at one point your server had a wrong date. Denis PS: try to avoid html emails. -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rzewnickie at RFA.ORG Fri Jul 2 19:56:40 2004 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:26:04 2006 Subject: ruleset processing - matching order {Scanned} In-Reply-To: <01d401c45fb0$fab671c0$6300a8c0@SSILVA2K> References: <40E44F03.7952.B06C15@localhost> <01d401c45fb0$fab671c0$6300a8c0@SSILVA2K> Message-ID: <20040702185640.GD14128@rfa.org> On Thu, Jul 01, 2004 at 02:18:33PM -0700, Scott Silva wrote: > | Hi, > | so far, I've used rulesets very sparingly and now I have a doubt I > couldn't > | resolve just by looking at the FAQ (or the MAQ, for that matter). > | It is clear that the 'default' action is different from the rest in that > is > | always used as a last resort, but... what happens if you have more than > one > | rule that match a given message? is the first one applied? or the last > one? > | Example: > | High Scoring Spam Actions = %rules-dir%/hispam.actions.rules > | and, in hispam.actions.rules: > | FromOrTo: default delete > | From: someone@example.com deliver forward guy@example.net > | From: 10.9.8.7 deliver > I believe the default needs to be last or nothing will ever get past it. > "FromorTo: default " = bam! goodbye message. > I am pretty sure rules are top to bottom, stopping at first match. Someone will correct me if I'm wrong, but I think that is incorrect. default can be anywhere in the list, but will always be used if no other rule matches. All other rules are top to bottom, stopping at first match. -Eric Rz. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rzewnickie at RFA.ORG Fri Jul 2 19:58:23 2004 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:26:04 2006 Subject: SURBL/URI checks - FreeBSD bayes starter Database In-Reply-To: <6.1.1.1.2.20040702200326.0339bfd0@207.158.56.7> References: <801403078973F243A6A74322E134AF500124CFF2@mail.herefordshire.gov.uk> <20040630150207.886B821C2BC@mail.fsl.com> <6.1.1.1.2.20040702200326.0339bfd0@207.158.56.7> Message-ID: <20040702185822.GE14128@rfa.org> On Fri, Jul 02, 2004 at 08:06:53PM +1000, Gib Gilbertson Jr. wrote: > Hi Steve. > I downloaded and installed your SURBL/URI package and it installed and > worked perfectly. I also wanted to let you know your FREEBSD bayes Starter > DB appears to be labeled incorrectly. It says it's a .gz package but it > appears to actually be a tarball. I couldn't expand it with gunzip, but tar > -xvf opened it up with no problems. > gib > At 11:02 AM 6/30/2004 -0400, you wrote: > >Thanks to all who suggested corrections, I've upgraded the SURBL/URI > >package > >and tested on our scanners. The new package is available at: > > http://www.fsl.com/support/index.html > >Download from the SURBL/URI install files link. Just wanted to say that I installed the SURBL/URI stuff earlier this week as well. The improvement in spam tagging is dramatic. Thanks, Steve. -Eric Rz. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From SmartD at VMCMAIL.COM Fri Jul 2 19:57:21 2004 From: SmartD at VMCMAIL.COM (Smart,Dan) Date: Thu Jan 12 21:26:04 2006 Subject: New user trying to understand mailscanner capabilities to design solution Message-ID: <8E68F5A27FC613458BF7A9881D959D07DA28C5@cobhm006.na.vul.com> Hi I'm a new subscriber looking at Mailscanner. I have been doing mail relaying with spam and virus filtering for years using (under RH7.3): 1. Postfix 2. Procmail a. Niko Kantarakias' "YAVR" procmail virus filter b. John Hardin's "Sanitizer" procmail recipe. (message cleaner, attachment blocker, zip checker) c. SpamAssassin via spamd/spamc 1. Distributed Checksum Clearinghouse (DCC) 2. SURBL lists 3. SARE rule sets d. Custom procmail recipes: 1. Log mail into MBOX files for monitoring and reporting 2. Capture messages to feed Bayes SA-Learn 3. Bypass rules for certain senders and recipients. 4. Trap stuff for various purposes. My goal is to replace the procmail process with a unified product, but keep the capabilities this gives me. My motivation is getting strong replacement for YAVR - Probably ClamAV. YAVR has lost its developer/maintainer. My information need is in deciding whether to use MailScanner to replace the functionality of John Hardin's Sanitizer (which is very much like Bjarni's Anomy Sanitizer) or to use Sanitizer *with* MailScanner if it does not duplicate it's functionality. And to understand the flexibility of reporting in MailScanner. ========================================================= Here's the functionality in John Hardin's Sanitizer: HEADERS 1. Sanitize bare CR in message headers (Outlook bug). That's also in violation of RFC822 so it's a protocol sanitizing issue. 2. Sanitize multiple null addresses (sendmail exploit). ^((resent-)?(sender|from|(reply-)?to|cc|bcc)|(errors|disposition-notificatio n|apparently)-to|Return-Path): *<>.*<>.*<>.*<>.*<>.*<>.* 3. Detect and truncate Subject: headers longer then 250 characters, to protect Outlook Express users. 4. Truncate excessively long (>500) standard headers, to address the MS Outlook header buffer-overflow bug and to proactively protect against other BO bugs in other mailers; (Mime-Version|(Resent-)?(Date|Sender|From|Reply-To)|(errors|disposition-noti fication|apparently)-to|Message-ID|Return-Path|Status|X-Status|X-Keywords): FIX MIME 1. Length-limit MIME boundary strings, to proactively defend against BO bugs. 2. Check for a null MIME boundary string and supply one if necessary; this is a major DoS attack against Microsoft Exchange 3. Sanitize MIME values that have been explicitly set to null (e.g. encoding="") - this is a major DoS attack against Microsoft Exchange. 4. Sanitize double backquotes in MIME headers to prevent remote attacks against Metamail via the UW Pine MUA ATTACHMENT HEADERS 1. Sanitize files with Microsoft Class-ID extensions. 2. Shorten long file names to less than 120 characters a. Collapse runs of spaces in filenames before length-limiting. 3. Truncate long attachment headers (vs. RFC822 message headers as you noted), again to proactively defend against BO bugs in mailers. 4. Fix missing closed quote on filename 5. Fix unquoted filenames a. Properly enquote unquoted attachment filenames that have embedded semicolons. 6. Fix trailing periods and spaces in filename. 7. Catch encoded periods in filenames and fix encoded plain characters in filename. Both because there's no reason to encode those characters other than an attempt to bypass filtering. 8. Catch quotes-in-extension attack. Outlook/Windows ignores them. (!) 9. Remove embedded RFC822 comments 10. Fix attachment headers of the form 'text from file "xxxx"' where Outlook helpfully looks if the filename can't be determined from the headers that *should* have the filename. URLs 1. Fix URL Spoofing; a.com%01@b.com 2. Fix URL Obfuscation; a.com@b.com There's no good reason to encode plain characters other than an attempt to bypass filtering. WEBBUGS 1. Sanitize tags 2. Sanitize webbug images in tables. 3. Sanitize the tag for webbugs 4. Santize "BACKGROUND" subtag for webbugs TAGS 1. Sanitize the tag. 2. Sanitize the tag; this is primarily of interest to people running webmail programs. 3. Sanitize

How to limit the recipients number for an user

 

Example :

 

User1@dom.com need to send email for 150 address

 

User2@dom.com need to send email for 200 address

 

 

And all people max 20 .

 

How and whrere put this rule ?

 

 

Ing. Diego Rubén Fabara V.

Adm. de Red.

': + 593 2 2990000 Ext 2217

È: + 593 9 096097325

s: diego.fabara@alegropcs.com

     www.alegropcs.com

 

INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA - ALEGRO PCS.

