From prandal at HEREFORDSHIRE.GOV.UK Tue Jun 1 11:24:28 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:35 2006 Subject: Bounce/Forward, Forward/Delete. Message-ID: <801403078973F243A6A74322E134AF500F1C57@mail.herefordshire.gov.uk> Why? Why? Why? The last thing anyone should be doing is sending messages to spam senders. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Carles > Xavier Munyoz Bald? > Sent: 01 June 2004 11:05 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Bounce/Forward, Forward/Delete. > > Hi, > I have an authenticated STMP relay server that is used by my > users for send email to the Internet. I have a MailScanner > setup running on it. > > I would like to send rejection message back to the sender of > all spam detected messages and forward a copy of the spam > message to my email account spam_detected@mydomain.com. > > Is it possible to specy this two actions (bounce and forward) > in my spam actions ruleset file ? > How ? > > And is it possilbe to customice the bounce rejection message ? > > Is it possible too to make a forward and a delete spam action ? > How ? > (I would like to get a copy of the spam message, but don't > sent it to the final recipients) > > Greetings. > --- > Carles Xavier Munyoz Bald? > carles@unlimitedmail.org > http://www.unlimitedmail.net/ > --- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From j.mollier at ACTINUX.COM Tue Jun 1 11:24:25 2004 From: j.mollier at ACTINUX.COM (=?ISO-8859-1?Q?J=E9r=F4me_MOLLIER-PIERRET?=) Date: Thu Jan 12 21:25:35 2006 Subject: Bad RFC822 field name '' Message-ID: <40BC5959.9000306@actinux.com> Hi all, We use Malscanner with qmail, and experienced this morning some issue with stranges mail that are non RFC822 compliant. It seem that the mail package Mail::Internet has problem when Mailscanner trying to process this mail from his queue. In debug mode the error is : Bad RFC822 field name '' at /usr/lib/perl5/site_perl/5.8.0/Mail/Internet.pm line 130 The same behavior occured on two different systems with differents libraries. The only way to solve this issue we founded for now is to remove the "stranges mail" from the Mailscanner queue and relaunch the service. This is not fully solved, and we'll keep you informed of the status. Any feedback will be appreciated. Regards, Jerome -- _________________________________________________________________ | | | Jerome MOLLIER-PIERRET, Tomao groupe KPF | | | | Division Actinux, Integrateur Opensource | | | | Tel : +333 20 91 15 17 | | Fax : +333 20 05 30 09 | | | | mailto: j.mollier@actinux.com | | | |------------------------------------------------------------------ | .--. | | |o_o | ______ | | ||_/ | /_ __/___ ____ ___ ____ ____ | | // \ \ / / / __ \/ __ `__ \/ __ `/ __ \ | | (| | ) / / / /_/ / / / / / / /_/ / /_/ / | |/'\_ . _/`\ /_/ \____/_/ /_/ /_/\__,_/\____/ Groupe Kpf | |\___)=(___/ | | 65, rue de la Cimaise | | 59650 Villeneuve d'Ascq | | Tel : +333 20 91 15 17 | | http://www.tomao.fr | | http://www.actinux.com | |_________________________________________________________________| -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From basement_mobile2004 at YAHOO.COM Tue Jun 1 00:10:24 2004 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:25:36 2006 Subject: Per user quarantine In-Reply-To: <20CEA27AF49D7F4691F02E7ADC5D4ECD01171C2B@tormail2.algorithmics.com> Message-ID: <20040531231024.60025.qmail@web60006.mail.yahoo.com> That's what I'm talking about :) Using rules.. OK, but having 10K+ users and doing that isn't very pretty, even with automated tools. --- Derek Winkler wrote: > Use the force. > > And when I say force I mean rules. > > Be a pain to maintain though. > -- Herr Schwarzkopf __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Tue Jun 1 03:32:18 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:25:36 2006 Subject: Sendmail not verifying User In-Reply-To: Message-ID: <200406010230.i512UrN2026059@avwall2.bladeware.com> A simple solution is to use milter-sender. It has a call-ahead feature that will verify the final recipient before accepting the message. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of MailScanner Mailbox > Sent: Monday, May 31, 2004 5:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Sendmail not verifying User > > Hello All > > We are running: > > Solaris 9 > Sendmail 8.12.11 > MailScanner 4.29.7 > SpamAssassin I forget > > > It seems as though when sendmail is in queueonly mode it does > not check to see if the recipient is a valid user. It appears > to read the virtusertable file as well as the access database > and will act on those but not the password file. > > > We accept mail from the outside world on two different > machines and forward them off all shiney and sparkly to a 3rd > machine for pickup by our members using the mailertable > feature on the queue runner. > > We do not get a user unknown error until the queue runner > tries to deliver to the internal machine. If the machine is > not in queueonly mode then unknown recipients are rejected > immediatley. > > This is not a new problem, it has been happening since the > get go, I just have a lil spare time to try and get this solved. > > Any thoughts or ideas would be most appreciated. > > Thx > > Rick Noble > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From listas at VIRUSATTACK.COM.AR Tue Jun 1 04:22:30 2004 From: listas at VIRUSATTACK.COM.AR (Ignacio M. Sbampato) Date: Thu Jan 12 21:25:36 2006 Subject: Fresh installation problems - Postfix References: <9BDD6D4AD0795C46974D7D46C17883B80AEC8603@ahm_exchange2.americanhm.com> <003601c44299$b4da2040$050010ac@Valinor> <009601c4433a$77e4e430$050010ac@Valinor> <40B4D18E.8000901@themarshalls.co.uk> Message-ID: <008501c44787$ad1ad370$050010ac@Valinor> Thanks, Drew. Currently, we are running Kaspersky Anti Spam (KAS). I deactivated it, replacing master.cf with an old one, but i need to know if i have to make some changes to that file to get MailScanner running. Can i re-apply the changes made during installation? Running install.sh again didn't do it. Thanks a lot for your help! ----- Original Message ----- From: "Drew Marshall" To: Sent: Wednesday, May 26, 2004 2:19 PM Subject: Re: Fresh installation problems - Postfix > Ignacio M. Sbampato wrote: > > >Julian, guys, > > > >can you give me some clue about this issue? I tried different things but i > >can't get it working :-\ > >I was already using MailScanner in a box with Sendmail, but this is the > >first time with Postfix. > > > > > > > What is in your master.cf file? It looks like you have the remnants (Or > beginnings) of another filter setting. > > Drew > > >Thanks, > > > >Ignacio > > > >----- Original Message ----- > >From: "Ignacio M. Sbampato" > >To: > >Sent: Tuesday, May 25, 2004 5:48 PM > >Subject: Fresh installation problems - Postfix > > > > > > > > > >>Guys, > >> > >>i recently installed a box with MailScanner 4.30.3-2 and Postfix 2.0.19. > >>Since i started the system, all messages are being queued, because of the > >>following reason: > >> > >>----- STATUS ----- > >>connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending > >>the initial greeting > >>----- STATUS ----- > >> > >>The messages seems to be scanned by MailScanner because i can see > >>MailScanner messages in /var/log/maillog. > >> > >>For install the box, i did the following steps: > >> > >>* Enable chroot jail, running '/etc/postfix/postfix-chroot enable'. > >>* Enable header_checks in '/etc/postfix/main.cf' > >>* Create file header_checks on postfix folder and added the line to hold > >>messages. > >>* Modify params for postfix in MailScanner.conf > >>* Change owner to postfix on quarantine and incoming folders of > >> > >> > >MailScanner > > > > > >>* Modify /etc/sysconfig/MailScanner to use postfix > >> > >>All this instructions were taken from: > >> > >>http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml > >> > >>On some place i found that this error is common if you use amavis, because > >>it can be blocking the IP used by Postfix to send mails. Does MailScanner > >>the same thing? How can i solve this problem? > >> > >>Thanks a lot for your help. > >> > >>Best regards, > >> > >>Ignacio > >> > >>-------------------------- MailScanner list ---------------------- > >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >>Before posting, please see the Most Asked Questions at > >>http://www.mailscanner.biz/maq/ and the archives at > >>http://www.jiscmail.ac.uk/lists/mailscanner.html > >> > >> > >> > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > __________ Informaci?n de NOD32 1.775 (20040526) __________ > > Este mensaje ha sido analizado con NOD32 Antivirus System > http://www.nod32.com > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From thazk at HOTPOP.COM Tue Jun 1 07:39:37 2004 From: thazk at HOTPOP.COM (Damien Roy) Date: Thu Jan 12 21:25:36 2006 Subject: MAILSCANNER Digest - 27 May 2004 (#2004-157) References: <20040527220612.6110BE8088@mx1.hotpop.com> Message-ID: <00eb01c447a3$35a91010$6502000a@dragon> System Redhat 9.0, Perl V5.8.0 installed. wget installed, unzip installed.. Please Help. Damien Error Message: ------------------------------ Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate Archive/Zip.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 46. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 46. Compilation failed in require at /usr/sbin/MailScanner line 52. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52. [ OK ] -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Tue Jun 1 08:06:49 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:36 2006 Subject: MAILSCANNER Digest - 27 May 2004 (#2004-157) In-Reply-To: <00eb01c447a3$35a91010$6502000a@dragon> References: <20040527220612.6110BE8088@mx1.hotpop.com> <00eb01c447a3$35a91010$6502000a@dragon> Message-ID: <1086073609.13628.47.camel@bach.kevinspicer.co.uk> On Tue, 2004-06-01 at 07:39, Damien Roy wrote: > Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: > [ OK ] MailScanner: Can't locate Archive/Zip.pm in @INC (@INC contains: You need to install the Archive::Zip module. I'm suprised you missed this when searching the archives its been asked plenty of times before... BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From seppo_ at HOTMAIL.COM Tue Jun 1 08:11:09 2004 From: seppo_ at HOTMAIL.COM (Seppo Suomalainen) Date: Thu Jan 12 21:25:36 2006 Subject: Converting tnef attachments using mailscanner Message-ID: Hi! I'm using MailScanner with sendmail and my domain gets a lot of mail from m$-software (the winmail.dat's). I need to convert them (winmail.dat) to standard attacments. Because MailScanner already uses tnef to decode winmail.dat's, my question is that is it possible to configure MailScanner to replace the m$-attachments with the standard ones? If not, then could it be done - prehaps in the next version? Or do any of you know how this could be done? Thanks in advance! - Seppo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mean_man_nz at HOTMAIL.COM Tue Jun 1 11:06:23 2004 From: mean_man_nz at HOTMAIL.COM (Mean Man) Date: Thu Jan 12 21:25:36 2006 Subject: MAILSCANNER Digest - 27 May 2004 (#2004-157) References: <20040527220612.6110BE8088@mx1.hotpop.com> <00eb01c447a3$35a91010$6502000a@dragon> Message-ID: remember RH9 has known issues with Perl and the en_us have a quick search and make you change it then you'll be able to install archive::zip from cpan Paul ----- Original Message ----- From: "Damien Roy" To: Sent: Tuesday, June 01, 2004 4:39 PM Subject: Re: MAILSCANNER Digest - 27 May 2004 (#2004-157) > System Redhat 9.0, Perl V5.8.0 installed. wget installed, unzip installed.. > Please Help. > > Damien > > Error Message: > ------------------------------ > Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: > [ OK ] MailScanner: Can't locate Archive/Zip.pm in @INC (@INC contains: > /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line > 46. BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Message.pm line 46. Compilation failed in > require at /usr/sbin/MailScanner line 52. BEGIN failed--compilation aborted > at /usr/sbin/MailScanner line 52. [ OK ] > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From carles at UNLIMITEDMAIL.ORG Tue Jun 1 11:04:54 2004 From: carles at UNLIMITEDMAIL.ORG (Carles Xavier Munyoz =?iso-8859-15?q?Bald=F3?=) Date: Thu Jan 12 21:25:36 2006 Subject: Bounce/Forward, Forward/Delete. Message-ID: <200406011204.54233.carles@unlimitedmail.org> Hi, I have an authenticated STMP relay server that is used by my users for send email to the Internet. I have a MailScanner setup running on it. I would like to send rejection message back to the sender of all spam detected messages and forward a copy of the spam message to my email account spam_detected@mydomain.com. Is it possible to specy this two actions (bounce and forward) in my spam actions ruleset file ? How ? And is it possilbe to customice the bounce rejection message ? Is it possible too to make a forward and a delete spam action ? How ? (I would like to get a copy of the spam message, but don't sent it to the final recipients) Greetings. --- Carles Xavier Munyoz Bald? carles@unlimitedmail.org http://www.unlimitedmail.net/ --- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From HahnR at SHB.IE Tue Jun 1 11:34:38 2004 From: HahnR at SHB.IE (Ron Hahn (Senior Analyst)) Date: Thu Jan 12 21:25:36 2006 Subject: Bounce/Forward, Forward/Delete. Message-ID: <0D605D5E51FBD411A2D800508BAFEDD404E3C910@ZEUS> Why bring this upon yourself? My experience has been that: a) The return path is usually invalid, so you get a bounce to your bounced message, wasting more resources. b) The domain doesn't exist, so again you get more processing overload. c) The mailserver on the far end usually times out repeatedly, causing your mail server to try try try again again again.. In summary, I don't think this is what you really want. ..and trying to "get even" with the spammer is also a losing battle because you will end up being the real loser.. lost resources, lost time, etc.. Here, all high scoring spam goes directly to /dev/null. Low scoring spam gets clearly marked as such in the subject and most email clients deal with that just fine; Without consuming excessive resources. Ron -----Original Message----- From: Carles Xavier Munyoz Bald? [mailto:carles@UNLIMITEDMAIL.ORG] Sent: 01 June 2004 11:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Bounce/Forward, Forward/Delete. Hi, I have an authenticated STMP relay server that is used by my users for send email to the Internet. I have a MailScanner setup running on it. I would like to send rejection message back to the sender of all spam detected messages and forward a copy of the spam message to my email account spam_detected@mydomain.com. Is it possible to specy this two actions (bounce and forward) in my spam actions ruleset file ? How ? And is it possilbe to customice the bounce rejection message ? Is it possible too to make a forward and a delete spam action ? How ? (I would like to get a copy of the spam message, but don't sent it to the final recipients) Greetings. --- Carles Xavier Munyoz Bald? carles@unlimitedmail.org http://www.unlimitedmail.net/ --- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses , using the latest available virus signatures . ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mean_man_nz at HOTMAIL.COM Tue Jun 1 11:48:20 2004 From: mean_man_nz at HOTMAIL.COM (Mean Man) Date: Thu Jan 12 21:25:36 2006 Subject: Bounce/Forward, Forward/Delete. References: <801403078973F243A6A74322E134AF500F1C57@mail.herefordshire.gov.uk> Message-ID: I agree, its a waste of time bouncing spam after all half the spam I get is from people bouncing messages back to me that I never sent ! But what you are asking is easy to do, edit the conf file and read the spam actions Paul ----- Original Message ----- From: "Randal, Phil" To: Sent: Tuesday, June 01, 2004 8:24 PM Subject: Re: Bounce/Forward, Forward/Delete. Why? Why? Why? The last thing anyone should be doing is sending messages to spam senders. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Carles > Xavier Munyoz Bald? > Sent: 01 June 2004 11:05 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Bounce/Forward, Forward/Delete. > > Hi, > I have an authenticated STMP relay server that is used by my > users for send email to the Internet. I have a MailScanner > setup running on it. > > I would like to send rejection message back to the sender of > all spam detected messages and forward a copy of the spam > message to my email account spam_detected@mydomain.com. > > Is it possible to specy this two actions (bounce and forward) > in my spam actions ruleset file ? > How ? > > And is it possilbe to customice the bounce rejection message ? > > Is it possible too to make a forward and a delete spam action ? > How ? > (I would like to get a copy of the spam message, but don't > sent it to the final recipients) > > Greetings. > --- > Carles Xavier Munyoz Bald? > carles@unlimitedmail.org > http://www.unlimitedmail.net/ > --- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Tue Jun 1 13:12:33 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:36 2006 Subject: Sendmail not verifying User In-Reply-To: Message-ID: <20040601121234.205BD21C13E@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of MailScanner Mailbox > Sent: Monday, May 31, 2004 6:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Sendmail not verifying User > > Hello All > > We are running: > > Solaris 9 > Sendmail 8.12.11 > MailScanner 4.29.7 > SpamAssassin I forget > > > It seems as though when sendmail is in queueonly mode it does not check to > see if the recipient is a valid user. It appears to read the virtusertable > file as well as the access database and will act on those but not the > password file. > > > We accept mail from the outside world on two different machines and > forward them off all shiney and sparkly to a 3rd machine for pickup by our > members using the mailertable feature on the queue runner. > > We do not get a user unknown error until the queue runner tries to deliver > to the internal machine. If the machine is not in queueonly mode then > unknown recipients are rejected immediatley. > > This is not a new problem, it has been happening since the get go, I just > have a lil spare time to try and get this solved. > > Any thoughts or ideas would be most appreciated. > This has been discussed at length recently and it's not that difficult to implement. If your using sendmail please read the techniques used at: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html We've used these techniques very successfully with Exchange, Domino and POP/IMAP backend mail hubs. The trick is simply: 1. Build a list on the gateway of valid email addresses in the form: user@somedomain.com user@mailhub.somedomain.com This can done using LDAP queries, scripts, or even manually. We usually build this list automatically using a cronjob. 2. Configure sendmail to use the list as outlined at the link above. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > Thx > > Rick Noble > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From j.mollier at ACTINUX.COM Tue Jun 1 13:24:56 2004 From: j.mollier at ACTINUX.COM (=?ISO-8859-1?Q?J=E9r=F4me_MOLLIER-PIERRET?=) Date: Thu Jan 12 21:25:36 2006 Subject: Bad RFC822 field name '' In-Reply-To: <40BC5959.9000306@actinux.com> References: <40BC5959.9000306@actinux.com> Message-ID: <40BC7598.7070709@actinux.com> Re, We found the origin : The header contain a "-:" field ... and it break whole Mailscanner process due to a "bug ?" in Internet.pm or in the way Mailscanner call it ... If someone could test it, it would be great. Jerome J?r?me MOLLIER-PIERRET wrote: > Hi all, > > We use Malscanner with qmail, and experienced this morning some issue > with stranges mail that are non RFC822 compliant. > > It seem that the mail package Mail::Internet has problem when > Mailscanner trying to process this mail from his queue. > > In debug mode the error is : > Bad RFC822 field name '' > at /usr/lib/perl5/site_perl/5.8.0/Mail/Internet.pm line 130 > > The same behavior occured on two different systems with differents > libraries. > > The only way to solve this issue we founded for now is to remove the > "stranges mail" from the Mailscanner queue and relaunch the service. > This is not fully solved, and we'll keep you informed of the status. > > Any feedback will be appreciated. > > Regards, > > Jerome > -- > _________________________________________________________________ > | | > | Jerome MOLLIER-PIERRET, Tomao groupe KPF | > | | > | Division Actinux, Integrateur Opensource | > | | > | Tel : +333 20 91 15 17 | > | Fax : +333 20 05 30 09 | > | | > | mailto: j.mollier@actinux.com | > | | > |------------------------------------------------------------------ > | .--. | > | |o_o | ______ | > | ||_/ | /_ __/___ ____ ___ ____ ____ | > | // \ \ / / / __ \/ __ `__ \/ __ `/ __ \ | > | (| | ) / / / /_/ / / / / / / /_/ / /_/ / | > |/'\_ . _/`\ /_/ \____/_/ /_/ /_/\__,_/\____/ Groupe Kpf | > |\___)=(___/ | > | 65, rue de la Cimaise | > | 59650 Villeneuve d'Ascq | > | Tel : +333 20 91 15 17 | > | http://www.tomao.fr | > | http://www.actinux.com | > |_________________________________________________________________| > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -- _________________________________________________________________ | | | Jerome MOLLIER-PIERRET, Tomao groupe KPF | | | | Division Actinux, Integrateur Opensource | | | | Tel : +333 20 91 15 17 | | Fax : +333 20 05 30 09 | | | | mailto: j.mollier@actinux.com | | | |------------------------------------------------------------------ | .--. | | |o_o | ______ | | ||_/ | /_ __/___ ____ ___ ____ ____ | | // \ \ / / / __ \/ __ `__ \/ __ `/ __ \ | | (| | ) / / / /_/ / / / / / / /_/ / /_/ / | |/'\_ . _/`\ /_/ \____/_/ /_/ /_/\__,_/\____/ Groupe Kpf | |\___)=(___/ | | 65, rue de la Cimaise | | 59650 Villeneuve d'Ascq | | Tel : +333 20 91 15 17 | | http://www.tomao.fr | | http://www.actinux.com | |_________________________________________________________________| -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Tue Jun 1 13:24:14 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:36 2006 Subject: Bad RFC822 field name '' Message-ID: <5C0296D26910694BB9A9BBFC577E7AB00237078E@pascal.priv.bmrb.co.uk> J?r?me MOLLIER-PIERRET wrote: > Re, > > We found the origin : > The header contain a "-:" field ... and it break whole Mailscanner > process due to a "bug ?" in Internet.pm or in the way Mailscanner call > it ... > > If someone could test it, it would be great. Might be easier for someone to test it if you actually showed us what the headers look like in full. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From j.mollier at ACTINUX.COM Tue Jun 1 13:35:49 2004 From: j.mollier at ACTINUX.COM (=?ISO-8859-1?Q?J=E9r=F4me_MOLLIER-PIERRET?=) Date: Thu Jan 12 21:25:36 2006 Subject: Bad RFC822 field name '' In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00237078E@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00237078E@pascal.priv.bmrb.co.uk> Message-ID: <40BC7825.1030007@actinux.com> > Might be easier for someone to test it if you actually showed us what the headers look like in full. You are right below the whole mail : Received: (qmail 16469 invoked from network); 30 May 2004 18:11:44 -0000 Received: from 200-163-143-122.paemt201.dial.brasiltelecom.net.br (200.163.143.122) by 0 with SMTP; 30 May 2004 18:11:44 -0000 Received: from 10.244.49.241 by 200.163.143.122 Sun, 30 May 2004 23:05:44 +0400 Message-ID: From: " Hunt" Reply-To: " Hunt" To: john-akhavan@itsfabry.com Subject: hi Date: Mon, 31 May 2004 01:02:44 +0600 X-Mailer: -: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--5476815730463908260" [ Priority: Normal ] ----5476815730463908260 Content-Type: text/html; Content-Encoding: NUM


Hey, my name is Jennie and I'm new to this online dating thing. I've checked out your profile you put up and it's interesting. : I just want to get to know you a little better if you don't mind, come check my profile out at:

www.LOLJEN.com/jen.html

I also got a videocam so we can make it interesting, anyways I hope you get back to me soon!

bye =

okbjeoieftbjdpbzweiv
toabekklmamdrehheadfxas
aamrwosjmmoyswwdwewpqnwgjogfr
phcfvmevpnsclcraqsucoarooxvex
ehovtwtndacvvmwqnlpccxcfwfljp
udfcrbfokbtdinksmqonlco
konispliyxfmbolqnkwxaqtbvolyn
mxrtbvgooflhizqbtlwgsosnrxs
msrabcbvxgmytojcedwwnoowbs
krxyrnhekhucstbzavtgdn
wzyehseazxnsridhtixvjpsop
opbjxbousukteedawaeojrdagzwygj
qonbhsxgcwvjbgsybbajtg
yorrglyzgwmvosemkpquttb
mgroajixcgvpbmkoznikpugrb
2 ----5476815730463908260-- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clive at SERENDIPITA.COM Tue Jun 1 13:30:41 2004 From: clive at SERENDIPITA.COM (Clive Eisen) Date: Thu Jan 12 21:25:36 2006 Subject: Bad RFC822 field name '' In-Reply-To: <40BC5959.9000306@actinux.com> References: <40BC5959.9000306@actinux.com> Message-ID: <40BC76F1.2090607@serendipita.com> J?r?me MOLLIER-PIERRET wrote: > Hi all, > > We use Malscanner with qmail, and experienced this morning some issue > with stranges mail that are non RFC822 compliant. > > It seem that the mail package Mail::Internet has problem when > Mailscanner trying to process this mail from his queue. > > In debug mode the error is : > Bad RFC822 field name '' > at /usr/lib/perl5/site_perl/5.8.0/Mail/Internet.pm line 130 > We had that too the offending message seems to have been Received: (qmail 7691 invoked by uid 0); 31 May 2004 14:58:58 -0000 Received: from cvg-65-26-147-135.cinci.rr.com (65.26.147.135) by 146.101.136.68 with SMTP; 31 May 2004 14:58:58 -0000 Received: from 36.26.68.43 by 65.26.147.135 Mon, 31 May 2004 21:53:00 +0600 Message-ID: From: " Sears" <306339186@ae.com> Reply-To: " Sears" <306339186@ae.com> To: toze@covato.com Subject: hey i tried to call you Date: Mon, 31 May 2004 08:51:00 -0700 X-Mailer: -: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--114838899249203109" [ | Priority: Normal | ] ----114838899249203109 Content-Type: text/html; Content-Encoding: NUM

Hey, whats up, my name is Jen and I'm new to this dating thing. I saw your profile you put up and I like it. =) I just want to get to know you a little better if you don't mind, come check my homepage with all my contact info at: -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 13:38:46 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: Bad RFC822 field name '' In-Reply-To: <40BC76F1.2090607@serendipita.com> References: <40BC5959.9000306@actinux.com> <40BC76F1.2090607@serendipita.com> Message-ID: <6.1.1.1.2.20040601133757.05e23440@imap.ecs.soton.ac.uk> What on earth is your header set to? A header of just "-" certainly looks wrong to me. At 13:30 01/06/2004, you wrote: >J?r?me MOLLIER-PIERRET wrote: > >>Hi all, >> >>We use Malscanner with qmail, and experienced this morning some issue >>with stranges mail that are non RFC822 compliant. >> >>It seem that the mail package Mail::Internet has problem when >>Mailscanner trying to process this mail from his queue. >> >>In debug mode the error is : >>Bad RFC822 field name '' >> at /usr/lib/perl5/site_perl/5.8.0/Mail/Internet.pm line 130 >We had that too > >the offending message seems to have been > >Received: (qmail 7691 invoked by uid 0); 31 May 2004 14:58:58 -0000 >Received: from cvg-65-26-147-135.cinci.rr.com (65.26.147.135) > by 146.101.136.68 with SMTP; 31 May 2004 14:58:58 -0000 >Received: from 36.26.68.43 by 65.26.147.135 Mon, 31 May 2004 21:53:00 +0600 >Message-ID: >From: " Sears" <306339186@ae.com> >Reply-To: " Sears" <306339186@ae.com> >To: toze@covato.com >Subject: hey i tried to call you >Date: Mon, 31 May 2004 08:51:00 -0700 >X-Mailer: >-: >MIME-Version: 1.0 >Content-Type: multipart/alternative; > boundary="--114838899249203109" >[ | Priority: Normal >| > >] > >----114838899249203109 >Content-Type: text/html; >Content-Encoding: NUM > > >

>Hey, whats up, my name is Jen and I'm new to this dating thing. I >saw your profile you put up and I like it. =) I just want to get to >know you a little better if you don't mind, come check my homepage >with all my contact info at: > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Tue Jun 1 13:51:20 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:36 2006 Subject: Bad RFC822 field name '' Message-ID: <5C0296D26910694BB9A9BBFC577E7AB00237078F@pascal.priv.bmrb.co.uk> Julian Field wrote: > What on earth is your header set to? A header of just "-" certainly > looks wrong to me. I think its an incoming mail, spam by the looks of it. Maybe a new tactic by spammers, or just broken spamming software. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 14:14:53 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: ANNOUNCE: Stable version 4.31 released Message-ID: <6.1.1.1.2.20040601134446.05dec388@imap.ecs.soton.ac.uk> G'Day all! I have just released version 4.31. The main changes and improvements this month are: -- Install script (./install.sh) for the "Other Unix" tar distribution. This should make installation a whole lot easier on non-RPM systems. -- Added support for SuSE 9.1, F-Secure 4.61 and Nod32 2.01. -- Detection and disarming of so-called "web bugs", very small images designed to be picked up by your email application to tell a remote server the message has been read and that you are therefore a real human being reading that mail account -- "Dangerous Content Scanning" configuration option to switch off most content checks while still keeping virus scanning. -- %variables% can now go in the report messages. Download it as usual from www.mailscanner.info. The full ChangeLog for this version is here: * New Features and Improvements * - Added install.sh script for tar distribution which builds all Perl modules, tnef decoder and MailScanner automatically. - Added configuration option "Dangerous Content Scanning" to allow you to disable all the content scanning except for the virus scanning. - Added support for Vexira virus scanner. - Implemented support for F-Secure 4.61. - Implemented support for Nod32 2.01. If you are still running 1.99, you will need to edit /etc/MailScanner/virus.scanners.conf. - Reports can now contain %variables% such as %org-name%. - Changed default installation location of Bitdefender to /opt/bdc. - Upgraded tnef to latest release from sourceforge. - Moved ExtUtils::MakeMaker into list of normal perl modules to install. - Linux distributions now auto-detect MTA setting in /etc/sysconfig/MailScanner. - Can now detect very small images in a message, that may be "web bugs" to track you. These can be disarmed if you want. - Changed documentation to just list single-instance version of Postfix. - Changed init.d scripts to work well with both single and double instance of Postfix. - Improved init.d script to support SuSE 9.1 properly. * Fixes * - Forced AVG to run in English. - Corrected problem with negative failure counts from RBLs and SA. - Fixed bug in LDAP ruleset handling. - Sendmail code now auto-detects the correct lock type to use, flock or posix. - Sendmail qf files no longer have to define an IP address. - Corrected report when archive is nested too deeply. - ZMailer forwarding fix provided by Mariano. - Fixed Postfix message corruption on recent Postfixes on some architectures. - Worked around latest tweaks to Postfix spec. - Fixed problems with PDF docs when signing messages. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From carles at UNLIMITEDMAIL.ORG Tue Jun 1 14:45:53 2004 From: carles at UNLIMITEDMAIL.ORG (Carles Xavier Munyoz =?iso-8859-15?q?Bald=F3?=) Date: Thu Jan 12 21:25:36 2006 Subject: Bounce/Forward, Forward/Delete. In-Reply-To: References: <801403078973F243A6A74322E134AF500F1C57@mail.herefordshire.gov.uk> Message-ID: <200406011545.53690.carles@unlimitedmail.org> Ok, I believe that I have not explained well what I want to do :-) I have an AUTHENTICATED RELAY SMTP server, a SMTP server that my users use for send email to the Internet, but they must authenticate before do it. The thing I want to do is detect which users are trying to send spam and not send this spam detected messages to the internet. I believe that the thing I must do is set up the default action in my spam actions ruleset file to: FromOrTo: default forward spammers@mydomain.com delete This way I will be able to identify the spammers (because I receive a copy of the spam identified messages, the spammers will not be aware of this identification) and my system will not send spam to the Internet. Is this ok with this configuration ? El Martes, 1 de Junio de 2004 12:48, Mean Man escribi?: > I agree, its a waste of time bouncing spam after all half the spam I get is > from people bouncing messages back to me that I never sent ! > > > But what you are asking is easy to do, edit the conf file and read the spam > actions > > Paul > ----- Original Message ----- > From: "Randal, Phil" > To: > Sent: Tuesday, June 01, 2004 8:24 PM > Subject: Re: Bounce/Forward, Forward/Delete. > > > Why? Why? Why? > > The last thing anyone should be doing is sending messages to spam senders. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Carles > > Xavier Munyoz Bald? > > Sent: 01 June 2004 11:05 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Bounce/Forward, Forward/Delete. > > > > Hi, > > I have an authenticated STMP relay server that is used by my > > users for send email to the Internet. I have a MailScanner > > setup running on it. > > > > I would like to send rejection message back to the sender of > > all spam detected messages and forward a copy of the spam > > message to my email account spam_detected@mydomain.com. > > > > Is it possible to specy this two actions (bounce and forward) > > in my spam actions ruleset file ? > > How ? > > > > And is it possilbe to customice the bounce rejection message ? > > > > Is it possible too to make a forward and a delete spam action ? > > How ? > > (I would like to get a copy of the spam message, but don't > > sent it to the final recipients) > > > > Greetings. > > --- > > Carles Xavier Munyoz Bald? > > carles@unlimitedmail.org > > http://www.unlimitedmail.net/ > > --- > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html --- Carles Xavier Munyoz Bald? carles@unlimitedmail.org http://www.unlimitedmail.net/ --- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clive at SERENDIPITA.COM Tue Jun 1 15:05:06 2004 From: clive at SERENDIPITA.COM (Clive Eisen) Date: Thu Jan 12 21:25:36 2006 Subject: Bad RFC822 field name '' In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00237078F@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00237078F@pascal.priv.bmrb.co.uk> Message-ID: <40BC8D12.90709@serendipita.com> Spicer, Kevin wrote: >Julian Field wrote: > > >>What on earth is your header set to? A header of just "-" certainly >>looks wrong to me. >> >> > >I think its an incoming mail, spam by the looks of it. Maybe a new tactic by spammers, or just broken spamming software. > > > > Exaclty - stopped mailscanner processing any email -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shoval at SOFTOV.CO.IL Tue Jun 1 15:32:12 2004 From: shoval at SOFTOV.CO.IL (Shoval Tomer) Date: Thu Jan 12 21:25:36 2006 Subject: BUG? Silent Viruses and infected, password protected ZIPs Message-ID: <4D3EACBC840810409663D2C9568AEA4E5C17@stex00.softov.co.il> > When a password protected zip file comes through that also contains a > virus I don't think that a password protected archive can even be searched for viruses. The AV doesn't have the password... Shoval -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Tue Jun 1 15:30:59 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:36 2006 Subject: BUG? Silent Viruses and infected, password protected ZIPs In-Reply-To: <4D3EACBC840810409663D2C9568AEA4E5C17@stex00.softov.co.il> Message-ID: <000301c447e5$10b31070$2065e0c9@cositputer> Unless the password can somehow be extracted from the message... but it sounds like too much trouble anyway. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Shoval Tomer Sent: Tuesday, June 01, 2004 9:32 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: BUG? Silent Viruses and infected, password protected ZIPs > When a password protected zip file comes through that also contains a > virus I don't think that a password protected archive can even be searched for viruses. The AV doesn't have the password... Shoval -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkbowman at neo.rr.com Tue Jun 1 15:53:18 2004 From: mkbowman at neo.rr.com (Matthew K Bowman) Date: Thu Jan 12 21:25:36 2006 Subject: High CPU Load - Please help References: <200405261450.i4QEo1Wf023026@monitor.blacknight.ie> Message-ID: <000a01c447e8$2ceb9d40$2567a8c0@mkbowman> Hello, I upgraded my MailScanner to 4.31.4 this morning and dcc to version 1.2.48. My load is still over 2. Diagnosing this problem piece by piece, I changed my spam and high spam actions to delete for default and removed all the other rules in both files, restarted MailScanner - this made no difference to the load. Disabling dcc checks also made no difference. Is it possible that the pyzor/razor checks are causing my problem? How does one disable pyzor/razor checks without uninstalling those packages? 10:48:56 up 42 min, 1 user, load average: 2.41, 2.61, 2.57 50 processes: 46 sleeping, 4 running, 0 zombie, 0 stopped CPU0 states: 23.0% user 4.2% system 0.0% nice 0.0% iowait 72.3% idle CPU1 states: 94.2% user 0.1% system 0.0% nice 0.0% iowait 5.2% idle Mem: 1029812k av, 772988k used, 256824k free, 0k shrd, 36868k buff 626500k actv, 49108k in_d, 21876k in_c Swap: 2040244k av, 44260k used, 1995984k free 168284k cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 8338 root 15 0 15828 1500 1456 S 99.9 0.1 9:50 1 MailScanner 10069 root 15 0 1080 1080 856 R 0.1 0.1 0:00 0 top 1 root 15 0 108 80 56 S 0.0 0.0 0:04 0 init Any help would be appreciated Thank you Matthew ----- Original Message ----- From: "Michele Neylon :: Blacknight Solutions" To: Sent: Wednesday, May 26, 2004 10:50 AM Subject: Re: High CPU Load - Please help > Matthew > > Load problems have been discussed quite often in the past. > As a general rule I would advise upgrading MS to the latest stable version > to start with, as earlier versions may not be as optimal. > Your version of DCC is out of date, as is your version of Razor. > > If you apply some of the optimisation tips as outlined in the MAQ you will > probably see some improvement in performance. > > M > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 14:14:53 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: ANNOUNCE: Stable version 4.31 released Message-ID: <6.1.1.1.2.20040601134446.05dec388@imap.ecs.soton.ac.uk> G'Day all! I have just released version 4.31. The main changes and improvements this month are: -- Install script (./install.sh) for the "Other Unix" tar distribution. This should make installation a whole lot easier on non-RPM systems. -- Added support for SuSE 9.1, F-Secure 4.61 and Nod32 2.01. -- Detection and disarming of so-called "web bugs", very small images designed to be picked up by your email application to tell a remote server the message has been read and that you are therefore a real human being reading that mail account -- "Dangerous Content Scanning" configuration option to switch off most content checks while still keeping virus scanning. -- %variables% can now go in the report messages. Download it as usual from www.mailscanner.info. The full ChangeLog for this version is here: * New Features and Improvements * - Added install.sh script for tar distribution which builds all Perl modules, tnef decoder and MailScanner automatically. - Added configuration option "Dangerous Content Scanning" to allow you to disable all the content scanning except for the virus scanning. - Added support for Vexira virus scanner. - Implemented support for F-Secure 4.61. - Implemented support for Nod32 2.01. If you are still running 1.99, you will need to edit /etc/MailScanner/virus.scanners.conf. - Reports can now contain %variables% such as %org-name%. - Changed default installation location of Bitdefender to /opt/bdc. - Upgraded tnef to latest release from sourceforge. - Moved ExtUtils::MakeMaker into list of normal perl modules to install. - Linux distributions now auto-detect MTA setting in /etc/sysconfig/MailScanner. - Can now detect very small images in a message, that may be "web bugs" to track you. These can be disarmed if you want. - Changed documentation to just list single-instance version of Postfix. - Changed init.d scripts to work well with both single and double instance of Postfix. - Improved init.d script to support SuSE 9.1 properly. * Fixes * - Forced AVG to run in English. - Corrected problem with negative failure counts from RBLs and SA. - Fixed bug in LDAP ruleset handling. - Sendmail code now auto-detects the correct lock type to use, flock or posix. - Sendmail qf files no longer have to define an IP address. - Corrected report when archive is nested too deeply. - ZMailer forwarding fix provided by Mariano. - Fixed Postfix message corruption on recent Postfixes on some architectures. - Worked around latest tweaks to Postfix spec. - Fixed problems with PDF docs when signing messages. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Tue Jun 1 16:09:16 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:36 2006 Subject: ANNOUNCE: Stable version 4.31 released Message-ID: <5C0296D26910694BB9A9BBFC577E7AB002370791@pascal.priv.bmrb.co.uk> Marcel Burggraeve wrote: > According to the config file it should default to flock when using > sendmail but for some kind of reason it's using posix resulting in > the errors above. After changing the Lock Type entry to flock in the > config file the mailscanner is working again. What do you get when you do.. sendmail -bt -d0.10 < /dev/null BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcel at PLUSINE.COM Tue Jun 1 16:03:11 2004 From: marcel at PLUSINE.COM (Marcel Burggraeve) Date: Thu Jan 12 21:25:36 2006 Subject: ANNOUNCE: Stable version 4.31 released In-Reply-To: <6.1.1.1.2.20040601134446.05dec388@imap.ecs.soton.ac.uk> Message-ID: Hi, Just installed this version on our HP9000 system and we see the following in the mail logfile : Jun 1 16:22:51 ns2.plusine.com MailScanner[25617]: MailScanner E-Mail Virus Scanner version 4.31.4 starting... Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: Using locktype = posix Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 1 Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 2 Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 3 Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 4 Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 5 Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: Don't know how to do fcntl locking on 'hpux' Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: Please contact mailscanner authors.5 According to the config file it should default to flock when using sendmail but for some kind of reason it's using posix resulting in the errors above. After changing the Lock Type entry to flock in the config file the mailscanner is working again. Best regards, Marcel Burggraeve Plusine B.V. The Netherlands> -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkettler at EVI-INC.COM Tue Jun 1 16:24:49 2004 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:25:36 2006 Subject: Some really newbie quesitons. In-Reply-To: <1085775411.2082.32.camel@bach.kevinspicer.co.uk> References: <6.0.0.22.0.20040528112659.0280f288@192.168.50.2> <1085775411.2082.32.camel@bach.kevinspicer.co.uk> Message-ID: <6.0.0.22.0.20040601111531.0289e188@192.168.50.2> At 04:16 PM 5/28/2004, Kevin Spicer wrote: >I think its more correct to say that by rejecting at the SMTP layer you >push the bounce one step further upstream. Alright, I agree with that. > In many cases this will be >the originating server (which is fine) but this can also be another >innocent server (e.g. for people who use a store and forward service for >secondary MX). True. > Its important to understand that whilst rejecting at >SMTP level is better than sending a bounce it still causes problems for >many people. True. Of course, keep in mind that my entire statement on using rejection is qualified by an "If you must..." However, as far as damage goes, given that undeliverable addresses will also generate 550's you're pretty much always going to have the problem of returns from "one step further upstream". By 5xx ing spam you're creating no greater scale of problems than would otherwise exist for the Joe job victim than if you did no spam scanning at all. They're going to have to deal with floods from all relays and forwarders involved anyway. Sure you're increasing the volume from the upstream server, but that server is going to be dumping tons of DSN's anyway, and will likely end up being blocked or procmailed to trash by the joe job victim. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 16:36:45 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: ANNOUNCE: Stable version 4.31 released In-Reply-To: References: <6.1.1.1.2.20040601134446.05dec388@imap.ecs.soton.ac.uk> Message-ID: <6.1.1.1.2.20040601163558.060c6388@imap.ecs.soton.ac.uk> I have just released 4.31.5 which does not have the FLOCK detector in it. I just tried it on a few systems round here and it often gets the answer wrong. Having the code in there will cause far more trouble than not having it, so it has gone. At 16:03 01/06/2004, you wrote: >Hi, > >Just installed this version on our HP9000 system and we see the following in >the mail logfile : > >Jun 1 16:22:51 ns2.plusine.com MailScanner[25617]: MailScanner E-Mail Virus >Scanner version 4.31.4 starting... >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: Using locktype = posix >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 1 >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 2 >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 3 >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 4 >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: 5 >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: Don't know how to do >fcntl locking on 'hpux' >Jun 1 16:22:56 ns2.plusine.com MailScanner[25617]: Please contact >mailscanner authors.5 > >According to the config file it should default to flock when using sendmail >but for some kind of reason it's using posix resulting in the errors above. >After changing the Lock Type entry to flock in the config file the >mailscanner is working again. > >Best regards, > >Marcel Burggraeve >Plusine B.V. >The Netherlands> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From adrian at SENN.CH Tue Jun 1 16:35:15 2004 From: adrian at SENN.CH (Adrian Senn) Date: Thu Jan 12 21:25:36 2006 Subject: ANNOUNCE: Stable version 4.31 released In-Reply-To: <6.1.1.1.2.20040601134446.05dec388@imap.ecs.soton.ac.uk> References: <6.1.1.1.2.20040601134446.05dec388@imap.ecs.soton.ac.uk> Message-ID: <40BCA233.4060102@senn.ch> Hi all I've got a strange init script problem. If i start it then i receive following messages. thor:~ # /etc/init.d/MailScanner start Initializing incoming postfixInitializing outgoing postfix failed Initializing MailScanner It's only a cosmeting thing, the processes are working fine. There is probably a missing line wrap in the init script or so? I've got only one postfix process working. It is a german Suse 9.1 setup. The Rest is working fine. -- Kind regards Adrian Senn -- |p mbox: adrian@senn.ch _ | |g mbox: adrian.senn@usz.ch ASCII ribbon campaign ( )| |www: - against HTML email X | | & vCards / \| -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Tue Jun 1 16:57:09 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:36 2006 Subject: Custom spam rule to not spam certain emails... Message-ID: <5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com> Hello everyone. Is it possible to create a custom rule for spamassasin and MS to allow certain pieces of email with a certain subject to not be checked for spam? What about a certain email address that this email is addressed to? Here is the problem I am having. We are a mortgage company and we have potential customers who fill out a type of application on one of our vendors web site. Once they hit the submit buttom on this web site, it is then transferred to us in the form of an email. The problem is, that most of these emails, the email addresses are @hotmail, @yahoo for the most part. Some of these get through fine, but other times, they get tagged as spam and are quarantined. I then have to go through the quarantine every so often and release them. Is there a way to get around this? The two options I thought of were some type of custom rule for the Subject line, since all of these emails have the same subject. The second is a rule to allow all email to a certain email address not to be scanned as spam. I thought i'd ask for some help here. Anyone have any suggestions? I appreciate it. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 16:56:52 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: Custom spam rule to not spam certain emails... In-Reply-To: <5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgag e.com> References: <5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com> Message-ID: <6.1.1.1.2.20040601165608.060c45d0@imap.ecs.soton.ac.uk> It is easy enough to create a custom rule which detects your exact subject line and gives it a large negative score. Take a look in spam.assassin.prefs.conf for a couple of examples which you could copy. At 16:57 01/06/2004, you wrote: >Hello everyone. > >Is it possible to create a custom rule for spamassasin and MS to allow >certain pieces of email with a certain subject to not be checked for spam? >What about a certain email address that this email is addressed to? > >Here is the problem I am having. > >We are a mortgage company and we have potential customers who fill out a >type of application on one of our vendors web site. Once they hit the >submit buttom on this web site, it is then transferred to us in the form of >an email. The problem is, that most of these emails, the email addresses >are @hotmail, @yahoo for the most part. Some of these get through fine, but >other times, they get tagged as spam and are quarantined. I then have to go >through the quarantine every so often and release them. > >Is there a way to get around this? The two options I thought of were some >type of custom rule for the Subject line, since all of these emails have >the same subject. >The second is a rule to allow all email to a certain email address not to >be scanned as spam. > >I thought i'd ask for some help here. > >Anyone have any suggestions? > >I appreciate it. > >Jason > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From evertjan at VANRAMSELAAR.NL Tue Jun 1 17:04:12 2004 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:25:36 2006 Subject: 4.31.5 no locktype at all Message-ID: <42819.10.10.0.101.1086105852.squirrel@10.10.0.101> Hi, Just upgraded from 4.31.4 to 4.31.5: Jun 1 17:55:36 ram3 MailScanner[15823]: MailScanner E-Mail Virus Scanner version 4.31.5 starting... Jun 1 17:55:36 ram3 MailScanner[15823]: Config: calling custom init function MailWatchLogging Jun 1 17:55:36 ram3 MailScanner[15823]: Initialising database connection Jun 1 17:55:36 ram3 MailScanner[15823]: Finished initialising database connection Jun 1 17:55:41 ram3 MailScanner[15823]: Using locktype = No locktype set? And when a message comes in, all processes try to scan and deliver it (probably because it is not locked): Jun 1 17:57:46 ram3 sendmail[16472]: i51FvjuL016472: from=, size= 3794, class=-30, nrcpts=1, msgid=<5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=smtp.jiscmail.ac.uk [130.246.192.55] Jun 1 17:57:46 ram3 MailScanner[15823]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:46 ram3 MailScanner[15823]: Spam Checks: Starting Jun 1 17:57:49 ram3 MailScanner[15823]: Virus and Content Scanning: Starting Jun 1 17:57:50 ram3 MailScanner[15833]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:50 ram3 MailScanner[15833]: Spam Checks: Starting Jun 1 17:57:50 ram3 MailScanner[15849]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:50 ram3 MailScanner[15849]: Spam Checks: Starting Jun 1 17:57:50 ram3 MailScanner[15839]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:50 ram3 MailScanner[15839]: Spam Checks: Starting Thus I downgraded again to 4.31.4 (which seems to work fine on RH9). -- Evert Jan van Ramselaar Van Ramselaar Info Tech -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 17:09:57 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: 4.31.5 no locktype at all In-Reply-To: <42819.10.10.0.101.1086105852.squirrel@10.10.0.101> References: <42819.10.10.0.101.1086105852.squirrel@10.10.0.101> Message-ID: <6.1.1.1.2.20040601170927.03b70b60@imap.ecs.soton.ac.uk> I'm not having a very successful afternoon am I? 4.31.6 should work rather better. At 17:04 01/06/2004, you wrote: >Hi, > >Just upgraded from 4.31.4 to 4.31.5: > >Jun 1 17:55:36 ram3 MailScanner[15823]: MailScanner E-Mail Virus Scanner >version 4.31.5 starting... >Jun 1 17:55:36 ram3 MailScanner[15823]: Config: calling custom init >function MailWatchLogging >Jun 1 17:55:36 ram3 MailScanner[15823]: Initialising database connection >Jun 1 17:55:36 ram3 MailScanner[15823]: Finished initialising database >connection >Jun 1 17:55:41 ram3 MailScanner[15823]: Using locktype = > >No locktype set? >And when a message comes in, all processes try to scan and deliver it >(probably because it is not locked): > >Jun 1 17:57:46 ram3 sendmail[16472]: i51FvjuL016472: >from=, size= >3794, class=-30, nrcpts=1, >msgid=<5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com>, >bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=smtp.jiscmail.ac.uk >[130.246.192.55] >Jun 1 17:57:46 ram3 MailScanner[15823]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:46 ram3 MailScanner[15823]: Spam Checks: Starting >Jun 1 17:57:49 ram3 MailScanner[15823]: Virus and Content Scanning: Starting >Jun 1 17:57:50 ram3 MailScanner[15833]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:50 ram3 MailScanner[15833]: Spam Checks: Starting >Jun 1 17:57:50 ram3 MailScanner[15849]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:50 ram3 MailScanner[15849]: Spam Checks: Starting >Jun 1 17:57:50 ram3 MailScanner[15839]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:50 ram3 MailScanner[15839]: Spam Checks: Starting > >Thus I downgraded again to 4.31.4 (which seems to work fine on RH9). > >-- > Evert Jan van Ramselaar > Van Ramselaar Info Tech > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Tue Jun 1 17:15:14 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:25:36 2006 Subject: 4.31.5 no locktype at all Message-ID: <91A5926EFF44D3118B1200104B7276EB02C5713B@hart-exchange.hartwellcorp.com> I was getting this as well, multiple copies of each message being delivered. Downgraded to restore normal operation. Evert Jan van Ramselaar wrote: > Hi, > > Just upgraded from 4.31.4 to 4.31.5: > > Jun 1 17:55:36 ram3 MailScanner[15823]: MailScanner E-Mail Virus > Scanner version 4.31.5 starting... > Jun 1 17:55:36 ram3 MailScanner[15823]: Config: calling custom init > function MailWatchLogging > Jun 1 17:55:36 ram3 MailScanner[15823]: Initialising database > connection Jun 1 17:55:36 ram3 MailScanner[15823]: Finished > initialising database connection > Jun 1 17:55:41 ram3 MailScanner[15823]: Using locktype = > > No locktype set? > And when a message comes in, all processes try to scan and deliver it > (probably because it is not locked): > > Jun 1 17:57:46 ram3 sendmail[16472]: i51FvjuL016472: > from=, size= > 3794, class=-30, nrcpts=1, > msgid=<5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com>, > bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=smtp.jiscmail.ac.uk > [130.246.192.55] > Jun 1 17:57:46 ram3 MailScanner[15823]: New Batch: Scanning 1 > messages, 4321 bytes > Jun 1 17:57:46 ram3 MailScanner[15823]: Spam Checks: Starting > Jun 1 17:57:49 ram3 MailScanner[15823]: Virus and Content Scanning: > Starting Jun 1 17:57:50 ram3 MailScanner[15833]: New Batch: Scanning > 1 messages, 4321 bytes > Jun 1 17:57:50 ram3 MailScanner[15833]: Spam Checks: Starting > Jun 1 17:57:50 ram3 MailScanner[15849]: New Batch: Scanning 1 > messages, 4321 bytes > Jun 1 17:57:50 ram3 MailScanner[15849]: Spam Checks: Starting > Jun 1 17:57:50 ram3 MailScanner[15839]: New Batch: Scanning 1 > messages, 4321 bytes > Jun 1 17:57:50 ram3 MailScanner[15839]: Spam Checks: Starting > > Thus I downgraded again to 4.31.4 (which seems to work fine on RH9). -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Tue Jun 1 17:19:45 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:25:36 2006 Subject: 4.31.5 no locktype at all References: <42819.10.10.0.101.1086105852.squirrel@10.10.0.101> Message-ID: <01b301c447f4$40bd5a00$6300a8c0@SSILVA2K> I see a 4.31.6 already in the release directory. Just waiting for the Official notice ----- Original Message ----- From: "Evert Jan van Ramselaar" To: Sent: Tuesday, June 01, 2004 9:04 AM Subject: 4.31.5 no locktype at all Hi, Just upgraded from 4.31.4 to 4.31.5: Jun 1 17:55:36 ram3 MailScanner[15823]: MailScanner E-Mail Virus Scanner version 4.31.5 starting... Jun 1 17:55:36 ram3 MailScanner[15823]: Config: calling custom init function MailWatchLogging Jun 1 17:55:36 ram3 MailScanner[15823]: Initialising database connection Jun 1 17:55:36 ram3 MailScanner[15823]: Finished initialising database connection Jun 1 17:55:41 ram3 MailScanner[15823]: Using locktype = No locktype set? And when a message comes in, all processes try to scan and deliver it (probably because it is not locked): Jun 1 17:57:46 ram3 sendmail[16472]: i51FvjuL016472: from=, size= 3794, class=-30, nrcpts=1, msgid=<5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=smtp.jiscmail.ac.uk [130.246.192.55] Jun 1 17:57:46 ram3 MailScanner[15823]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:46 ram3 MailScanner[15823]: Spam Checks: Starting Jun 1 17:57:49 ram3 MailScanner[15823]: Virus and Content Scanning: Starting Jun 1 17:57:50 ram3 MailScanner[15833]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:50 ram3 MailScanner[15833]: Spam Checks: Starting Jun 1 17:57:50 ram3 MailScanner[15849]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:50 ram3 MailScanner[15849]: Spam Checks: Starting Jun 1 17:57:50 ram3 MailScanner[15839]: New Batch: Scanning 1 messages, 4321 bytes Jun 1 17:57:50 ram3 MailScanner[15839]: Spam Checks: Starting Thus I downgraded again to 4.31.4 (which seems to work fine on RH9). -- Evert Jan van Ramselaar Van Ramselaar Info Tech -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From evertjan at VANRAMSELAAR.NL Tue Jun 1 17:21:54 2004 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:25:36 2006 Subject: 4.31.5 no locktype at all In-Reply-To: <6.1.1.1.2.20040601170927.03b70b60@imap.ecs.soton.ac.uk> References: <42819.10.10.0.101.1086105852.squirrel@10.10.0.101> <6.1.1.1.2.20040601170927.03b70b60@imap.ecs.soton.ac.uk> Message-ID: <42908.10.10.0.101.1086106914.squirrel@10.10.0.101> Julian Field said: > I'm not having a very successful afternoon am I? I guess we all have those days once in a while... > 4.31.6 should work rather better. Yep. Working fine. Tnx for your quick response. -- Evert Jan van Ramselaar Van Ramselaar Info Tech -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 17:59:42 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: 4.31.5 no locktype at all In-Reply-To: <01b301c447f4$40bd5a00$6300a8c0@SSILVA2K> References: <42819.10.10.0.101.1086105852.squirrel@10.10.0.101> <01b301c447f4$40bd5a00$6300a8c0@SSILVA2K> Message-ID: <6.1.1.1.2.20040601175918.02bae408@imap.ecs.soton.ac.uk> 4.31.6 is ready to roll. Should work this time :-) At 17:19 01/06/2004, you wrote: >I see a 4.31.6 already in the release directory. >Just waiting for the Official notice > > >----- Original Message ----- >From: "Evert Jan van Ramselaar" >To: >Sent: Tuesday, June 01, 2004 9:04 AM >Subject: 4.31.5 no locktype at all > > >Hi, > >Just upgraded from 4.31.4 to 4.31.5: > >Jun 1 17:55:36 ram3 MailScanner[15823]: MailScanner E-Mail Virus Scanner >version 4.31.5 starting... >Jun 1 17:55:36 ram3 MailScanner[15823]: Config: calling custom init >function MailWatchLogging >Jun 1 17:55:36 ram3 MailScanner[15823]: Initialising database connection >Jun 1 17:55:36 ram3 MailScanner[15823]: Finished initialising database >connection >Jun 1 17:55:41 ram3 MailScanner[15823]: Using locktype = > >No locktype set? >And when a message comes in, all processes try to scan and deliver it >(probably because it is not locked): > >Jun 1 17:57:46 ram3 sendmail[16472]: i51FvjuL016472: >from=, size= >3794, class=-30, nrcpts=1, >msgid=<5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com>, >bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=smtp.jiscmail.ac.uk >[130.246.192.55] >Jun 1 17:57:46 ram3 MailScanner[15823]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:46 ram3 MailScanner[15823]: Spam Checks: Starting >Jun 1 17:57:49 ram3 MailScanner[15823]: Virus and Content Scanning: >Starting >Jun 1 17:57:50 ram3 MailScanner[15833]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:50 ram3 MailScanner[15833]: Spam Checks: Starting >Jun 1 17:57:50 ram3 MailScanner[15849]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:50 ram3 MailScanner[15849]: Spam Checks: Starting >Jun 1 17:57:50 ram3 MailScanner[15839]: New Batch: Scanning 1 messages, >4321 bytes >Jun 1 17:57:50 ram3 MailScanner[15839]: Spam Checks: Starting > >Thus I downgraded again to 4.31.4 (which seems to work fine on RH9). > >-- > Evert Jan van Ramselaar > Van Ramselaar Info Tech > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue Jun 1 17:49:03 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:36 2006 Subject: High CPU Load - Please help In-Reply-To: <000a01c447e8$2ceb9d40$2567a8c0@mkbowman> References: <200405261450.i4QEo1Wf023026@monitor.blacknight.ie> <000a01c447e8$2ceb9d40$2567a8c0@mkbowman> Message-ID: Matthew K Bowman wrote: > Hello, > > I upgraded my MailScanner to 4.31.4 this morning and dcc to version 1.2.48. > My load is still over 2. Btw, this kind of load is far from being critical. It just means you have 2 processes waiting for cpu time or I/O at some point in time. vmstat will tell you more > Diagnosing this problem piece by piece, I changed > my spam and high spam actions to delete for default and removed all the > other rules in both files, restarted MailScanner - this made no difference > to the load. Disabling dcc checks also made no difference. > > Is it possible that the pyzor/razor checks are causing my problem? How does > one disable pyzor/razor checks without uninstalling those packages? Yes, in spam.assassin.conf I think it is use_dcc 0 use_pyzor 0 but I'm not sure. I think you have these instructions in the MailScanner's Manual written by Steve. > > 10:48:56 up 42 min, 1 user, load average: 2.41, 2.61, 2.57 > 50 processes: 46 sleeping, 4 running, 0 zombie, 0 stopped > CPU0 states: 23.0% user 4.2% system 0.0% nice 0.0% iowait 72.3% > idle > CPU1 states: 94.2% user 0.1% system 0.0% nice 0.0% iowait 5.2% > idle > Mem: 1029812k av, 772988k used, 256824k free, 0k shrd, 36868k > buff > 626500k actv, 49108k in_d, 21876k in_c > Swap: 2040244k av, 44260k used, 1995984k free 168284k > cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND > 8338 root 15 0 15828 1500 1456 S 99.9 0.1 9:50 1 > MailScanner > 10069 root 15 0 1080 1080 856 R 0.1 0.1 0:00 0 top > 1 root 15 0 108 80 56 S 0.0 0.0 0:04 0 init > > Any help would be appreciated > > Thank you > > Matthew > > > > ----- Original Message ----- > From: "Michele Neylon :: Blacknight Solutions" > > To: > Sent: Wednesday, May 26, 2004 10:50 AM > Subject: Re: High CPU Load - Please help > > > >>Matthew >> >>Load problems have been discussed quite often in the past. >>As a general rule I would advise upgrading MS to the latest stable version >>to start with, as earlier versions may not be as optimal. >>Your version of DCC is out of date, as is your version of Razor. >> >>If you apply some of the optimisation tips as outlined in the MAQ you will >>probably see some improvement in performance. >> >>M >> -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue Jun 1 17:50:40 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:36 2006 Subject: Custom spam rule to not spam certain emails... In-Reply-To: <5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com> Message-ID: Jason Williams wrote: > Hello everyone. > > Is it possible to create a custom rule for spamassasin and MS to allow > certain pieces of email with a certain subject to not be checked for spam? > What about a certain email address that this email is addressed to? > > Here is the problem I am having. > > We are a mortgage company and we have potential customers who fill out a > type of application on one of our vendors web site. Once they hit the > submit buttom on this web site, it is then transferred to us in the form of > an email. The problem is, that most of these emails, the email addresses > are @hotmail, @yahoo for the most part. Some of these get through fine, but > other times, they get tagged as spam and are quarantined. I then have to go > through the quarantine every so often and release them. > > Is there a way to get around this? The two options I thought of were some > type of custom rule for the Subject line, since all of these emails have > the same subject. > The second is a rule to allow all email to a certain email address not to > be scanned as spam. > > I thought i'd ask for some help here. > > Anyone have any suggestions? Maybe you could whitelist the web server or the user (usually apache@webserver)? > > I appreciate it. > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mark at TIPPINGMAR.COM Tue Jun 1 18:12:41 2004 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:25:36 2006 Subject: Converting tnef attachments using mailscanner In-Reply-To: Message-ID: <40BC5699.29943.A6C48CF@localhost> On 1 Jun 2004 at 8:11, Seppo Suomalainen wrote: > Because MailScanner already uses tnef to decode winmail.dat's, my > question is that is it possible to configure MailScanner to replace > the m$-attachments with the standard ones? I made the same inquiry about a month ago but got no response, so let me just add my support for this request. Mark -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 18:17:13 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:36 2006 Subject: Converting tnef attachments using mailscanner In-Reply-To: <40BC5699.29943.A6C48CF@localhost> References: <40BC5699.29943.A6C48CF@localhost> Message-ID: <6.1.1.1.2.20040601181624.02c20f90@imap.ecs.soton.ac.uk> At 18:12 01/06/2004, you wrote: >On 1 Jun 2004 at 8:11, Seppo Suomalainen wrote: > > Because MailScanner already uses tnef to decode winmail.dat's, my > > question is that is it possible to configure MailScanner to replace > > the m$-attachments with the standard ones? > >I made the same inquiry about a month ago but got no response, so let me >just add >my support for this request. I will take a look and see how easy this is. It's not trivial, but should be possible. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Chase.Casanova at RDU.COM Tue Jun 1 18:14:59 2004 From: Chase.Casanova at RDU.COM (Casanova, Chase) Date: Thu Jan 12 21:25:37 2006 Subject: Custom spam rule to not spam certain emails... Message-ID: Here is one that is similar to one I use: header LOCAL_SUBJ_MIR Subject=~/Month In Review/i describe LOCAL_SUBJ_MIR Subject contains "Month In Review" score LOCAL_SUBJ_MIR -30 It justs makes the Spam score negative so it is not classified as Spam. I also choose to put my custom rules in the SpamAssassin /etc/mail/spamassassin/local.cf file. Thanks, Chase -----Original Message----- From: Jason Williams [mailto:jwilliams@COURTESYMORTGAGE.COM] Sent: Tuesday, June 01, 2004 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Custom spam rule to not spam certain emails... Hello everyone. Is it possible to create a custom rule for spamassasin and MS to allow certain pieces of email with a certain subject to not be checked for spam? What about a certain email address that this email is addressed to? Here is the problem I am having. We are a mortgage company and we have potential customers who fill out a type of application on one of our vendors web site. Once they hit the submit buttom on this web site, it is then transferred to us in the form of an email. The problem is, that most of these emails, the email addresses are @hotmail, @yahoo for the most part. Some of these get through fine, but other times, they get tagged as spam and are quarantined. I then have to go through the quarantine every so often and release them. Is there a way to get around this? The two options I thought of were some type of custom rule for the Subject line, since all of these emails have the same subject. The second is a rule to allow all email to a certain email address not to be scanned as spam. I thought i'd ask for some help here. Anyone have any suggestions? I appreciate it. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Tue Jun 1 18:18:56 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:25:37 2006 Subject: 4.31.5 no locktype at all Message-ID: <91A5926EFF44D3118B1200104B7276EB02C57140@hart-exchange.hartwellcorp.com> All is well with version 4.31.6. Thanks Julian. Julian Field wrote: > I'm not having a very successful afternoon am I? > 4.31.6 should work rather better. > > At 17:04 01/06/2004, you wrote: >> Hi, >> >> Just upgraded from 4.31.4 to 4.31.5: -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 18:21:49 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:37 2006 Subject: 4.31.5 no locktype at all In-Reply-To: <91A5926EFF44D3118B1200104B7276EB02C57140@hart-exchange.har twellcorp.com> References: <91A5926EFF44D3118B1200104B7276EB02C57140@hart-exchange.hartwellcorp.com> Message-ID: <6.1.1.1.2.20040601182132.02bd95d8@imap.ecs.soton.ac.uk> Phew! At 18:18 01/06/2004, you wrote: >All is well with version 4.31.6. > >Thanks Julian. > >Julian Field wrote: > > I'm not having a very successful afternoon am I? > > 4.31.6 should work rather better. > > > > At 17:04 01/06/2004, you wrote: > >> Hi, > >> > >> Just upgraded from 4.31.4 to 4.31.5: -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From joshua.hirsh at PARTNERSOLUTIONS.CA Tue Jun 1 18:23:01 2004 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:25:37 2006 Subject: BUG? Silent Viruses and infected, password protected ZIPs Message-ID: <75FEDC422E2309419A9303E7B18F206E0862E4C2@eqmail1.efni.vpn> > I don't think that a password protected archive can even be > searched for viruses. The AV doesn't have the password... You don't need to extract the archive to match a virus definition of the zip file itself. Take a look at W32/Bagle-Zip from Sophos. Either way, it was a stupid mistake on my part ;-) -Joshua -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dwinkler at ALGORITHMICS.COM Tue Jun 1 19:03:15 2004 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:25:37 2006 Subject: Filename User Report Text Used for Virus: Rule Matching Message-ID: <20CEA27AF49D7F4691F02E7ADC5D4ECD01171C35@tormail2.algorithmics.com> No sure if this is a feature or a bug... Had a user who wanted to get past the senders blocking rules and decided to rename a .zip to .zi. On my system I have a rule in filename.rules.conf which blocks this extension as a possible Sobig variant. I also use a ruleset for "Quarantine Infections". Turns out it used the user report text in filename.rules.conf to match against Virus: lines in the ruleset. Since filename.rules.conf uses 'Potential "WORM_SOBIG" Virus Variant' as the user report text and the rules have the line "Virus: Sobig no" the attachment was not quarantined. Not really a problem now that I know about it but maybe adding a comment to filename.rules.conf that user report text is used to match against Virus: rules would be helpful. Thanks, Derek Winkler Security Administrator Algorithmics 185 Spadina Ave Toronto, Ontario Canada M5T 2C6 Phone: 416-217-4107 Fax: 416-971-6100 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From diego.fabara at ALEGROPCS.COM Tue Jun 1 19:09:15 2004 From: diego.fabara at ALEGROPCS.COM (Diego Fabara) Date: Thu Jan 12 21:25:37 2006 Subject: Silent Viruses Options Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2901 bytes Desc: image001.jpg Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040601/79983d1c/attachment.jpe From mailscanner at ecs.soton.ac.uk Tue Jun 1 19:28:49 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:37 2006 Subject: Silent Viruses Options In-Reply-To: References: Message-ID: <6.1.1.1.2.20040601192714.0444e720@imap.ecs.soton.ac.uk> At 19:09 01/06/2004, you wrote: >I?ve problems. >My options : >Allow IFrame Tags= disarm >Silent Viruses = HTML-IFrame All-Viruses > > >Then, my users don?t recieves mail from News Mails based in html format. >For example from : Cisco IDS news.( Cisco Systems Inc >[IDS_Active_Update@mail.ciscomessage.com]) > >My users need to receive these mails, but I believe that is to leave to >the system antivirus uncertain. They can give a suggestion me? > > >I need to permit this emails but I think The standard solution to this is to set "Allow IFrame Tags" to be a ruleset, allowing the tags from certain known trusted addresses such as the Cisco newsletters and the daily Dilbert cartoon. The "Log IFrame Tags" option is there to help you work out which addresses you need to whitelist. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Tue Jun 1 20:19:33 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:37 2006 Subject: Custom spam rule to not spam certain emails... In-Reply-To: <5.2.1.1.0.20040601085302.00a8c268@corpmail.courtesymortgage.com> Message-ID: <000201c4480d$60b584e0$2065e0c9@cositputer> Why don't you whitelist the ip where the form is hosted? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams Sent: Tuesday, June 01, 2004 10:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Custom spam rule to not spam certain emails... Hello everyone. Is it possible to create a custom rule for spamassasin and MS to allow certain pieces of email with a certain subject to not be checked for spam? What about a certain email address that this email is addressed to? Here is the problem I am having. We are a mortgage company and we have potential customers who fill out a type of application on one of our vendors web site. Once they hit the submit buttom on this web site, it is then transferred to us in the form of an email. The problem is, that most of these emails, the email addresses are @hotmail, @yahoo for the most part. Some of these get through fine, but other times, they get tagged as spam and are quarantined. I then have to go through the quarantine every so often and release them. Is there a way to get around this? The two options I thought of were some type of custom rule for the Subject line, since all of these emails have the same subject. The second is a rule to allow all email to a certain email address not to be scanned as spam. I thought i'd ask for some help here. Anyone have any suggestions? I appreciate it. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Tue Jun 1 20:46:23 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:25:37 2006 Subject: mails stuck in postfix.in but delivered In-Reply-To: <016b01c44633$bb1b9540$6b00a8c0@tuck> References: <016b01c44633$bb1b9540$6b00a8c0@tuck> Message-ID: <40BCDD0F.3050602@themarshalls.co.uk> Move to single instance. This will fix this problem. Details are here http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml Drew Andrei Gologan wrote: >Hi, >I installed Mailscanner with postfix and it works just fine. It works as a >relay server. >So I thought I?ll test it and got some load on the server (about 3000 mails >a day) >The mails get deliverd BUT a part of them remain in the postfix.in queue and >gets delivered to the final destination over and over again. The result is >receving the same e-mail a lot of times. It is the same mail, it has the >first received timestamp allways the same, only the delivered at date ist >different. > >So I found the mails in postfix.in/incoming. > >The log file shows a lot of: >May 30 11:40:59 localhost postfix/qmgr[28333]: 249F6182D8: skipped, still >being delivered > >and they ARE delivered but not deleted out of the queue. > >and also: >May 30 11:41:02 localhost MailScanner[8062]: Disabled RBL SBL+XBL as reached >7/10 timeouts > >Now I deleted the queue manualy and it looks good, but what if I put the >load again on ? > >Does anybody know why this is ? >Is the load to high for the Server ? It has 1,6 Ghz Pentium and 300 MB RAM > >Any help would be greatly apreciated! > >Thank you >Andrei Gologan >www.ag-it.net > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040601/3e372b13/attachment.html From drew at THEMARSHALLS.CO.UK Tue Jun 1 20:52:12 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:25:37 2006 Subject: Fresh installation problems - Postfix In-Reply-To: <008501c44787$ad1ad370$050010ac@Valinor> References: <9BDD6D4AD0795C46974D7D46C17883B80AEC8603@ahm_exchange2.americanhm.com> <003601c44299$b4da2040$050010ac@Valinor> <009601c4433a$77e4e430$050010ac@Valinor> <40B4D18E.8000901@themarshalls.co.uk> <008501c44787$ad1ad370$050010ac@Valinor> Message-ID: <40BCDE6C.50306@themarshalls.co.uk> Ignacio M. Sbampato wrote: >Thanks, Drew. Currently, we are running Kaspersky Anti Spam (KAS). I >deactivated it, replacing master.cf with an old one, but i need to know if i >have to make some changes to that file to get MailScanner running. Can i >re-apply the changes made during installation? Running install.sh again >didn't do it. > > No it won't change the master.cf file. If you send me a copy of the master.cf I'll have a look at it. I'm due on holiday in the next couple of days so sooner would be useful (Or you will have to wait 10 days or so ;-) ) Drew [Some Snipping] >>>>Guys, >>>> >>>>i recently installed a box with MailScanner 4.30.3-2 and Postfix 2.0.19. >>>>Since i started the system, all messages are being queued, because of >>>> >>>> >the > > >>>>following reason: >>>> >>>>----- STATUS ----- >>>>connect to 127.0.0.1[127.0.0.1]: server dropped connection without >>>> >>>> >sending > > >>>>the initial greeting >>>>----- STATUS ----- >>>> >>>>The messages seems to be scanned by MailScanner because i can see >>>>MailScanner messages in /var/log/maillog. >>>> >>>>For install the box, i did the following steps: >>>> >>>>* Enable chroot jail, running '/etc/postfix/postfix-chroot enable'. >>>>* Enable header_checks in '/etc/postfix/main.cf' >>>>* Create file header_checks on postfix folder and added the line to hold >>>>messages. >>>>* Modify params for postfix in MailScanner.conf >>>>* Change owner to postfix on quarantine and incoming folders of >>>> >>>> >>>> >>>> >>>MailScanner >>> >>> >>> >>> >>>>* Modify /etc/sysconfig/MailScanner to use postfix >>>> >>>>All this instructions were taken from: >>>> >>>>http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml >>>> >>>>On some place i found that this error is common if you use amavis, >>>> >>>> >because > > >>>>it can be blocking the IP used by Postfix to send mails. Does >>>> >>>> >MailScanner > > >>>>the same thing? How can i solve this problem? >>>> >>>>Thanks a lot for your help. >>>> >>>>Best regards, >>>> >>>>Ignacio >>>> >>>> -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040601/12a0f441/attachment.html From jaearick at COLBY.EDU Tue Jun 1 20:58:29 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:37 2006 Subject: 4.31.6: grumbles about install.sh Message-ID: Julian, For us curmudgeons who are used to installing MS via the tarfile of previous months, can we continue to do this? After unrolling MailScanner-install-4.31.6-1.tar.gz, can I just untar MailScanner-4.31.6-1.tar.gz and prceed as I used to? Do I need to build the new tnef if I do this? My quick observations about install.sh: 1) I always like install scripts that have a "debug" mode, ie "I will show you what I would do (and build things in a /tmp directory), but I will not attempt to install anything" mode. 2) My /usr/local filesystem is NFS-mounted, so I don't want tnef going there. I would like any tnef executable to be in MailScanner's directory tree, eg /opt/MailScanner-4.31.6. Keep things in one tidy spot, plueeeze. 3) I have both gcc and cc (Sun Forte 7) installed. I build the public-domain perl with Sun's compiler, because of threading, interactions with Sun's shared libs, etc. My heart sank when I saw the symlink of /tmp/MStmpinstall../cc to /usr/local/bin/gcc. Ugh. Attempts to run the script give: Your perl and your Config.pm seem to have different ideas about the architecture they are running on. Perl thinks: [sun4-solaris-thread-multi] Config says: [sun4-solaris-thread-multi] Still studying the script... Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 21:10:25 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:37 2006 Subject: 4.31.6: grumbles about install.sh In-Reply-To: References: Message-ID: <6.1.1.1.2.20040601210710.02a1d218@imap.ecs.soton.ac.uk> At 20:58 01/06/2004, you wrote: >Julian, > >For us curmudgeons who are used to installing MS via the tarfile >of previous months, can we continue to do this? Yes. > After unrolling >MailScanner-install-4.31.6-1.tar.gz, can I just untar >MailScanner-4.31.6-1.tar.gz and prceed as I used to? Yes. > Do I need >to build the new tnef if I do this? No. >My quick observations about install.sh: > >1) I always like install scripts that have a "debug" mode, ie >"I will show you what I would do (and build things in a /tmp >directory), but I will not attempt to install anything" mode. > >2) My /usr/local filesystem is NFS-mounted, so I don't want >tnef going there. I would like any tnef executable to be in >MailScanner's directory tree, eg /opt/MailScanner-4.31.6. Keep >things in one tidy spot, plueeeze. Fair point. >3) I have both gcc and cc (Sun Forte 7) installed. I build the >public-domain perl with Sun's compiler, because of threading, >interactions with Sun's shared libs, etc. My heart sank when I saw >the symlink of /tmp/MStmpinstall../cc to /usr/local/bin/gcc. >Ugh. Where should I look for cc? /opt/SUNWspro/bin? > Attempts to run the script give: > >Your perl and your Config.pm seem to have different ideas about the >architecture they are running on. >Perl thinks: [sun4-solaris-thread-multi] >Config says: [sun4-solaris-thread-multi] I know about that. It's a side-effect of handling systems with only gcc. Left to their own devices, these systems are incapable of building any Perl module which has C code in it. >Still studying the script... I admit it's not perfect yet, but the only way to get people to run it is to publish it.... The MailScanner-4.31.6-1.tar.gz inside it is untouched from the previous distributions. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Tue Jun 1 21:24:06 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:37 2006 Subject: SpamAssasin rules and custom .cf files Message-ID: <5.2.1.1.0.20040601132028.00b05188@corpmail.courtesymortgage.com> Hello everyone. Quick background here. Been running MS for almost 4 weeks now and it has been great and doing everything. I have not had to do a whole lot of tweaking with things because it was working so well (add to the fact im overworked as well :) )... Anyway, just this past weekend, I noticed that some spam was starting to slip through my Mail Gateway server, which prompted me to start thinking about tweaking SA a little bit. Anyway, like I said, have not had to do a lot of tweaking from the get go, but here is what I have. Setup my default SA rules: low scoring spam is at 5: high is at 10. I only downloaded to custom .cf files from www.rulesemporium.com anti-drug.cf chickenpox.cf Since additional spam was starting to leak through, I was going to start writing some custom rulesets for SA as well as maybe download a few rulesets. Was curious if anyone has a list of what rulesets work the best? Are there a list of favorite rulesets that seem to work well? Just thought i'd ask before I start downloading a few of these .cf files. Thanks guys. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Tue Jun 1 21:24:04 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:37 2006 Subject: High CPU Load - Please help In-Reply-To: Message-ID: <000401c44816$644d89a0$2065e0c9@cositputer> I heard somewhere you can multiply this by something in order to gauge (albeit approximately) the amount of utilization. The "top" program can also give you a better idea of what's going on. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Tuesday, June 01, 2004 11:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: High CPU Load - Please help Matthew K Bowman wrote: > Hello, > > I upgraded my MailScanner to 4.31.4 this morning and dcc to version 1.2.48. > My load is still over 2. Btw, this kind of load is far from being critical. It just means you have 2 processes waiting for cpu time or I/O at some point in time. vmstat will tell you more > Diagnosing this problem piece by piece, I changed > my spam and high spam actions to delete for default and removed all the > other rules in both files, restarted MailScanner - this made no difference > to the load. Disabling dcc checks also made no difference. > > Is it possible that the pyzor/razor checks are causing my problem? How does > one disable pyzor/razor checks without uninstalling those packages? Yes, in spam.assassin.conf I think it is use_dcc 0 use_pyzor 0 but I'm not sure. I think you have these instructions in the MailScanner's Manual written by Steve. > > 10:48:56 up 42 min, 1 user, load average: 2.41, 2.61, 2.57 > 50 processes: 46 sleeping, 4 running, 0 zombie, 0 stopped > CPU0 states: 23.0% user 4.2% system 0.0% nice 0.0% iowait 72.3% > idle > CPU1 states: 94.2% user 0.1% system 0.0% nice 0.0% iowait 5.2% > idle > Mem: 1029812k av, 772988k used, 256824k free, 0k shrd, 36868k > buff > 626500k actv, 49108k in_d, 21876k in_c > Swap: 2040244k av, 44260k used, 1995984k free 168284k > cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND > 8338 root 15 0 15828 1500 1456 S 99.9 0.1 9:50 1 > MailScanner > 10069 root 15 0 1080 1080 856 R 0.1 0.1 0:00 0 top > 1 root 15 0 108 80 56 S 0.0 0.0 0:04 0 init > > Any help would be appreciated > > Thank you > > Matthew > > > > ----- Original Message ----- > From: "Michele Neylon :: Blacknight Solutions" > > To: > Sent: Wednesday, May 26, 2004 10:50 AM > Subject: Re: High CPU Load - Please help > > > >>Matthew >> >>Load problems have been discussed quite often in the past. >>As a general rule I would advise upgrading MS to the latest stable version >>to start with, as earlier versions may not be as optimal. >>Your version of DCC is out of date, as is your version of Razor. >> >>If you apply some of the optimisation tips as outlined in the MAQ you will >>probably see some improvement in performance. >> >>M >> -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Tue Jun 1 21:26:35 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:37 2006 Subject: Converting tnef attachments using mailscanner In-Reply-To: <6.1.1.1.2.20040601181624.02c20f90@imap.ecs.soton.ac.uk> Message-ID: <000501c44816$bdeef110$2065e0c9@cositputer> I think it would be good for several reasons, including improving "diplomatic relations" between broken MS MUAs/MTAs and the rest of the non-winmaildat speaking world. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, June 01, 2004 12:17 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Converting tnef attachments using mailscanner At 18:12 01/06/2004, you wrote: >On 1 Jun 2004 at 8:11, Seppo Suomalainen wrote: > > Because MailScanner already uses tnef to decode winmail.dat's, my > > question is that is it possible to configure MailScanner to replace > > the m$-attachments with the standard ones? > >I made the same inquiry about a month ago but got no response, so let me >just add >my support for this request. I will take a look and see how easy this is. It's not trivial, but should be possible. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 1 21:33:20 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:37 2006 Subject: SpamAssasin rules and custom .cf files In-Reply-To: <5.2.1.1.0.20040601132028.00b05188@corpmail.courtesymortgage.com> Message-ID: <200406012033.i51KXEkd019574@monitor.blacknight.ie> Try rules de jour Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 1 Euro hosting offer - See: http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams > Sent: 01 June 2004 21:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] SpamAssasin rules and custom .cf files > > Hello everyone. > > Quick background here. Been running MS for almost 4 weeks now > and it has been great and doing everything. I have not had to > do a whole lot of tweaking with things because it was working > so well (add to the fact im overworked as well :) )... > > Anyway, just this past weekend, I noticed that some spam was > starting to slip through my Mail Gateway server, which > prompted me to start thinking about tweaking SA a little bit. > > Anyway, like I said, have not had to do a lot of tweaking > from the get go, but here is what I have. > Setup my default SA rules: low scoring spam is at 5: high is at 10. > > I only downloaded to custom .cf files from > www.rulesemporium.com anti-drug.cf chickenpox.cf > > Since additional spam was starting to leak through, I was > going to start writing some custom rulesets for SA as well as > maybe download a few rulesets. > > Was curious if anyone has a list of what rulesets work the > best? Are there a list of favorite rulesets that seem to work well? > > Just thought i'd ask before I start downloading a few of > these .cf files. > > Thanks guys. > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Email scanned by Blacknight for viruses and dangerous content. > Visit http://www.blacknight.ie for more information -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 21:38:14 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:25:37 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200406012038.i51KcEer027489@seer.ecs.soton.ac.uk> New Guestbook-Entry from Steven Hunt I send email to my buyers and this system stinks I get return mail from this crap all the time and the people I am sending to are my customers From mike at CAMAROSS.NET Tue Jun 1 21:44:03 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email In-Reply-To: <09cb01c44817$2524c170$0e000064@office.compass.net.nz> Message-ID: <200406012042.i51KgWnK027434@avwall2.bladeware.com> By selected customers, do you mean on a per user or per domain level? For per domain, use the mailertable feature on your sendmail box. Have that box deliver directly to the maildrop for each domain. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steven Schmidt > Sent: Tuesday, June 01, 2004 3:30 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Using sendmail to redirect selected email > > Hi All, > > I have a bit of a scaling problem. > > Senario. > Frontend box running Sendmail which redirects email traffic > for selected customers to a box running MailScanner. > MailScanner does the Spam/Virus check, then forwards to final > maildrop. > For non-selected customers, it forwards the mail though to > the final maildrop directly. > I am using a redirect statement for each redirect customer in > sendmail config to redirect selected email. Works fine but is > not very scalable. > (Works fine for a couple of thousand, but if I want to go any > higher, will need to change the way I'm doing it) > > Anybody else using sendmail to decide who gets scanned and > who doesn't. Any ideas would be appreciated. > (Have been considering qmail, but this would require major > changes to the > frontend) > > Regards > Steven Schmidt. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clive at SERENDIPITA.COM Tue Jun 1 21:37:33 2004 From: clive at SERENDIPITA.COM (Clive Eisen) Date: Thu Jan 12 21:25:37 2006 Subject: Bad RFC822 field name '' In-Reply-To: <40BC76F1.2090607@serendipita.com> References: <40BC5959.9000306@actinux.com> <40BC76F1.2090607@serendipita.com> Message-ID: <40BCE90D.3070004@serendipita.com> Clive Eisen wrote: > J?r?me MOLLIER-PIERRET wrote: > >> Hi all, >> >> We use Malscanner with qmail, and experienced this morning some issue >> with stranges mail that are non RFC822 compliant. >> >> It seem that the mail package Mail::Internet has problem when >> Mailscanner trying to process this mail from his queue. >> >> In debug mode the error is : >> Bad RFC822 field name '' >> at /usr/lib/perl5/site_perl/5.8.0/Mail/Internet.pm line 130 >> > We had that too > > the offending message seems to have been > > Received: (qmail 7691 invoked by uid 0); 31 May 2004 14:58:58 -0000 > Received: from cvg-65-26-147-135.cinci.rr.com (65.26.147.135) > by 146.101.136.68 with SMTP; 31 May 2004 14:58:58 -0000 > Received: from 36.26.68.43 by 65.26.147.135 Mon, 31 May 2004 21:53:00 > +0600 > Message-ID: > From: " Sears" <306339186@ae.com> > Reply-To: " Sears" <306339186@ae.com> > To: toze@covato.com > Subject: hey i tried to call you > Date: Mon, 31 May 2004 08:51:00 -0700 > X-Mailer: > -: > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="--114838899249203109" > [ | Priority: Normal > | > ] > > ----114838899249203109 > Content-Type: text/html; > Content-Encoding: NUM > > >

> Hey, whats up, my name is Jen and I'm new to this dating thing. I > saw your profile you put up and I like it. =) I just want to get to > know you a little better if you don't mind, come check my homepage > with all my contact info at: > Sorry to comment on my own post I'd really like to know if this is a qmail/mailscanner problem or generic mailscanner Can someone inject it into a queue who uses sendmail/postfix/exim - I'd really appreciate it. I suggest you edit the 'To:" to something local I think the problem is early on in the mailscanner cycle, whilst the batch is being built because when I reduced the Max Normal Queue Size messages started flowing until the above rogue message was 'found' again. TIA -- Clive -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sschmidt at COMPASS.NET.NZ Tue Jun 1 21:29:31 2004 From: sschmidt at COMPASS.NET.NZ (Steven Schmidt) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email References: <6.1.1.1.2.20040601210710.02a1d218@imap.ecs.soton.ac.uk> Message-ID: <09cb01c44817$2524c170$0e000064@office.compass.net.nz> Hi All, I have a bit of a scaling problem. Senario. Frontend box running Sendmail which redirects email traffic for selected customers to a box running MailScanner. MailScanner does the Spam/Virus check, then forwards to final maildrop. For non-selected customers, it forwards the mail though to the final maildrop directly. I am using a redirect statement for each redirect customer in sendmail config to redirect selected email. Works fine but is not very scalable. (Works fine for a couple of thousand, but if I want to go any higher, will need to change the way I'm doing it) Anybody else using sendmail to decide who gets scanned and who doesn't. Any ideas would be appreciated. (Have been considering qmail, but this would require major changes to the frontend) Regards Steven Schmidt. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue Jun 1 21:51:25 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:37 2006 Subject: Bad RFC822 field name '' In-Reply-To: <40BCE90D.3070004@serendipita.com> References: <40BC5959.9000306@actinux.com> <40BC76F1.2090607@serendipita.com> <40BCE90D.3070004@serendipita.com> Message-ID: <6.1.1.1.2.20040601214859.02c938b8@imap.ecs.soton.ac.uk> At 21:37 01/06/2004, you wrote: >Clive Eisen wrote: > >>J?r?me MOLLIER-PIERRET wrote: >> >>>Hi all, >>> >>>We use Malscanner with qmail, and experienced this morning some issue >>>with stranges mail that are non RFC822 compliant. >>> >>>It seem that the mail package Mail::Internet has problem when >>>Mailscanner trying to process this mail from his queue. >>> >>>In debug mode the error is : >>>Bad RFC822 field name '' >>> at /usr/lib/perl5/site_perl/5.8.0/Mail/Internet.pm line 130 >>We had that too >> >>the offending message seems to have been >> >>Received: (qmail 7691 invoked by uid 0); 31 May 2004 14:58:58 -0000 >>Received: from cvg-65-26-147-135.cinci.rr.com (65.26.147.135) >> by 146.101.136.68 with SMTP; 31 May 2004 14:58:58 -0000 >>Received: from 36.26.68.43 by 65.26.147.135 Mon, 31 May 2004 21:53:00 +0600 >>Message-ID: >>From: " Sears" <306339186@ae.com> >>Reply-To: " Sears" <306339186@ae.com> >>To: toze@covato.com >>Subject: hey i tried to call you >>Date: Mon, 31 May 2004 08:51:00 -0700 >>X-Mailer: >>-: >>MIME-Version: 1.0 >>Content-Type: multipart/alternative; >> boundary="--114838899249203109" >>[ | Priority: Normal >>| >> >>] >> >>----114838899249203109 >>Content-Type: text/html; >>Content-Encoding: NUM >> >> >>