-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
Embedded Content: image00127.jpg: 00000001,73cd391a,00000000,00000000 From raymond at PROLOCATION.NET Fri Jul 30 17:08:51 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:26:25 2006 Subject: Limit the recipients numbers ?? Message-ID: Hi! > User1@dom.com need to send email for 150 address > > User2@dom.com need to send email for 200 address > > > And all people max 20 . > > How and whrere put this rule ? Isnt this a task for your MTA ? And no, most MTA's have a site specific limit, not per user. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jscott at INFOCONEX.COM Fri Jul 30 17:18:43 2004 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:26:25 2006 Subject: Use Spamassassin - Not working properly Message-ID: > || Not sure what to look at. We setup a rule in the MailScanner.conf > || file like this. > || > || /etc/MailScanner/rules/spamassassin.rules > || > || The file contains a couple of test rules. > || > || For example: > || FromOrTo: jscott@infoconex.com yes > || From: 192.168.105.5/24 yes > || From: Customers block yes > || > || If I send or receive email it gets processed by spamassassin. If I > || send an email from the private IP space no matter what my from email > || address is it gets scanned by spamassassin as it should. > || > || However my customers IP space nothing is getting processed? > || > || The only thing that is different is that I have 2 IP's bound to this > || machine. I have the client use the 2nd IP to relay emails via so I > || can monitor traffic generated. The customers has multiple networks > || and for each I have the whole /24 added. > || > || Any ideas what to look at? > || > || It sure looks like it should work properly. Just isnt. > || > || Jim > || > | Anyone able to help me on this one? > | > | Jim > > Is there any possibility that your customers ip block is getting NATted? > No, I have verified that the IP showing up in my maillogs is one of the IP's I have listed. By the way they have about 40 locations that I am doing this for. None of them have worked yet. In all cases I can see in my logs that the IP it is being sent from is the IP range I have listed. Jim -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jscott at INFOCONEX.COM Fri Jul 30 17:23:12 2004 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:26:25 2006 Subject: TestVirus.org - Empty MIME Boundary Vulnerability Message-ID: Not sure if anyone has used this but test #23 does not get detected by MailScanner. Running version MailScanner-4.32.4-1 Here is the contents of the email it sent -- How do I protect against this? This message was sent to you because you or someone you know is testing your mail server's virus scanner at: http://www.testvirus.org This test message contains: Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability" (attachment can be opened by all versions of Microsoft Outlook and Outlook Express) If your mail server's virus scanner did not detect this email, it allows some viruses through! Please note: This test message uses the EICAR test virus, which is completely benign and contains no viral code. For more information see: http://www.eicar.org This free test has been provided to you by Excedent Technologies (http://www.excedent.com) and Webmail.us (http://www.webmail.us) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri Jul 30 17:24:06 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:26:25 2006 Subject: Limit the recipients numbers ?? Message-ID: > >> User1@dom.com need to send email for 150 address >> >> User2@dom.com need to send email for 200 address >> >> >> And all people max 20 . >> >> How and whrere put this rule ? > > Isnt this a task for your MTA ? And no, most MTA's have a > site specific limit, not per user. And could we refrain from posting using HTML heavy junk please. HTML emails are annoying. Logos are simply uncalled for. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shares at GROUP1INTERNET.COM Fri Jul 30 17:24:24 2004 From: shares at GROUP1INTERNET.COM (Scott Hares) Date: Thu Jan 12 21:26:25 2006 Subject: Subject Tag - Most but not all spams tagged Message-ID: I've got subject line tagging working for the most part. Oddly enough, I've got two spams out of about 100 that did not get the subject line tagged. Any suggestions would be appreciated. Please note the headers of the offending spam below. To: scott@NOSPAMgarlic.com Date: Thu, 29 Jul 2004 19:33:34 -0600 Message-ID: <1091147614.8228@mx5.consumer-based.com> From: "Mystery Classics " Reply-To: "Mystery Classics" Subject:Get 50 Full Length Movies for the Price of 1 Content-Type: text/html X-UIDL: $ic!!4dd!!C//!!i8`!! X-rc.group1internet.com-MailScanner-Information: Please contact the ISP for more information X-rc.group1internet.com-MailScanner: Found to be clean X-rc.group1internet.com-MailScanner-SpamCheck: spam, SpamAssassin (score=33.598, required 6, BANG_MORE 1.16, BAYES_99 11.01, EMAIL_ROT13 4.10, G1I_MY_OBFUJ 0.45, G1I_MY_OBFUQa 1.45, G1I_MY_OBFUX 0.45, G1I_OBFU_word_03 0.40, G1I_OBFU_word_04 0.40, G1I_REMOVE 0.30, HTML_70_80 2.00, HTML_FONTCOLOR_RED 0.10, HTML_FONT_BIG 0.27, HTML_FONT_INVISIBLE 0.60, HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10, MAILTO_SUBJ_REMOVE 0.89, MIME_HEADER_CTYPE_ONLY 2.23, MIME_HTML_NO_CHARSET 0.56, MIME_HTML_ONLY 0.32, OBSCURED_EMAIL 2.70, RCVD_IN_SBL 1.11, RCVD_IN_SBL_CSMA 2.00) X-rc.group1internet.com-MailScanner-SpamScore: sssssssssssssssssssssssssssssssss X-MailScanner-From: adv@consumer-based.com Here is a spam of approximately the same score that did get tagged. Date: Thu, 29 Jul 2004 19:55:47 +0000 From: "Liberty Wireless" Reply-To: "Liberty Wireless" To: Content-Type: text/html Message-Id: <20040729205610.981DB387D@quake.garlic.com> X-UIDL: doU!!~DG!!YKS"!`53"! X-rc.group1internet.com-MailScanner-Information: Please contact the ISP for more information X-rc.group1internet.com-MailScanner: Found to be clean X-rc.group1internet.com-MailScanner-SpamCheck: spam, SpamAssassin (score=33.243, required 6, BAD_CREDIT 0.36, BAYES_99 11.01, G1I_MY_OBFUJ 0.45, G1I_MY_OBFUX 0.45, G1I_MY_OBFUZ 0.45, G1I_OBFU_word_01 3.40, G1I_OBFU_word_04 0.40, G1I_REMOVE 0.30, HTML_80_90 2.00, HTML_IMAGE_AREA_05 2.20, HTML_IMAGE_ONLY_02 1.23, HTML_MESSAGE 0.10, HTTP_WITH_EMAIL_IN_URL 0.20, MAILTO_SUBJ_REMOVE 0.89, MIME_HEADER_CTYPE_ONLY 2.23, MIME_HTML_NO_CHARSET 0.56, MIME_HTML_ONLY 0.32, NO_CREDIT_CHECK 2.70, RCVD_IN_BL_CSMA 2.00, RCVD_IN_BL_SPAMCOP_NET 2.00) X-rc.group1internet.com-MailScanner-SpamScore: sssssssssssssssssssssssssssssssss X-MailScanner-From: adv@go2ebuy.com Subject: [Spam 33] Get a Sanyo Color Cell Phone with No Credit Check! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brett at WRL.ORG Fri Jul 30 17:25:27 2004 From: brett at WRL.ORG (Brett Charbeneau) Date: Thu Jan 12 21:26:25 2006 Subject: No virus checking for certain accounts? Message-ID: > Usually what needs to work can be accomplished by other means. Or by > using rulesets to only allow certain sites to send you e-mail with > possibly dangerous tags. This has some possibilities, although the issue is for automated messages which are OUTbound. Let's see if I understand this correctly: In MailScanner.conf I would set "Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules" and that file would contain something like: From: naughtyclient@mydomain.org no FromOrTo: default yes Or am I reading the ruleset README incorrectly? Brett Charbeneau, Network Administrator Tel: 757-259-7750 Williamsburg Regional Library FAX: 757-259-7798 7770 Croaker Road brett@wrl.org Williamsburg, VA 23188-7064 http://www.wrl.org > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Ugo Bellavance > Sent: Thursday, July 29, 2004 9:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: No virus checking for certain accounts? > > Alex Neuman wrote: > > > Or disarm. > > > > Yeah, I thought of that, but I guess the tags are there for a purpose, > so disarming might be even worse than blocking (makes you think it works > while it doesn't) -- Brett Charbeneau, Network Administrator Tel: 757-259-7750 Williamsburg Regional Library FAX: 757-259-7798 7770 Croaker Road brett@wrl.org Williamsburg, VA 23188-7064 http://www.wrl.org -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jscott at INFOCONEX.COM Fri Jul 30 17:30:42 2004 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:26:25 2006 Subject: Testvirus.org - Partial (Fragmented) Vulnerability Message-ID: Well this got detected as Blocked Content. However the attachment instead of being the normal attachment I would expected was a .dat file named {Virus?