>>Hey, whats up, my name is Jen and I'm new to this dating thing. I >>saw your profile you put up and I like it. =) I just want to get to >>know you a little better if you don't mind, come check my homepage >>with all my contact info at: >Sorry to comment on my own post > >I'd really like to know if this is a qmail/mailscanner problem or generic >mailscanner > >Can someone inject it into a queue who uses sendmail/postfix/exim - I'd >really appreciate it. I suggest you edit the 'To:" to something local Just tried a header of "-" with sendmail and it has no problems with it. Can you put the raw message (in whatever original formats you have it) on a website for me, or mail it to me, as I would like to see what of the headers are tabs and what are spaces. I don't think the "-" header is the problem. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Tue Jun 1 21:50:20 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:37 2006 Subject: SpamAssasin rules and custom .cf files In-Reply-To: <5.2.1.1.0.20040601132028.00b05188@corpmail.courtesymortgage.com> Message-ID: <20040601205021.852F421C2F1@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jason Williams > Sent: Tuesday, June 01, 2004 4:24 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssasin rules and custom .cf files > > Hello everyone. > > Quick background here. Been running MS for almost 4 weeks now and it has > been great and doing everything. I have not had to do a whole lot of > tweaking with things because it was working so well (add to the fact im > overworked as well :) )... > > Anyway, just this past weekend, I noticed that some spam was starting to > slip through my Mail Gateway server, which prompted me to start thinking > about tweaking SA a little bit. > > Anyway, like I said, have not had to do a lot of tweaking from the get go, > but here is what I have. > Setup my default SA rules: low scoring spam is at 5: high is at 10. > > I only downloaded to custom .cf files from > www.rulesemporium.com > anti-drug.cf > chickenpox.cf > > Since additional spam was starting to leak through, I was going to start > writing some custom rulesets for SA as well as maybe download a few > rulesets. > > Was curious if anyone has a list of what rulesets work the best? Are there > a list of favorite rulesets that seem to work well? > > Just thought i'd ask before I start downloading a few of these .cf files. > Do use my_rules_du_jour. It's a rules_du_jour wrapper script that updates the rules_du_jour script. The rules_du_jour script will automatically keep the extra rules you choose to use up-to-date. See: http://www.exit0.us/index.php/MyRulesDuJour Instead of using the BIGEVIL ruleset check out: http://www.surbl.org/ Implementing SpamCopURI and the Bigevil_uri.cf (and dropping the bigeveil.cf from rules_du_jour) has greatly increased accurate spam detection and dropped memory requirements at our sites. Everyone I have compared notes with is reporting very good results. Be careful how many rules you run. You can run out of memory and start swapping. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > Thanks guys. > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From craig at WESTPRESS.COM Tue Jun 1 21:50:29 2004 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:25:37 2006 Subject: SpamAssasin rules and custom .cf files In-Reply-To: <200406012033.i51KXEkd019574@monitor.blacknight.ie> References: <200406012033.i51KXEkd019574@monitor.blacknight.ie> Message-ID: >Try rules de jour > > > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >http://www.blacknight.ie/ >Tel. +353 59 9137101 >1 Euro hosting offer - See: >http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 Man, no link to click on... Rules Du Jour - http://www.exit0.us/index.php/RulesDuJour/ This is a script which can be configured to download rulesets that you choose from the rulesemporium.com site and keeps them up to date if there are any changes. Great script, and a great many of us on this list use it. The script is pretty well documented and easy to set up. You can also check out the FAQ for more info on others: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/275.html Craig D. -- -- Craig Daters (craig at westpress dot com) Systems Administrator West Press Printing 1663 West Grant Road Tucson, Arizona 85745-1433 Tel: 520-624-4939 Fax: 520-624-2715 www.westpress.com -- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sschmidt at COMPASS.NET.NZ Tue Jun 1 21:57:00 2004 From: sschmidt at COMPASS.NET.NZ (Steven Schmidt) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email References: <200406012042.i51KgWnK027434@avwall2.bladeware.com> Message-ID: <09ef01c4481a$fc375210$0e000064@office.compass.net.nz> Hi Mike, Thanks for your reply. On a per user basis. The mailertable works fine for whole domains (The frontend serves many domains) and individual redirects for single email addresses work fine, but is not very scalable. (Can forsee a problem once many single redirects are in the config and each sendmail process having to read through them every time. CPU heaven) Cheers Steven Schmidt. ----- Original Message ----- From: "Mike Kercher" To: Sent: Wednesday, June 02, 2004 8:44 AM Subject: Re: Using sendmail to redirect selected email > By selected customers, do you mean on a per user or per domain level? > > For per domain, use the mailertable feature on your sendmail box. Have that > box deliver directly to the maildrop for each domain. > > Mike > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steven Schmidt > > Sent: Tuesday, June 01, 2004 3:30 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Using sendmail to redirect selected email > > > > Hi All, > > > > I have a bit of a scaling problem. > > > > Senario. > > Frontend box running Sendmail which redirects email traffic > > for selected customers to a box running MailScanner. > > MailScanner does the Spam/Virus check, then forwards to final > > maildrop. > > For non-selected customers, it forwards the mail though to > > the final maildrop directly. > > I am using a redirect statement for each redirect customer in > > sendmail config to redirect selected email. Works fine but is > > not very scalable. > > (Works fine for a couple of thousand, but if I want to go any > > higher, will need to change the way I'm doing it) > > > > Anybody else using sendmail to decide who gets scanned and > > who doesn't. Any ideas would be appreciated. > > (Have been considering qmail, but this would require major > > changes to the > > frontend) > > > > Regards > > Steven Schmidt. > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Tue Jun 1 22:34:17 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email In-Reply-To: <09ef01c4481a$fc375210$0e000064@office.compass.net.nz> Message-ID: <200406012132.i51LWkJY005231@avwall2.bladeware.com> I can't see ANYTHING that works on a per-user basis being very scalable! > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steven Schmidt > Sent: Tuesday, June 01, 2004 3:57 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Using sendmail to redirect selected email > > Hi Mike, > > Thanks for your reply. > > On a per user basis. > > The mailertable works fine for whole domains (The frontend serves many > domains) and individual redirects for single email addresses > work fine, but is not very scalable. (Can forsee a problem > once many single redirects are in the config and each > sendmail process having to read through them every time. CPU heaven) > > Cheers > Steven Schmidt. > > ----- Original Message ----- > From: "Mike Kercher" > To: > Sent: Wednesday, June 02, 2004 8:44 AM > Subject: Re: Using sendmail to redirect selected email > > > > By selected customers, do you mean on a per user or per > domain level? > > > > For per domain, use the mailertable feature on your sendmail box. > > Have > that > > box deliver directly to the maildrop for each domain. > > > > Mike > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steven Schmidt > > > Sent: Tuesday, June 01, 2004 3:30 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Using sendmail to redirect selected email > > > > > > Hi All, > > > > > > I have a bit of a scaling problem. > > > > > > Senario. > > > Frontend box running Sendmail which redirects email traffic for > > > selected customers to a box running MailScanner. > > > MailScanner does the Spam/Virus check, then forwards to final > > > maildrop. > > > For non-selected customers, it forwards the mail though > to the final > > > maildrop directly. > > > I am using a redirect statement for each redirect customer in > > > sendmail config to redirect selected email. Works fine but is not > > > very scalable. > > > (Works fine for a couple of thousand, but if I want to go any > > > higher, will need to change the way I'm doing it) > > > > > > Anybody else using sendmail to decide who gets scanned and who > > > doesn't. Any ideas would be appreciated. > > > (Have been considering qmail, but this would require > major changes > > > to the > > > frontend) > > > > > > Regards > > > Steven Schmidt. > > > > > > -------------------------- MailScanner list ---------------------- > > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > > Before posting, please see the Most Asked Questions at > > > http://www.mailscanner.biz/maq/ and the archives at > > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From William.Burns at AEROFLEX.COM Tue Jun 1 22:33:40 2004 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email In-Reply-To: <09ef01c4481a$fc375210$0e000064@office.compass.net.nz> References: <200406012042.i51KgWnK027434@avwall2.bladeware.com> <09ef01c4481a$fc375210$0e000064@office.compass.net.nz> Message-ID: <40BCF634.3060002@aeroflex.com> Steven: I use the LDAP "Laser" standard to query an external LDAP database, and route mail accordingly. This is working very well w/ over 2000 users. There is no delay that I've noticed for additional users. Other people have pointed out (and it's in the mailscanner FAQ, or MAQ somewhere) that a sendmail "LDAP" query can be done to a local database file. That way, you don't have to configure an LDAP server. -Bill Steven Schmidt wrote: >Hi Mike, > >Thanks for your reply. > >On a per user basis. > >The mailertable works fine for whole domains (The frontend serves many >domains) and individual redirects for single email addresses work fine, but >is not very scalable. (Can forsee a problem once many single redirects are >in the config and each sendmail process having to read through them every >time. CPU heaven) > >Cheers >Steven Schmidt. > >----- Original Message ----- >From: "Mike Kercher" >To: >Sent: Wednesday, June 02, 2004 8:44 AM >Subject: Re: Using sendmail to redirect selected email > > > > >>By selected customers, do you mean on a per user or per domain level? >> >>For per domain, use the mailertable feature on your sendmail box. Have >> >> >that > > >>box deliver directly to the maildrop for each domain. >> >>Mike >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steven Schmidt >>>Sent: Tuesday, June 01, 2004 3:30 PM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Using sendmail to redirect selected email >>> >>>Hi All, >>> >>>I have a bit of a scaling problem. >>> >>>Senario. >>>Frontend box running Sendmail which redirects email traffic >>>for selected customers to a box running MailScanner. >>>MailScanner does the Spam/Virus check, then forwards to final >>>maildrop. >>>For non-selected customers, it forwards the mail though to >>>the final maildrop directly. >>>I am using a redirect statement for each redirect customer in >>>sendmail config to redirect selected email. Works fine but is >>>not very scalable. >>>(Works fine for a couple of thousand, but if I want to go any >>>higher, will need to change the way I'm doing it) >>> >>>Anybody else using sendmail to decide who gets scanned and >>>who doesn't. Any ideas would be appreciated. >>>(Have been considering qmail, but this would require major >>>changes to the >>>frontend) >>> >>>Regards >>>Steven Schmidt. >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>Before posting, please see the Most Asked Questions at >>>http://www.mailscanner.biz/maq/ and the archives at >>>http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >>> >>> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Tue Jun 1 23:10:53 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:25:37 2006 Subject: SpamAssasin rules and custom .cf files Message-ID: <91A5926EFF44D3118B1200104B7276EB02C5714A@hart-exchange.hartwellcorp.com> Stephen Swaney wrote: > Do use my_rules_du_jour. It's a rules_du_jour wrapper script that > updates the rules_du_jour script. The rules_du_jour script will > automatically keep the extra rules you choose to use up-to-date. See: The latest version of rules_du_jour largely eliminates the need for my_rules_du_jour by reading it's settings from a config file placed in /etc or any number of other places. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkettler at EVI-INC.COM Wed Jun 2 00:14:04 2004 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:25:37 2006 Subject: SpamAssasin rules and custom .cf files In-Reply-To: <5.2.1.1.0.20040601132028.00b05188@corpmail.courtesymortgag e.com> References: <5.2.1.1.0.20040601132028.00b05188@corpmail.courtesymortgage.com> Message-ID: <6.0.0.22.0.20040601190317.02882a08@192.168.50.2> At 04:24 PM 6/1/2004, Jason Williams wrote: >Was curious if anyone has a list of what rulesets work the best? Are there >a list of favorite rulesets that seem to work well? Hmm, a list of what works best.. well, there's no formal list, but I for one think antidrug is one of the best :) (yes, I am the guy that wrote it, what do you expect me to say about it?? ) That said, I use antidrug, and some hand-collapsed versions of popcorn.cf and backhair.cf. I've got about two dozen other personal rules I use as well. I also use DCC, RBLs, and the SURBL add-on. I'm VERY impressed with SURBL. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Wed Jun 2 00:45:17 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email In-Reply-To: <200406012132.i51LWkJY005231@avwall2.bladeware.com> Message-ID: Hi! > I can't see ANYTHING that works on a per-user basis being very scalable! Why not ? You can use LDAP for example to do that. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From schristen at RESOTECH.COM Wed Jun 2 01:00:56 2004 From: schristen at RESOTECH.COM (Stephan Christen RSTI) Date: Thu Jan 12 21:25:37 2006 Subject: Bad RFC822 field name '' Message-ID: Had the same problem, received the same email. Have MailScanner (4.2.24) running with Qmail. You can find a copy of the mail by pointing your browser to http://www.resotech.com/download/bad_rfc822_field_name.mail.tgz. Hope you can figure it out. Cheers Stephan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscriptions at ETEAM.COM.AU Wed Jun 2 01:39:52 2004 From: subscriptions at ETEAM.COM.AU (Wayne Fox) Date: Thu Jan 12 21:25:37 2006 Subject: Network Associates is granted BROAD anti-spam Patent! In-Reply-To: <6.1.1.1.2.20040601182132.02bd95d8@imap.ecs.soton.ac.uk> References: <91A5926EFF44D3118B1200104B7276EB02C57140@hart-exchange.hartwellcorp.com> <6.1.1.1.2.20040601182132.02bd95d8@imap.ecs.soton.ac.uk> Message-ID: <6.1.0.6.2.20040602103353.05fe9150@mail.eteam.com.au> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040602/5c5b32da/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ab1830d.jpg Type: image/jpeg Size: 2354 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040602/5c5b32da/ab1830d.jpg From jrudd at UCSC.EDU Wed Jun 2 02:16:00 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:37 2006 Subject: Network Associates is granted BROAD anti-spam Patent! References: <91A5926EFF44D3118B1200104B7276EB02C57140@hart-exchange.hartwellcorp.com> <6.1.1.1.2.20040601182132.02bd95d8@imap.ecs.soton.ac.uk> <6.1.0.6.2.20040602103353.05fe9150@mail.eteam.com.au> Message-ID: <40BD2A50.330EC7CE@ucsc.edu> Wayne Fox wrote: > > Network Associates is granted broad antispam patent > Posted June 1, 10:54 a.m. Pacific Time > > Network Associates Inc. (NAI) has been granted a broad U.S. patent for > technology covering "various computer program products, systems and > methods" for filtering unwanted e-mail messages, it said Tuesday. >> > READ MORE > > Can MailScanner prove it implemented Bayes rules and compound > filtering First? (December 2002) > > 1) MailScanner doesn't impliment bayesian filters. Spam Assassin does. 2) IIRC, SA had it at least as far back as the summer of 2002. 3) SA's core project exists outside of the US, last time I checked, so I'm not sure how this will interact with SA anyway. 4) for that matter, MailScanner's core project is in the UK, so even if it was MS's implimentation, I don't know how that would interact either. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Wed Jun 2 03:01:51 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email In-Reply-To: Message-ID: <200406020200.i5220I6h002365@avwall2.bladeware.com> True...but you still have to update the LDAP database for each and every user. Could grow to be an administrative nightmare. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn > Sent: Tuesday, June 01, 2004 6:45 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Using sendmail to redirect selected email > > Hi! > > > I can't see ANYTHING that works on a per-user basis being > very scalable! > > Why not ? You can use LDAP for example to do that. > > Bye, > Raymond. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gib at TMISNET.COM Wed Jun 2 03:50:51 2004 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:25:37 2006 Subject: Silent Viruses Options In-Reply-To: <6.1.1.1.2.20040601192714.0444e720@imap.ecs.soton.ac.uk> References: <6.1.1.1.2.20040601192714.0444e720@imap.ecs.soton.ac.uk> Message-ID: <6.1.1.1.2.20040602124821.0475aae8@mail.tmisnet.com> Hi. At 07:28 PM 6/1/2004 +0100, you wrote: >At 19:09 01/06/2004, you wrote: >>I?ve problems. >>My options : >>Allow IFrame Tags= disarm >>Silent Viruses = HTML-IFrame All-Viruses >> >> >>Then, my users don?t recieves mail from News Mails based in html format. >>For example from : Cisco IDS news.