} {Blocked Content} Virus Scanner Test #24 (non-virus).dat Here is the test description: Test #24 (non-virus): Test for the "Partial (Fragmented) Vulnerability". This does not include the Eicar virus, however your mail server should still block this since a virus can use this technique to break itself into multiple emails, bypassing virus scanners, and reassembling itself in your inbox. (attachment can be opened by virtually any mail program) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Jul 30 17:37:15 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:25 2006 Subject: TestVirus.org - Empty MIME Boundary Vulnerability Message-ID: Jim Scott wrote: > Not sure if anyone has used this but test #23 does not get detected by > MailScanner. Running version MailScanner-4.32.4-1 > > Here is the contents of the email it sent -- How do I protect against this? Search the list archve for "testvirus", you should find. > > This message was sent to you because you or someone you know is testing your > mail server's virus scanner at: http://www.testvirus.org > This test message contains: Test #23: Eicar virus within zip file hidden > using the "Empty MIME Boundary Vulnerability" (attachment can be opened by > all versions of Microsoft Outlook and Outlook Express) > If your mail server's virus scanner did not detect this email, it allows > some viruses through! Please note: This test message uses the EICAR test > virus, which is completely benign and contains no viral code. For more > information see: http://www.eicar.org > This free test has been provided to you by Excedent Technologies > (http://www.excedent.com) and Webmail.us (http://www.webmail.us) > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcel at IRC-ADDICTS.DE Fri Jul 30 17:38:10 2004 From: marcel at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:26:25 2006 Subject: Some error, which results in two times receiving of mails Message-ID: Hi there, currently i am experiencing some trouble with my mails. As the Mails got scanned, some mails generate an error. The error look like this: Jul 30 17:47:08 marcel MailScanner[953]: Failed to link message body between queues (/var/spool/mqueue/dfi6UFkoRC003363 --> /var/spool/mqueue.in/dfi6UFkoRC003363) Then the recipient get this mail twice. Any idea how to handle this? Till now i have not seen any kind of problems within these mails, as all mails are different sizes or content. Would be great, if anyone could help me. Greetings Marcel -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brett at WRL.ORG Fri Jul 30 17:45:13 2004 From: brett at WRL.ORG (Brett Charbeneau) Date: Thu Jan 12 21:26:25 2006 Subject: No virus checking for certain accounts? Message-ID: Ha! I tried this and it worked like a charm! Thanks for letting me think out loud here, folks! Brett On Fri, 30 Jul 2004, Brett Charbeneau wrote: BC> > Usually what needs to work can be accomplished by other means. Or by BC> > using rulesets to only allow certain sites to send you e-mail with BC> > possibly dangerous tags. BC> BC> This has some possibilities, although the issue is for automated BC> messages which are OUTbound. BC> Let's see if I understand this correctly: BC> In MailScanner.conf I would set BC> BC> "Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules" BC> BC> and that file would contain something like: BC> BC> From: naughtyclient@mydomain.org no BC> FromOrTo: default yes BC> BC> BC> Or am I reading the ruleset README incorrectly? BC> BC> Brett Charbeneau, Network Administrator Tel: 757-259-7750 BC> Williamsburg Regional Library FAX: 757-259-7798 BC> 7770 Croaker Road brett@wrl.org BC> Williamsburg, VA 23188-7064 http://www.wrl.org BC> BC> > -----Original Message----- BC> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On BC> Behalf BC> > Of Ugo Bellavance BC> > Sent: Thursday, July 29, 2004 9:33 PM BC> > To: MAILSCANNER@JISCMAIL.AC.UK BC> > Subject: Re: No virus checking for certain accounts? BC> > BC> > Alex Neuman wrote: BC> > BC> > > Or disarm. BC> > > BC> > BC> > Yeah, I thought of that, but I guess the tags are there for a purpose, BC> > so disarming might be even worse than blocking (makes you think it works BC> > while it doesn't) BC> BC> BC> -- Brett Charbeneau, Network Administrator Tel: 757-259-7750 Williamsburg Regional Library FAX: 757-259-7798 7770 Croaker Road brett@wrl.org Williamsburg, VA 23188-7064 http://www.wrl.org -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cparker at SWATGEAR.COM Fri Jul 30 18:33:18 2004 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:26:25 2006 Subject: Subject Tag - Most but not all spams tagged Message-ID: Scott Hares on Friday, July 30, 2004 9:24 AM said: > I've got subject line tagging working for the most part. Oddly > enough, I've got two spams out of about 100 that did not get the > subject line tagged. Any suggestions would be appreciated. Please > note the headers of the offending spam below. maybe MS was trying to tell you not to pass up such a great deal!? and i quote: "Get 50 Full Length Movies for the Price of 1"!!!!! chris. p.s. as to the real reason, i have no idea. maybe it forgot? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Fri Jul 30 18:39:56 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:26:25 2006 Subject: Testvirus.org - Partial (Fragmented) Vulnerability Message-ID: This is brought up about every month or two. Please search the archives for testvirus.org Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jim Scott > Sent: Friday, July 30, 2004 12:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Testvirus.org - Partial (Fragmented) Vulnerability > > Well this got detected as Blocked Content. However the attachment instead > of > being the normal attachment I would expected was a .dat file named > > {Virus?} {Blocked Content} Virus Scanner Test #24 (non-virus).dat > > Here is the test description: > > Test #24 (non-virus): Test for the "Partial (Fragmented) Vulnerability". > This does not include the Eicar virus, however your mail server should > still > block this since a virus can use this technique to break itself into > multiple emails, bypassing virus scanners, and reassembling itself in your > inbox. (attachment can be opened by virtually any mail program) > This is brought up about every month or two. Please search the archives for testvirus.org Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From el.baby at GMAIL.COM Fri Jul 30 18:59:58 2004 From: el.baby at GMAIL.COM (Mariano Absatz) Date: Thu Jan 12 21:26:25 2006 Subject: Use Spamassassin - Not working properly Message-ID: On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott wrote: > > || Not sure what to look at. We setup a rule in the MailScanner.conf > > || file like this. > > || > > || /etc/MailScanner/rules/spamassassin.rules > > || > > || The file contains a couple of test rules. > > || > > || For example: > > || FromOrTo: jscott@infoconex.com yes > > || From: 192.168.105.5/24 yes > > || From: Customers block yes > > || > > || If I send or receive email it gets processed by spamassassin. If I > > || send an email from the private IP space no matter what my from email > > || address is it gets scanned by spamassassin as it should. > > || > > || However my customers IP space nothing is getting processed? > > || > > || The only thing that is different is that I have 2 IP's bound to this > > || machine. I have the client use the 2nd IP to relay emails via so I > > || can monitor traffic generated. The customers has multiple networks > > || and for each I have the whole /24 added. > > || > > || Any ideas what to look at? > > || > > || It sure looks like it should work properly. Just isnt. > > || > > || Jim > > || > > | Anyone able to help me on this one? > > | > > | Jim > > > > Is there any possibility that your customers ip block is getting NATted? > > > No, I have verified that the IP showing up in my maillogs is one of the IP's > I have listed. By the way they have about 40 locations that I am doing this > for. None of them have worked yet. In all cases I can see in my logs that > the IP it is being sent from is the IP range I have listed. Mmmmhhh time to start with stupid questions... You're sure that the fields in the non-working rules are separated by tabs and not spaces, are you? An excess in copy&paste may have put spaces where you had tabs... -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rdvieira at IMPACTOOLS.COM Fri Jul 30 19:03:49 2004 From: rdvieira at IMPACTOOLS.COM (Renata D. Vieira) Date: Thu Jan 12 21:26:25 2006 Subject: RES: RES: MailScanner + Sendmail Configuration Problems Message-ID: Hello everybody, I'd like only to thank you for the answers. Everything is working fine now. Thanks once again. Renata D. Vieira Support Analyst Impactools - The wise solution that fits. www.impactools.com -----Mensagem original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome de Ugo Bellavance Enviada em: quinta-feira, 29 de julho de 2004 16:20 Para: MAILSCANNER@JISCMAIL.AC.UK Assunto: Re: RES: MailScanner + Sendmail Configuration Problems Renata D. Vieira wrote: > Hello all, > > Thanks for all answers, but independently if I disable sendmail > startup in rc.conf I get MailScanner and Sendmail working together and > correctly when I do the steps bellow: > > > 1- Stop Sendmail with the following command: > mail# /usr/local/etc/rc.d/sendmail.sh stop > > 2- Start MailScanner with the following command: > mail# /usr/local/etc/rc.d/mailscanner.sh start > > 3- Restart Sendmail with the following commands: > mail# sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in > mail# sendmail -q15m > > > And, after some hours, MailScanner stops without an apparently reason > and I can't find anything in the logs. > > What can I do to start MailScanner correctly? What is the correct way? /usr/local/etc/rc.d/mailscanner.sh start /usr/local/etc/rc.d/mta.sh start That is what will be called upon reboot, and should work as long as you have sendmail disabled in rc.conf. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From el.baby at GMAIL.COM Fri Jul 30 19:06:37 2004 From: el.baby at GMAIL.COM (Mariano Absatz) Date: Thu Jan 12 21:26:25 2006 Subject: Subject Tag - Most but not all spams tagged Message-ID: I witnessed this more than once... I posted it to the list... it happened on _some_ 8bit subjects with strange encodings, or when another header was somehow strange, I don't quite recall... I DO believe there's a bug lurking in there, but I never had time to look thoroughly in it... :-( On Fri, 30 Jul 2004 17:24:24 +0100, Scott Hares wrote: > I've got subject line tagging working for the most part. Oddly enough, I've > got two spams out of about 100 that did not get the subject line tagged. > Any suggestions would be appreciated. Please note the headers of the > offending spam below. > > To: scott@NOSPAMgarlic.com > Date: Thu, 29 Jul 2004 19:33:34 -0600 > Message-ID: <1091147614.8228@mx5.consumer-based.com> > From: "Mystery Classics " > Reply-To: "Mystery Classics" > Subject:Get 50 Full Length Movies for the Price of 1 > Content-Type: text/html > X-UIDL: $ic!!4dd!!C//!!i8`!! > X-rc.group1internet.com-MailScanner-Information: Please contact the ISP for > more information > X-rc.group1internet.com-MailScanner: Found to be clean > X-rc.group1internet.com-MailScanner-SpamCheck: spam, > SpamAssassin (score=33.598, required 6, BANG_MORE 1.16, > BAYES_99 11.01, EMAIL_ROT13 4.10, G1I_MY_OBFUJ 0.45, > G1I_MY_OBFUQa 1.45, G1I_MY_OBFUX 0.45, G1I_OBFU_word_03 0.40, > G1I_OBFU_word_04 0.40, G1I_REMOVE 0.30, HTML_70_80 2.00, > HTML_FONTCOLOR_RED 0.10, HTML_FONT_BIG 0.27, > HTML_FONT_INVISIBLE 0.60, HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10, > MAILTO_SUBJ_REMOVE 0.89, MIME_HEADER_CTYPE_ONLY 2.23, > MIME_HTML_NO_CHARSET 0.56, MIME_HTML_ONLY 0.32, OBSCURED_EMAIL 2.70, > RCVD_IN_SBL 1.11, RCVD_IN_SBL_CSMA 2.00) > X-rc.group1internet.com-MailScanner-SpamScore: > sssssssssssssssssssssssssssssssss > X-MailScanner-From: adv@consumer-based.com > > Here is a spam of approximately the same score that did get tagged. > > Date: Thu, 29 Jul 2004 19:55:47 +0000 > From: "Liberty Wireless" > Reply-To: "Liberty Wireless" > To: > Content-Type: text/html > Message-Id: <20040729205610.981DB387D@quake.garlic.com> > X-UIDL: doU!!~DG!!YKS"!`53"! > X-rc.group1internet.com-MailScanner-Information: Please contact the ISP for > more information > X-rc.group1internet.com-MailScanner: Found to be clean > X-rc.group1internet.com-MailScanner-SpamCheck: spam, > SpamAssassin (score=33.243, required 6, BAD_CREDIT 0.36, > BAYES_99 11.01, G1I_MY_OBFUJ 0.45, G1I_MY_OBFUX 0.45, > G1I_MY_OBFUZ 0.45, G1I_OBFU_word_01 3.40, G1I_OBFU_word_04 0.40, > G1I_REMOVE 0.30, HTML_80_90 2.00, HTML_IMAGE_AREA_05 2.20, > HTML_IMAGE_ONLY_02 1.23, HTML_MESSAGE 0.10, > HTTP_WITH_EMAIL_IN_URL 0.20, MAILTO_SUBJ_REMOVE 0.89, > MIME_HEADER_CTYPE_ONLY 2.23, MIME_HTML_NO_CHARSET 0.56, > MIME_HTML_ONLY 0.32, NO_CREDIT_CHECK 2.70, RCVD_IN_BL_CSMA 2.00, > RCVD_IN_BL_SPAMCOP_NET 2.00) > X-rc.group1internet.com-MailScanner-SpamScore: > sssssssssssssssssssssssssssssssss > X-MailScanner-From: adv@go2ebuy.com > Subject: [Spam 33] Get a Sanyo Color Cell Phone with No Credit Check! > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From el.baby at GMAIL.COM Fri Jul 30 19:12:37 2004 From: el.baby at GMAIL.COM (Mariano Absatz) Date: Thu Jan 12 21:26:25 2006 Subject: Some error, which results in two times receiving of mails Message-ID: On Fri, 30 Jul 2004 18:38:10 +0200, Marcel Blenkers wrote: > Hi there, > > currently i am experiencing some trouble with my mails. > > As the Mails got scanned, some mails generate an error. > > The error look like this: > > Jul 30 17:47:08 marcel MailScanner[953]: Failed to link message body > between queues (/var/spool/mqueue/dfi6UFkoRC003363 --> /var/spool/mqueue.in/dfi6UFkoRC003363) > > Then the recipient get this mail twice. > > Any idea how to handle this? > > Till now i have not seen any kind of problems within these mails, as all > mails are different sizes or content. > > Would be great, if anyone could help me. Sounds a lot like the earlier message from Petry Roman (Thread: Strange behavior since update to latest version... Failed to link message body between queues error..)... might this be a locking problem? Any seasoned sendmailer out there can help? -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dh at UPTIME.AT Fri Jul 30 19:15:41 2004 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:26:25 2006 Subject: Some error, which results in two times receiving of mails Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Mariano Absatz wrote: | On Fri, 30 Jul 2004 18:38:10 +0200, Marcel Blenkers | wrote: | |>Hi there, |> |>currently i am experiencing some trouble with my mails. |> |>As the Mails got scanned, some mails generate an error. |> |>The error look like this: |> |>Jul 30 17:47:08 marcel MailScanner[953]: Failed to link message body |>between queues (/var/spool/mqueue/dfi6UFkoRC003363 --> /var/spool/mqueue.in/dfi6UFkoRC003363) |> |>Then the recipient get this mail twice. |> |>Any idea how to handle this? |> |>Till now i have not seen any kind of problems within these mails, as all |>mails are different sizes or content. |> |>Would be great, if anyone could help me. | | Sounds a lot like the earlier message from Petry Roman (Thread: | Strange behavior since update to latest version... Failed to link | message body between queues error..)... | | might this be a locking problem? | | Any seasoned sendmailer out there can help? | Have you, per chance, upgraded to sendmail 8.13.0 and not compiled with - -DHASFLOCK ? - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFBCpBMPMoaMn4kKR4RAxvzAJ9/jE2g+UQRzZ0wydbt03NV5A59SwCeJNTn AUufkps35OdgMvT5Unwa5rQ= =HIfV -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shares at GROUP1INTERNET.COM Fri Jul 30 19:24:32 2004 From: shares at GROUP1INTERNET.COM (Scott Hares) Date: Thu Jan 12 21:26:25 2006 Subject: Subject Tag - Most but not all spams tagged Message-ID: Ah, now this rings a bell. I have seen other servers that had problems handling spams with mime encoded subject lines as expected. Could be the same kind of thing. >I witnessed this more than once... I posted it to the list... it >happened on _some_ 8bit subjects with strange encodings, or when >another header was somehow strange, I don't quite recall... > >I DO believe there's a bug lurking in there, but I never had time to >look thoroughly in it... :-( > >On Fri, 30 Jul 2004 17:24:24 +0100, Scott Hares > wrote: >> I've got subject line tagging working for the most part. Oddly enough, I've >> got two spams out of about 100 that did not get the subject line tagged. >> Any suggestions would be appreciated. Please note the headers of the >> offending spam below. >> >> To: scott@NOSPAMgarlic.com >> Date: Thu, 29 Jul 2004 19:33:34 -0600 >> Message-ID: <1091147614.8228@mx5.consumer-based.com> >> From: "Mystery Classics " >> Reply-To: "Mystery Classics" >> Subject:Get 50 Full Length Movies for the Price of 1 >> Content-Type: text/html >> X-UIDL: $ic!!4dd!!C//!!i8`!! >> X-rc.group1internet.com-MailScanner-Information: Please contact the ISP for >> more information >> X-rc.group1internet.com-MailScanner: Found to be clean >> X-rc.group1internet.com-MailScanner-SpamCheck: spam, >> SpamAssassin (score=33.598, required 6, BANG_MORE 1.16, >> BAYES_99 11.01, EMAIL_ROT13 4.10, G1I_MY_OBFUJ 0.45, >> G1I_MY_OBFUQa 1.45, G1I_MY_OBFUX 0.45, G1I_OBFU_word_03 0.40, >> G1I_OBFU_word_04 0.40, G1I_REMOVE 0.30, HTML_70_80 2.00, >> HTML_FONTCOLOR_RED 0.10, HTML_FONT_BIG 0.27, >> HTML_FONT_INVISIBLE 0.60, HTML_IMAGE_ONLY_04 1.00, HTML_MESSAGE 0.10, >> MAILTO_SUBJ_REMOVE 0.89, MIME_HEADER_CTYPE_ONLY 2.23, >> MIME_HTML_NO_CHARSET 0.56, MIME_HTML_ONLY 0.32, OBSCURED_EMAIL 2.70, >> RCVD_IN_SBL 1.11, RCVD_IN_SBL_CSMA 2.00) >> X-rc.group1internet.com-MailScanner-SpamScore: >> sssssssssssssssssssssssssssssssss >> X-MailScanner-From: adv@consumer-based.com >> >> Here is a spam of approximately the same score that did get tagged. >> >> Date: Thu, 29 Jul 2004 19:55:47 +0000 >> From: "Liberty Wireless" >> Reply-To: "Liberty Wireless" >> To: >> Content-Type: text/html >> Message-Id: <20040729205610.981DB387D@quake.garlic.com> >> X-UIDL: doU!!~DG!!YKS"!`53"! >> X-rc.group1internet.com-MailScanner-Information: Please contact the ISP for >> more information >> X-rc.group1internet.com-MailScanner: Found to be clean >> X-rc.group1internet.com-MailScanner-SpamCheck: spam, >> SpamAssassin (score=33.243, required 6, BAD_CREDIT 0.36, >> BAYES_99 11.01, G1I_MY_OBFUJ 0.45, G1I_MY_OBFUX 0.45, >> G1I_MY_OBFUZ 0.45, G1I_OBFU_word_01 3.40, G1I_OBFU_word_04 0.40, >> G1I_REMOVE 0.30, HTML_80_90 2.00, HTML_IMAGE_AREA_05 2.20, >> HTML_IMAGE_ONLY_02 1.23, HTML_MESSAGE 0.10, >> HTTP_WITH_EMAIL_IN_URL 0.20, MAILTO_SUBJ_REMOVE 0.89, >> MIME_HEADER_CTYPE_ONLY 2.23, MIME_HTML_NO_CHARSET 0.56, >> MIME_HTML_ONLY 0.32, NO_CREDIT_CHECK 2.70, RCVD_IN_BL_CSMA 2.00, >> RCVD_IN_BL_SPAMCOP_NET 2.00) >> X-rc.group1internet.com-MailScanner-SpamScore: >> sssssssssssssssssssssssssssssssss >> X-MailScanner-From: adv@go2ebuy.com >> Subject: [Spam 33] Get a Sanyo Color Cell Phone with No Credit Check! >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > >-- >Mariano Absatz - El Baby >el (dot) baby (AT) gmail (dot) com >el (punto) baby (ARROBA:@) gmail (punto) com > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jscott at INFOCONEX.COM Fri Jul 30 19:56:12 2004 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:26:25 2006 Subject: Use Spamassassin - Not working properly Message-ID: > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott wrote: > > > || Not sure what to look at. We setup a rule in the MailScanner.conf > > > || file like this. > > > || > > > || /etc/MailScanner/rules/spamassassin.rules > > > || > > > || The file contains a couple of test rules. > > > || > > > || For example: > > > || FromOrTo: jscott@infoconex.com yes > > > || From: 192.168.105.5/24 yes > > > || From: Customers block yes > > > || > > > || If I send or receive email it gets processed by spamassassin. If I > > > || send an email from the private IP space no matter what my from email > > > || address is it gets scanned by spamassassin as it should. > > > || > > > || However my customers IP space nothing is getting processed? > > > || > > > || The only thing that is different is that I have 2 IP's bound to this > > > || machine. I have the client use the 2nd IP to relay emails via so I > > > || can monitor traffic generated. The customers has multiple networks > > > || and for each I have the whole /24 added. > > > || > > > || Any ideas what to look at? > > > || > > > || It sure looks like it should work properly. Just isnt. > > > || > > > || Jim > > > || > > > | Anyone able to help me on this one? > > > | > > > | Jim > > > > > > Is there any possibility that your customers ip block is getting NATted? > > > > > No, I have verified that the IP showing up in my maillogs is one of the IP's > > I have listed. By the way they have about 40 locations that I am doing this > > for. None of them have worked yet. In all cases I can see in my logs that > > the IP it is being sent from is the IP range I have listed. > Mmmmhhh time to start with stupid questions... > > You're sure that the fields in the non-working rules are separated by > tabs and not spaces, are you? > > An excess in copy&paste may have put spaces where you had tabs... > Just looked. Definitely Tabs. Jim -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lindsay at pa.net Fri Jul 30 19:59:08 2004 From: lindsay at pa.net (Lindsay Snider) Date: Thu Jan 12 21:26:25 2006 Subject: LocalRelay Patch Message-ID: Hello, Does anyone use the localrelay patch? I just recently upgraded from MailScanner 4.26.8 to 4.31.6. I double checked the patch still works but I haven't rewritten it yet to match w/o offsets. If others are using it, I'll make a new one. Cheers! lindsay -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at NKPANAMA.COM Fri Jul 30 20:22:51 2004 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:26:25 2006 Subject: No virus checking for certain accounts? Message-ID: NO, because A) you can't use rulesets for virus scanning and B) your HTML mails are not viruses, they're dangerous content. Do the same thing, in reverse (default disarm, specific server "no"), and you'll be OK. I have it set on my server so that messages from 127.0.0.1 don't get scanned for much, just viruses. Makes processing faster. If the server that's sending the automated emails is on another box, put its IP there. >> Usually what needs to work can be accomplished by other means. Or by >> using rulesets to only allow certain sites to send you e-mail with >> possibly dangerous tags. > > This has some possibilities, although the issue is for automated > messages which are OUTbound. > Let's see if I understand this correctly: > In MailScanner.conf I would set > > "Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules" > > and that file would contain something like: > > From: naughtyclient@mydomain.org no > FromOrTo: default yes > > > Or am I reading the ruleset README incorrectly? > > Brett Charbeneau, Network Administrator Tel: 757-259-7750 > Williamsburg Regional Library FAX: 757-259-7798 > 7770 Croaker Road brett@wrl.org > Williamsburg, VA 23188-7064 http://www.wrl.org > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf >> Of Ugo Bellavance >> Sent: Thursday, July 29, 2004 9:33 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: No virus checking for certain accounts? >> >> Alex Neuman wrote: >> >> > Or disarm. >> > >> >> Yeah, I thought of that, but I guess the tags are there for a purpose, >> so disarming might be even worse than blocking (makes you think it works >> while it doesn't) > > > -- > > Brett Charbeneau, Network Administrator Tel: 757-259-7750 > Williamsburg Regional Library FAX: 757-259-7798 > 7770 Croaker Road brett@wrl.org > Williamsburg, VA 23188-7064 http://www.wrl.org > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From el.baby at GMAIL.COM Fri Jul 30 20:49:44 2004 From: el.baby at GMAIL.COM (Mariano Absatz) Date: Thu Jan 12 21:26:25 2006 Subject: No virus checking for certain accounts? Message-ID: On Fri, 30 Jul 2004 14:22:51 -0500, Alex Neuman wrote: > NO, because A) you can't use rulesets for virus scanning and B) your HTML > mails are not viruses, they're dangerous content. I already read this... is this true Julian?... I think I'm using it and it works... at least in 4.29.7... did this change? I have domains for which I do incoming virus checking and domains for which I don't... I have a ruleset for that and Virus Scanning = %rules-dir%/virus.check.rules in MailScanner.conf... and I'd swear it is working... only caveat is that if a message is addressed to 2 users in different domains, one domain is configured for 'yes' and the other for the default 'no' in the ruleset, then it'd be scanned for both... I can live with that. > > Do the same thing, in reverse (default disarm, specific server "no"), and > you'll be OK. > > I have it set on my server so that messages from 127.0.0.1 don't get > scanned for much, just viruses. Makes processing faster. If the server > that's sending the automated emails is on another box, put its IP there. -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From el.baby at GMAIL.COM Fri Jul 30 20:55:18 2004 From: el.baby at GMAIL.COM (Mariano Absatz) Date: Thu Jan 12 21:26:25 2006 Subject: configuration filename minipatch Message-ID: Hi Julian, in some custom functions I'm working on I'd really like to know where the MailScanner main configuration file is (MailScanner.conf) so that I can put other configuration files in the same directory and find them easily... But that is not available anywhere... I wrote a tiny patch for Config.pm that allows me to have the complete filename available as $MailScanner::Config::ConfFile Do you think this might be added in a future version? The patch is for the latest 4.32.4 beta. Regards. -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html [ Part 2, Application/OCTET-STREAM (Name: ] [ "MS-4.32.4.StoreConfigFilename.patch") 976bytes. ] [ Unable to print this part. ] From steve.swaney at FSL.COM Fri Jul 30 21:22:57 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:26:25 2006 Subject: Use Spamassassin - Not working properly Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jim Scott > Sent: Friday, July 30, 2004 2:56 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Use Spamassassin - Not working properly > > > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott > wrote: > Not sure what to look at. We setup a rule in the MailScanner.conf > file like this. > > /etc/MailScanner/rules/spamassassin.rules > > The file contains a couple of test rules. > > For example: > FromOrTo: jscott@infoconex.com yes > From: 192.168.105.5/24 yes > From: Customers block yes > > If I send or receive email it gets processed by spamassassin. If > I > send an email from the private IP space no matter what my from > email > address is it gets scanned by spamassassin as it should. > > However my customers IP space nothing is getting processed? > > The only thing that is different is that I have 2 IP's bound to > this > machine. I have the client use the 2nd IP to relay emails via so > I > can monitor traffic generated. The customers has multiple > networks > and for each I have the whole /24 added. > > Any ideas what to look at? > > It sure looks like it should work properly. Just isnt. > > Jim > > Anyone able to help me on this one? > > Jim > White space or tabs shouldn't matter 192.126. or 192.168 or regular expressions should be the same What does "Customers block" in you file represent? Here is a copy of a file that does work. # Start of File # This file controls which email is scanned for spam # and MailScanner security checks # Addresses matching in here, with the value # "no" will never be marked as spam or be checked by # Mailscanner or SpamAssassin checks # Use IP addresses whenever possible # From this host to allow release from Quarantine From: 127.0.0.1 no # For somedomain.net & another.com From: 192.22.14.19 no # From otherdomain.com From: 192.143.190.16 no # Always, always end with a default rule FromOrTo: default yes # EOF Do read the EXAMPE and README files in %rules-dir% Additional documentation available in the MailScanner Manual available at www.fsl.com/support Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > > > > Is there any possibility that your customers ip block is getting > NATted? > > > > > > > No, I have verified that the IP showing up in my maillogs is one of > the > IP's > > > I have listed. By the way they have about 40 locations that I am doing > this > > > for. None of them have worked yet. In all cases I can see in my logs > that > > > the IP it is being sent from is the IP range I have listed. > > Mmmmhhh time to start with stupid questions... > > > > You're sure that the fields in the non-working rules are separated by > > tabs and not spaces, are you? > > > > An excess in copy&paste may have put spaces where you had tabs... > > > Just looked. Definitely Tabs. > > Jim > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From laddison at MORPACE.COM Fri Jul 30 21:40:28 2004 From: laddison at MORPACE.COM (Les Addison) Date: Thu Jan 12 21:26:25 2006 Subject: Spamassassin timed out and was killed Message-ID: Hi, I see a large number of these messages in my server's log files. My server shows available memory and no significant swapping is going on. Has anyone else experienced this? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From chardlist at CHARD.NET Fri Jul 30 21:40:51 2004 From: chardlist at CHARD.NET (Brendan Chard) Date: Thu Jan 12 21:26:25 2006 Subject: Stop outgoing spam checks Message-ID: How can I prevent mail that is being sent out through my server from being checked for spam? One of my clients has falsely shown up in the SBL XBL lists and my MS installation is tagging all of their outbound mail as spam. Outbound virus checking is sufficient for my needs. I'm running MS on FreeBSD with multiple virtual hosts. Thanks, -Brendna -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From el.baby at GMAIL.COM Fri Jul 30 21:47:46 2004 From: el.baby at GMAIL.COM (Mariano Absatz) Date: Thu Jan 12 21:26:25 2006 Subject: Stop outgoing spam checks Message-ID: On Fri, 30 Jul 2004 16:40:51 -0400, Brendan Chard wrote: > How can I prevent mail that is being sent out through my server from being > checked for spam? One of my clients has falsely shown up in the SBL XBL > lists and my MS installation is tagging all of their outbound mail as spam. > Outbound virus checking is sufficient for my needs. > > I'm running MS on FreeBSD with multiple virtual hosts. > Well the clasical answer is 'use a ruleset to identify the networks from where your customers send mail'. Since I can't do this, 'cause I don't know where my users are, I use 2 different instances of the MTA listening on different IPs (even if in the same network interface)... one of them only for incoming mails (the IP you put in your customers' MX records) and the other for my customers to send mail (I usually call this IP smtp.mycustomerdomain.com)... what's more, in this later instance, I make SMTP AUTH mandatory. HTH -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri Jul 30 21:48:21 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions) Date: Thu Jan 12 21:26:25 2006 Subject: Stop outgoing spam checks Message-ID: On Fri, 2004-07-30 at 21:40, Brendan Chard wrote: > How can I prevent mail that is being sent out through my server from being > checked for spam? One of my clients has falsely shown up in the SBL XBL > lists and my MS installation is tagging all of their outbound mail as spam. > Outbound virus checking is sufficient for my needs. Rulesets - if you *must* use XBL SBL in your main MS config I would also strongly advise against using SBL XBL in the main MS config as a lot of innocent dialup blocks keep on getting into it, so if you score on it they won't have any issues. Tagging/blocking based on it is just asking for trouble. -- Mr. Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ +353 59 913 7101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Jul 30 21:49:33 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:26:25 2006 Subject: Stop outgoing spam checks Message-ID: Brendan Chard wrote: > How can I prevent mail that is being sent out through my server from being > checked for spam? One of my clients has falsely shown up in the SBL XBL > lists and my MS installation is tagging all of their outbound mail as spam. > Outbound virus checking is sufficient for my needs. > > I'm running MS on FreeBSD with multiple virtual hosts. Hi, A few things: 1- Don't hijack a thread, create a new message for a new topic 2- Look for rulesets in the documentation (see footer of each message) 3- Have fun reading :) > > Thanks, > -Brendna > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Fri Jul 30 22:11:07 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:26:25 2006 Subject: Spamassassin timed out and was killed Message-ID: Hi! > I see a large number of these messages in my server's log files. My > server shows available memory and no significant swapping is going on. > Has anyone else experienced this? Do you have large rulesets ? BigEvil ? Do you have local caching DNS servers. Do you rsync RBL zones locally for fast lookups ? Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jscott at INFOCONEX.COM Fri Jul 30 22:58:44 2004 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:26:26 2006 Subject: Use Spamassassin - Not working properly Message-ID: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Jim Scott > > Sent: Friday, July 30, 2004 2:56 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Use Spamassassin - Not working properly > > > > > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott > > wrote: > > Not sure what to look at. We setup a rule in the MailScanner.conf > > file like this. > > > > /etc/MailScanner/rules/spamassassin.rules > > > > The file contains a couple of test rules. > > > > For example: > > FromOrTo: jscott@infoconex.com yes > > From: 192.168.105.5/24 yes > > From: Customers block yes > > > > If I send or receive email it gets processed by spamassassin. If > > I > > send an email from the private IP space no matter what my from > > email > > address is it gets scanned by spamassassin as it should. > > > > However my customers IP space nothing is getting processed? > > > > The only thing that is different is that I have 2 IP's bound to > > this > > machine. I have the client use the 2nd IP to relay emails via so > > I > > can monitor traffic generated. The customers has multiple > > networks > > and for each I have the whole /24 added. > > > > Any ideas what to look at? > > > > It sure looks like it should work properly. Just isnt. > > > > Jim > > > > Anyone able to help me on this one? > > > > Jim > > > > White space or tabs shouldn't matter > 192.126. or 192.168 or regular expressions should be the same > > > What does "Customers block" in you file represent? > > Here is a copy of a file that does work. > > # Start of File > # This file controls which email is scanned for spam > # and MailScanner security checks > # Addresses matching in here, with the value > # "no" will never be marked as spam or be checked by > # Mailscanner or SpamAssassin checks > # Use IP addresses whenever possible > # From this host to allow release from Quarantine > From: 127.0.0.1 no > # For somedomain.net & another.com > From: 192.22.14.19 no > # From otherdomain.com > From: 192.143.190.16 no > # Always, always end with a default rule > FromOrTo: default yes > # EOF > > > Do read the EXAMPE and README files in %rules-dir% > Additional documentation available in the MailScanner Manual available at > www.fsl.com/support > > Steve > > Stephen Swaney > President > Fortress Systems Ltd. > Steve.Swaney@FSL.com > Steve sorry I should not have put "Customers Block" in my example. I was trying to prevent putting the IP address that is the customers space. Example File: FromOrTo: jscott@infoconex.com yes # this rule works - this is my address and is working From: 192.168.105.0/24 yes # this rule works - this internal IP space I tested against From: xxx.xxx.xxx. yes # Not displaying customers IP space and instead representing to you as xxx. Actual file does contain a realy IP notation. this represents the entire class C for that space. From: xxx.xxx.xxx.xxx yes # added customer speicific IP. Still not getting scanned From: xxx.xxx.xxx.0/24 yes # Same as above but different notation FromOrTo: default no # default is to not scan unless it is listed above In the examples above in which it is setup for detecting for my customer it is not scanned for spam. What is odd is it works for jscott@infoconex.com and I can setup a test account using something else and relay via the private IP space listed above 192.168.105.0/24 and it detects and scans. However when email is relayed via customers premises it does not work. The one thing that may be of issue here is this particular customers locations use a Transparent SMTP proxy. This customer wants all there locations to have outbound SMTP transparently sent out the server of there choice instead of the customers setup SMTP server in the client. This makes it easy to support since they would not have to have people reconfigure the outbound SMTP server in some cases. So I am receiving the emails from the SMTP proxy server. Not sure if all that is relevant but I figured I would add it. I have also added a specific IP instead of a range from one of the servers we are receiving emails from. Does not work. I looked at the headers of the message received since we are using MailWatch (Thanks Steve) and it shows it was received from the IP we have added. But still no scanning for spam. Jim -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From henkler at PURDUE.EDU Sat Jul 31 00:23:45 2004 From: henkler at PURDUE.EDU (Matthew Henkler) Date: Thu Jan 12 21:26:26 2006 Subject: dccifd / greylisting problems Message-ID: I was hoping someone would be able to enlighten me as to if MailScanner with SpamAssassin and DCC are able to work with the greylisting features provided with DCC. Specifically, I have the greylisting server set up and querying correctly in DCC, but after configuring it with MailScanner, I get the following message with each incoming email: dccifd[13625]: env_From not available for greylisting >From what I can tell, MailScanner (or maybe SpamAssassin through MailScanner, I'm not quite sure) is not sending it the envelope from info from the mail. From steve.swaney at FSL.COM Sat Jul 31 01:16:35 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:26:26 2006 Subject: Use Spamassassin - Not working properly Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jim Scott > Sent: Friday, July 30, 2004 5:59 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Use Spamassassin - Not working properly > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Jim Scott > > > Sent: Friday, July 30, 2004 2:56 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Use Spamassassin - Not working properly > > > > > > > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott > > > wrote: > > > Not sure what to look at. We setup a rule in the MailScanner.conf > > > file like this. > > > > > > /etc/MailScanner/rules/spamassassin.rules > > > > > > The file contains a couple of test rules. > > > > > > For example: > > > FromOrTo: jscott@infoconex.com yes > > > From: 192.168.105.5/24 yes > > > From: Customers block yes > > > > > > If I send or receive email it gets processed by spamassassin. If > > > I > > > send an email from the private IP space no matter what my from > > > email > > > address is it gets scanned by spamassassin as it should. > > > > > > However my customers IP space nothing is getting processed? > > > > > > The only thing that is different is that I have 2 IP's bound to > > > this > > > machine. I have the client use the 2nd IP to relay emails via so > > > I > > > can monitor traffic generated. The customers has multiple > > > networks > > > and for each I have the whole /24 added. > > > > > > Any ideas what to look at? > > > > > > It sure looks like it should work properly. Just isnt. > > > > > > Jim > > > > > > Anyone able to help me on this one? > > > > > > Jim > > > > > > > White space or tabs shouldn't matter > > 192.126. or 192.168 or regular expressions should be the same > > > > > > What does "Customers block" in you file represent? > > > > Here is a copy of a file that does work. > > > > # Start of File > > # This file controls which email is scanned for spam > > # and MailScanner security checks > > # Addresses matching in here, with the value > > # "no" will never be marked as spam or be checked by > > # Mailscanner or SpamAssassin checks > > # Use IP addresses whenever possible > > # From this host to allow release from Quarantine > > From: 127.0.0.1 no > > # For somedomain.net & another.com > > From: 192.22.14.19 no > > # From otherdomain.com > > From: 192.143.190.16 no > > # Always, always end with a default rule > > FromOrTo: default yes > > # EOF > > > > > > Do read the EXAMPE and README files in %rules-dir% > > Additional documentation available in the MailScanner Manual available > at > > www.fsl.com/support > > > > Steve > > > > Stephen Swaney > > President > > Fortress Systems Ltd. > > Steve.Swaney@FSL.com > > > Steve sorry I should not have put "Customers Block" in my example. I was > trying to prevent putting the IP address that is the customers space. > > > Example File: > > FromOrTo: jscott@infoconex.com yes # this rule works - this is my > address and is working > From: 192.168.105.0/24 yes # this rule works - this > internal IP space I tested against > From: xxx.xxx.xxx. yes # Not displaying > customers IP space and instead representing to you as xxx. Actual file > does > contain a realy IP notation. this represents the entire class C for that > space. > From: xxx.xxx.xxx.xxx yes # added customer > speicific IP. Still not getting scanned > From: xxx.xxx.xxx.0/24 yes # Same as above but > different notation > FromOrTo: default no # default is to not > scan unless it is listed above > > In the examples above in which it is setup for detecting for my customer > it > is not scanned for spam. What is odd is it works for jscott@infoconex.com > and I can setup a test account using something else and relay via the > private IP space listed above 192.168.105.0/24 and it detects and scans. > However when email is relayed via customers premises it does not work. The > one thing that may be of issue here is this particular customers locations > use a Transparent SMTP proxy. This customer wants all there locations to > have outbound SMTP transparently sent out the server of there choice > instead > of the customers setup SMTP server in the client. This makes it easy to > support since they would not have to have people reconfigure the outbound > SMTP server in some cases. So I am receiving the emails from the SMTP > proxy > server. Not sure if all that is relevant but I figured I would add it. > this is probably the problem since the mail sin not really from the relay server who is just passing it on transparently. Can you determine a range of Addresses that the clients use? Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > I have also added a specific IP instead of a range from one of the servers > we are receiving emails from. Does not work. I looked at the headers of > the > message received since we are using MailWatch (Thanks Steve) and it shows > it > was received from the IP we have added. But still no scanning for spam. > > > > Jim > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jscott at INFOCONEX.COM Sat Jul 31 01:22:53 2004 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:26:26 2006 Subject: Use Spamassassin - Not working properly Message-ID: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Jim Scott > > Sent: Friday, July 30, 2004 5:59 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Use Spamassassin - Not working properly > > > > > > -----Original Message----- > > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > > Behalf Of Jim Scott > > > > Sent: Friday, July 30, 2004 2:56 PM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Re: Use Spamassassin - Not working properly > > > > > > > > > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott > > > > wrote: > > > > Not sure what to look at. We setup a rule in the MailScanner.conf > > > > file like this. > > > > > > > > /etc/MailScanner/rules/spamassassin.rules > > > > > > > > The file contains a couple of test rules. > > > > > > > > For example: > > > > FromOrTo: jscott@infoconex.com yes > > > > From: 192.168.105.5/24 yes > > > > From: Customers block yes > > > > > > > > If I send or receive email it gets processed by spamassassin. If > > > > I > > > > send an email from the private IP space no matter what my from > > > > email > > > > address is it gets scanned by spamassassin as it should. > > > > > > > > However my customers IP space nothing is getting processed? > > > > > > > > The only thing that is different is that I have 2 IP's bound to > > > > this > > > > machine. I have the client use the 2nd IP to relay emails via so > > > > I > > > > can monitor traffic generated. The customers has multiple > > > > networks > > > > and for each I have the whole /24 added. > > > > > > > > Any ideas what to look at? > > > > > > > > It sure looks like it should work properly. Just isnt. > > > > > > > > Jim > > > > > > > > Anyone able to help me on this one? > > > > > > > > Jim > > > > > > > > > > White space or tabs shouldn't matter > > > 192.126. or 192.168 or regular expressions should be the same > > > > > > > > > What does "Customers block" in you file represent? > > > > > > Here is a copy of a file that does work. > > > > > > # Start of File > > > # This file controls which email is scanned for spam > > > # and MailScanner security checks > > > # Addresses matching in here, with the value > > > # "no" will never be marked as spam or be checked by > > > # Mailscanner or SpamAssassin checks > > > # Use IP addresses whenever possible > > > # From this host to allow release from Quarantine > > > From: 127.0.0.1 no > > > # For somedomain.net & another.com > > > From: 192.22.14.19 no > > > # From otherdomain.com > > > From: 192.143.190.16 no > > > # Always, always end with a default rule > > > FromOrTo: default yes > > > # EOF > > > > > > > > > Do read the EXAMPE and README files in %rules-dir% > > > Additional documentation available in the MailScanner Manual available > > at > > > www.fsl.com/support > > > > > > Steve > > > > > > Stephen Swaney > > > President > > > Fortress Systems Ltd. > > > Steve.Swaney@FSL.com > > > > > Steve sorry I should not have put "Customers Block" in my example. I was > > trying to prevent putting the IP address that is the customers space. > > > > > > Example File: > > > > FromOrTo: jscott@infoconex.com yes # this rule works - this is my > > address and is working > > From: 192.168.105.0/24 yes # this rule works - this > > internal IP space I tested against > > From: xxx.xxx.xxx. yes # Not displaying > > customers IP space and instead representing to you as xxx. Actual file > > does > > contain a realy IP notation. this represents the entire class C for that > > space. > > From: xxx.xxx.xxx.xxx yes # added customer > > speicific IP. Still not getting scanned > > From: xxx.xxx.xxx.0/24 yes # Same as above but > > different notation > > FromOrTo: default no # default is to not > > scan unless it is listed above > > > > In the examples above in which it is setup for detecting for my customer > > it > > is not scanned for spam. What is odd is it works for jscott@infoconex.com > > and I can setup a test account using something else and relay via the > > private IP space listed above 192.168.105.0/24 and it detects and scans. > > However when email is relayed via customers premises it does not work. The > > one thing that may be of issue here is this particular customers locations > > use a Transparent SMTP proxy. This customer wants all there locations to > > have outbound SMTP transparently sent out the server of there choice > > instead > > of the customers setup SMTP server in the client. This makes it easy to > > support since they would not have to have people reconfigure the outbound > > SMTP server in some cases. So I am receiving the emails from the SMTP > > proxy > > server. Not sure if all that is relevant but I figured I would add it. > > > > this is probably the problem since the mail sin not really from the relay > server who is just passing it on transparently. Can you determine a range of > Addresses that the clients use? > > > Stephen Swaney > President > Fortress Systems Ltd. > Steve.Swaney@FSL.com Yes we have the entire range that the client can come from. Even though the machine always talking to us is the proxy server we have the entire range added. Also as I mentioned before the header does show the relay server as the proxy servers IP. Perhaps I could send you offline an example of what I am seeing? Jim > > > > I have also added a specific IP instead of a range from one of the servers > > we are receiving emails from. Does not work. I looked at the headers of > > the > > message received since we are using MailWatch (Thanks Steve) and it shows > > it > > was received from the IP we have added. But still no scanning for spam. > > > > > > > > Jim > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From richard.bourque at MELLOUL.COM Sat Jul 31 02:27:54 2004 From: richard.bourque at MELLOUL.COM (Richard Bourque) Date: Thu Jan 12 21:26:26 2006 Subject: MTA preferences for use with MailScanner Message-ID: On Fri, 30 Jul 2004 03:33:12 +0100, Julian Field wrote: >At 15:45 29/07/2004, you wrote: >>Allow me to paste fro the Postfix archives: >>------------ >>MailScanner does its work by grabbing files out of the queue, runs its >>processing, and drops the resulting file back into another postfix >>queue. This is not a documented method to perform content filtering in >>postfix. > >It's not documented in Exim either. But the guys who wrote Exim run >MailScanner. The sendmail guys just did the honourable thing and documented >the whole process, they have nothing to hide. > >>The problem is that there is no reliable way for a non-postfix program to >>determine when it's safe to grab the queue file. So it's never safe for an >>external program to grab a queue file when postfix is running. > >So Postfix does a secret-squirrel handshake or something? It's code, it's >deterministic. > >>So MailScanner will randomly grab an incomplete file, > >Simply not true. > >> resulting in loss of >>a random portion of that message, > >Also not true. > >> with no warning and no indication that >>part of the message was lost. > >Also not true. > >> Apparently it *usually* works, but you can't >>tell when it doesn't. Software that by design *usually* works is not >>acceptable. > >Except when *usually* = 100%. > >>Therefore, MailScanner is unreliable with postfix. This does not offer an >>opinion about MailScanner with other MTAs, only postfix. > >I'm sorry, I thought "outside the box". Please accept my apologies for not >using your (relatively slow) "approved" way of doing things, and coming up >with a novel idea you didn't think of. > >>If you want to use MailScanner, don't use postfix. > >There are plenty of faster MTA's out there, such as Exim or ZMailer, so I >would personally agree with this statement. But not for the same reasons >they are saying it. > >> If you want to use >>postfix, choose a different content filtering method, there are several >>documented filtering methods and many reliable third-party products to >>chose from that work properly with postfix. >>------------ >> >>However, it works for me, so what can I say. > >Precisely. > >As you may have gathered, there is no love lost between me and Wietse. But >then again, from what I have heard from some of his previous colleagues, >I'm not the only person in that situation :-) >-- >Julian Field After reading some of Weitz's comments about MailScanner 6-7 months ago I dumped a perfectly working Postfix/MailScanner installation and switched to Exim/MailScanner, even though it has been running for almost a year without a single problem. I made the change on principle. I feel safer using Exim because I get the impression Philip Hazel would assist Julian (and vice versa) if there ever were any problems, but I feel Weitz doesn't want any 3rd party apps to work with Postfix at all and would hinder development as a whole for the MTA community. Just my two cents worth. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronzani at GMAIL.COM Sat Jul 31 15:57:31 2004 From: ronzani at GMAIL.COM (Ricardo Hoffmann) Date: Thu Jan 12 21:26:26 2006 Subject: Archive by filename or filetype Message-ID: Hello, I would like to know if its possible to archive mail using "Archive Mail" directive based on filename or filetype. I only want to archive mail with jpg attachments. The mail will be delivered and I get a copy of it. Let me know How. Thanks in advance. Ricardo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Sat Jul 31 18:49:45 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:26:26 2006 Subject: Stop outgoing spam checks Message-ID: I would suggest using mandatory SMTP AUTH everywhere. I do that with my customers, and no complaints - plus smtp-sending viruses can't use the server to send stuff out, specially if you use iptables to redirect port 25 traffic to your local server. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mariano Absatz Sent: Friday, July 30, 2004 3:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Stop outgoing spam checks On Fri, 30 Jul 2004 16:40:51 -0400, Brendan Chard wrote: > How can I prevent mail that is being sent out through my server from being > checked for spam? One of my clients has falsely shown up in the SBL XBL > lists and my MS installation is tagging all of their outbound mail as spam. > Outbound virus checking is sufficient for my needs. > > I'm running MS on FreeBSD with multiple virtual hosts. > Well the clasical answer is 'use a ruleset to identify the networks from where your customers send mail'. Since I can't do this, 'cause I don't know where my users are, I use 2 different instances of the MTA listening on different IPs (even if in the same network interface)... one of them only for incoming mails (the IP you put in your customers' MX records) and the other for my customers to send mail (I usually call this IP smtp.mycustomerdomain.com)... what's more, in this later instance, I make SMTP AUTH mandatory. HTH -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Sat Jul 31 18:57:59 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:26:26 2006 Subject: Stop outgoing spam checks Message-ID: That's why I don't do it everywhere. People who want to send e-mail out at my clients' networks either have to ask specifically for permission or use a VPN. -----Original Message----- From: Curtis Maurand [mailto:cmaurand@xyonet.com] Sent: Monday, March 10, 2003 5:38 PM To: alex@nkpanama.com Subject: Re: Stop outgoing spam checks However, that breaks smtp for people that might be on your system doing smtp auth somewhere else. Curtis Alex Neuman wrote: >I would suggest using mandatory SMTP AUTH everywhere. I do that with my >customers, and no complaints - plus smtp-sending viruses can't use the >server to send stuff out, specially if you use iptables to redirect port 25 >traffic to your local server. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Mariano Absatz >Sent: Friday, July 30, 2004 3:48 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Stop outgoing spam checks > >On Fri, 30 Jul 2004 16:40:51 -0400, Brendan Chard >wrote: > > >>How can I prevent mail that is being sent out through my server from being >>checked for spam? One of my clients has falsely shown up in the SBL XBL >>lists and my MS installation is tagging all of their outbound mail as >> >> >spam. > > >>Outbound virus checking is sufficient for my needs. >> >>I'm running MS on FreeBSD with multiple virtual hosts. >> >> >> >Well the clasical answer is 'use a ruleset to identify the networks >from where your customers send mail'. > >Since I can't do this, 'cause I don't know where my users are, I use 2 >different instances of the MTA listening on different IPs (even if in >the same network interface)... one of them only for incoming mails >(the IP you put in your customers' MX records) and the other for my >customers to send mail (I usually call this IP >smtp.mycustomerdomain.com)... what's more, in this later instance, I >make SMTP AUTH mandatory. > >HTH > >-- >Mariano Absatz - El Baby >el (dot) baby (AT) gmail (dot) com >el (punto) baby (ARROBA:@) gmail (punto) com > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Sat Jul 31 19:22:09 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:26:26 2006 Subject: Archive by filename or filetype Message-ID: Maybe if you set up an MCP rule that includes the MIME header for JPGs. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ricardo Hoffmann Sent: Saturday, July 31, 2004 9:58 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Archive by filename or filetype Hello, I would like to know if its possible to archive mail using "Archive Mail" directive based on filename or filetype. I only want to archive mail with jpg attachments. The mail will be delivered and I get a copy of it. Let me know How. Thanks in advance. Ricardo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html