( Cisco Systems Inc >>[IDS_Active_Update@mail.ciscomessage.com]) >> >>My users need to receive these mails, but I believe that is to leave to >>the system antivirus uncertain. They can give a suggestion me? >> >> >>I need to permit this emails but I think > >The standard solution to this is to set "Allow IFrame Tags" to be a >ruleset, allowing the tags from certain known trusted addresses such as >the Cisco newsletters and the daily Dilbert cartoon. The "Log IFrame Tags" >option is there to help you work out which addresses you need to whitelist. What is logged and where is it logged? What does an entry in the log look like? I've searched through my maillogs for IFrame but there are no entries with that text in it. And yes, I have MailScanner setup as follows: Allow IFrame Tags = yes Log IFrame Tags = yes Thanks gib >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's "Friendly ISP" -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Wed Jun 2 07:17:00 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:37 2006 Subject: Using sendmail to redirect selected email In-Reply-To: <200406020200.i5220I6h002365@avwall2.bladeware.com> Message-ID: Hi! > True...but you still have to update the LDAP database for each and every > user. Could grow to be an administrative nightmare. We do this for around 300.000 mailboxes in one of my setups. Works rather ok. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From P.G.M.Peters at utwente.nl Wed Jun 2 07:59:21 2004 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:25:37 2006 Subject: Some really newbie quesitons. In-Reply-To: <6.0.0.22.0.20040601111531.0289e188@192.168.50.2> References: <6.0.0.22.0.20040528112659.0280f288@192.168.50.2> <1085775411.2082.32.camel@bach.kevinspicer.co.uk> <6.0.0.22.0.20040601111531.0289e188@192.168.50.2> Message-ID: On Tue, 1 Jun 2004 11:24:49 -0400, you wrote: >However, as far as damage goes, given that undeliverable addresses will >also generate 550's you're pretty much always going to have the problem of >returns from "one step further upstream". By 5xx ing spam you're creating >no greater scale of problems than would otherwise exist for the Joe job >victim than if you did no spam scanning at all. They're going to have to >deal with floods from all relays and forwarders involved anyway. If you don't do spam scanning the spam ends up in the mailbox of your user. If you bounce on spam it is another one that ends up in the mailbox of the victim. While it might be just one in a hundred but that is the same (small) spammers say: "My single spam is just one in a hundred. That doesn't matter." -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From P.G.M.Peters at utwente.nl Wed Jun 2 08:04:09 2004 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:25:37 2006 Subject: SpamAssasin rules and custom .cf files In-Reply-To: <91A5926EFF44D3118B1200104B7276EB02C5714A@hart-exchange.hartwellcorp.com> References: <91A5926EFF44D3118B1200104B7276EB02C5714A@hart-exchange.hartwellcorp.com> Message-ID: <1tuqb0pf85vnq34m3cevrvmudr6j2a5017@4ax.com> On Tue, 1 Jun 2004 15:10:53 -0700, you wrote: >Stephen Swaney wrote: >> Do use my_rules_du_jour. It's a rules_du_jour wrapper script that >> updates the rules_du_jour script. The rules_du_jour script will >> automatically keep the extra rules you choose to use up-to-date. See: > >The latest version of rules_du_jour largely eliminates the need for >my_rules_du_jour by reading it's settings from a config file placed in /etc >or any number of other places. I looked at it but couldn't find how they process non-standard rulesets. Or doesn't it matter and can it just use my_rules_du_jour as the new config file? -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clive at SERENDIPITA.COM Wed Jun 2 08:31:58 2004 From: clive at SERENDIPITA.COM (Clive Eisen) Date: Thu Jan 12 21:25:37 2006 Subject: Bad RFC822 field name '' In-Reply-To: References: Message-ID: <40BD826E.7050302@serendipita.com> Stephan Christen RSTI wrote: >Had the same problem, received the same email. Have MailScanner (4.2.24) >running with Qmail. You can find a copy of the mail by pointing your browser >to http://www.resotech.com/download/bad_rfc822_field_name.mail.tgz. Hope you >can figure it out. > >Cheers >Stephan > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > The openprotect guys are on the case to produce a patch - it seems to be in the qmail specific mailscanner .pms -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From P.G.M.Peters at utwente.nl Wed Jun 2 08:50:55 2004 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:25:37 2006 Subject: Network Associates is granted BROAD anti-spam Patent! In-Reply-To: <40BD2A50.330EC7CE@ucsc.edu> References: <91A5926EFF44D3118B1200104B7276EB02C57140@hart-exchange.hartwellcorp.com> <6.1.1.1.2.20040601182132.02bd95d8@imap.ecs.soton.ac.uk> <6.1.0.6.2.20040602103353.05fe9150@mail.eteam.com.au> <40BD2A50.330EC7CE@ucsc.edu> Message-ID: <71vqb01m12paesph55e9t0c4gudlkcbmb1@4ax.com> On Tue, 1 Jun 2004 18:16:00 -0700, you wrote: >1) MailScanner doesn't impliment bayesian filters. Spam Assassin does. > >2) IIRC, SA had it at least as far back as the summer of 2002. > >3) SA's core project exists outside of the US, last time I checked, so >I'm not sure how this will interact with SA anyway. > >4) for that matter, MailScanner's core project is in the UK, so even if >it was MS's implimentation, I don't know how that would interact either. It could have implications for people using MS and SA in the states. Like SCO demanding license fees from the users NAI could try the same. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Wed Jun 2 08:56:06 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:37 2006 Subject: Network Associates is granted BROAD anti-spam Patent! Message-ID: <5C0296D26910694BB9A9BBFC577E7AB002370794@pascal.priv.bmrb.co.uk> Peter Peters wrote: > It could have implications for people using MS and SA in the states. > Like SCO demanding license fees from the users NAI could try the same. What is even more concerning is that McAfees spam product is SpamAssassin. SpamAssassin is dual licensed under the GPL, which does have a clause about patents - anyone care to comment about how this applies. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From faisal at MITSUMINET.COM Wed Jun 2 09:23:08 2004 From: faisal at MITSUMINET.COM (Faisal) Date: Thu Jan 12 21:25:37 2006 Subject: Problem Receiving Mail Message-ID: <001701c4487a$d9821f10$01436dc1@faisalxp> Hello, I have MailScanner 4.31 runing on Red Hat 9 with sendmail. Now my problem is that wheneve I am sending mail to my own address from outlook the mail is not coming it is getting lost. After disabling MailScanner it is working fine. Sometimes the mail are coming and sometimes not. Regards Faisal Memon Mitsuminet (K) Ltd. T : 254-20-210342 E : faisal@mitsuminet.com Msn: faisal@mitsuminet.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040602/dd7c9364/attachment.html From patricksteiner at BLUEWIN.CH Wed Jun 2 09:43:35 2004 From: patricksteiner at BLUEWIN.CH (Patrick Steiner) Date: Thu Jan 12 21:25:37 2006 Subject: *****SPAM***** Problem Receiving Mail In-Reply-To: <001701c4487a$d9821f10$01436dc1@faisalxp> References: <001701c4487a$d9821f10$01436dc1@faisalxp> Message-ID: <40BD9337.1080809@bluewin.ch> I think your problem is that your own mail is filtred as a spam mail!!! look at the header to see the score from spamassassin: X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mybag.homeip.net X-Spam-Level: ***** X-Spam-Status: Yes, hits=6.0 required=3.0 tests=BIZ_TLD,HTML_70_80, HTML_FONTCOLOR_RED,HTML_FONTCOLOR_UNKNOWN,HTML_FONTCOLOR_UNSAFE, HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_DSBL,RCVD_IN_NJABL, RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP, RCVD_IN_SORBS_SOCKS autolearn=no version=2.63 X-Spam-Report: * 0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.2 HTML_FONT_FACE_BAD BODY: HTML font face is not a word * 0.1 HTML_FONTCOLOR_UNSAFE BODY: HTML font color not in safe 6x6x6 palette * 0.1 HTML_70_80 BODY: Message is 70% to 80% HTML * 0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red * 0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain * 1.1 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy server * [193.109.67.1 listed in dnsbl.sorbs.net] * 1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server * [193.109.67.1 listed in dnsbl.sorbs.net] * 1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org * [] * 1.1 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy * [193.109.67.1 listed in dnsbl.njabl.org] * 0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org * [193.109.67.1 listed in dnsbl.njabl.org] * 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS * [193.109.67.1 listed in dnsbl.sorbs.net] Faisal wrote: > Hello, > I have MailScanner 4.31 runing on Red Hat 9 with sendmail. Now my > problem is that wheneve I am sending mail to my own address from > outlook the mail is not coming it is getting lost. After disabling > MailScanner it is working fine. Sometimes the mail are coming and > sometimes not. > Regards > Faisal Memon > Mitsuminet (K) Ltd. > T : 254-20-210342 > E : faisal@mitsuminet.com > Msn: faisal@mitsuminet.com > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040602/a8a1a8f8/attachment.html From jokerni at YAHOO.COM Wed Jun 2 12:14:16 2004 From: jokerni at YAHOO.COM (Paul Rantin) Date: Thu Jan 12 21:25:37 2006 Subject: Some really newbie quesitons. Message-ID: Hi All Many thanks for all your inputs, like I said I?m a newbie to all of this. I?ve just started to mess about with mail servers. I?m one guy, one domain who all of a sudden is getting hammered by one of the big three US spammers, I get more that 700 emails a day of spam. They are using a blanket attack, i.e. *randomname*@mydomian.com and it gets very tiring trying to sort it out. That is why I have installed SpamAssasin and MailScanner. As Kevin emailed I am using a mail forwarded system from my hosting service and because of the way I have my mail system setup I use the catch all option which redirects to a mail account. Now with this amount of spam I have having to setup filers for all the mail addresses that I use. All of this is extra work for me and I am very angry that I have to do this. When I see other replies stating that I should just delete it my instant response is why should I if I am getting spammed why should I not bounce it back? Yes I know that the mail header is forged but I feel totally useless that someone is attacking my system and there?s not a lot I can do about it. I thought some of it would maybe get back and if they seen that it was getting bounced it might get them to stop, again I know this more often than not the case but I have had a hacked attempt on the spam trap email account I had setup to process the incoming mails, so some do monitor what they get bounced back. As always I?m open to suggestions on how I can tackle this. Thanks again Paul -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From avl at SEAVENUE.NET Wed Jun 2 14:29:01 2004 From: avl at SEAVENUE.NET (Andy Lou) Date: Thu Jan 12 21:25:37 2006 Subject: bz2 extension doesn't work Message-ID: A week or 2 ago I installed Mailscanner 4.31.2 THe previous versino was 4.26.2 (or so). Now with this new version all files, archived with bzip2 - pass without checking. Although Kaspersky itself finds a virus in this .bz2 file, being executed manually. But when being executed by Mailscanner - doesn't. I couldnt find any differences in my old and new setups of MailScanner. All conf. files are mostly the same. And kavscanner's flags also. any hints ? Best regards, Andy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Wed Jun 2 14:32:41 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:38 2006 Subject: Some really newbie quesitons. In-Reply-To: References: Message-ID: <40BDD6F9.6030907@solid-state-logic.com> Paul I feel for ya.. here's how I do it... 1) I only allow email for 'known' accounts into my MailScanner box (rest is rejected by the MTA - user unknown) - that's 2/3s of my email traffic! 2) I don't bounce anything else from anywhere - all 'modern' viruses and spam forge the from info so it's totally useless bouncing later that at the MTA insertion point (1). 3) I then run SA etc from with MS. I've got quite a few extra rules etc that I've downloaded/ tuned over the last 6 months. Anything with a SA score of 10 or more is not delivered. this traps over 70% of the remaining email. 4) anything with a score from 5 to 10 us delivered but tagged with {Spam?} in the subject. another 2% is caught here. 5) the users stop getting 1-200 messages a day of spam...yay -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Paul Rantin wrote: > Hi All > > Many thanks for all your inputs, like I said I?m a newbie to all of this. > I?ve just started to mess about with mail servers. I?m one guy, one domain > who all of a sudden is getting hammered by one of the big three US > spammers, I get more that 700 emails a day of spam. They are using a > blanket attack, i.e. *randomname*@mydomian.com and it gets very tiring > trying to sort it out. That is why I have installed SpamAssasin and > MailScanner. As Kevin emailed I am using a mail forwarded system from my > hosting service and because of the way I have my mail system setup I use > the catch all option which redirects to a mail account. Now with this > amount of spam I have having to setup filers for all the mail addresses > that I use. > All of this is extra work for me and I am very angry that I have to do > this. When I see other replies stating that I should just delete it my > instant response is why should I if I am getting spammed why should I not > bounce it back? Yes I know that the mail header is forged but I feel > totally useless that someone is attacking my system and there?s not a lot I > can do about it. I thought some of it would maybe get back and if they seen > that it was getting bounced it might get them to stop, again I know this > more often than not the case but I have had a hacked attempt on the spam > trap email account I had setup to process the incoming mails, so some do > monitor what they get bounced back. > > As always I?m open to suggestions on how I can tackle this. > > Thanks again > > Paul > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From prandal at HEREFORDSHIRE.GOV.UK Wed Jun 2 14:27:11 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:38 2006 Subject: Some really newbie quesitons. Message-ID: <801403078973F243A6A74322E134AF500F1D39@mail.herefordshire.gov.uk> Bouncing it back is a total waste of time, resources, and merely confirms to any spammer who's stupid enough to use their own legit "From" address that you're a live recipient. Don't even bother. It's best to assume that all spammers use forged addresses. If that's not enough, ponder this. They cared enough about you not to spam you in the first place. Oh, they did. So why on earth do you think they'll desist. These guys, like virus authors, are the sociopaths of the net. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Rantin > Sent: 02 June 2004 12:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Some really newbie quesitons. > > Hi All > > Many thanks for all your inputs, like I said I'm a newbie to > all of this. > I've just started to mess about with mail servers. I'm one > guy, one domain who all of a sudden is getting hammered by > one of the big three US spammers, I get more that 700 emails > a day of spam. They are using a blanket attack, i.e. > *randomname*@mydomian.com and it gets very tiring trying to > sort it out. That is why I have installed SpamAssasin and > MailScanner. As Kevin emailed I am using a mail forwarded > system from my hosting service and because of the way I have > my mail system setup I use the catch all option which > redirects to a mail account. Now with this amount of spam I > have having to setup filers for all the mail addresses that I use. > All of this is extra work for me and I am very angry that I > have to do this. When I see other replies stating that I > should just delete it my instant response is why should I if > I am getting spammed why should I not bounce it back? Yes I > know that the mail header is forged but I feel totally > useless that someone is attacking my system and there's not a > lot I can do about it. I thought some of it would maybe get > back and if they seen that it was getting bounced it might > get them to stop, again I know this more often than not the > case but I have had a hacked attempt on the spam trap email > account I had setup to process the incoming mails, so some do > monitor what they get bounced back. > > As always I'm open to suggestions on how I can tackle this. > > Thanks again > > Paul > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dh at UPTIME.AT Wed Jun 2 14:40:54 2004 From: dh at UPTIME.AT (=?UTF-8?B?RGF2aWQgSMO2aG4=?=) Date: Thu Jan 12 21:25:38 2006 Subject: Some really newbie quesitons. In-Reply-To: <801403078973F243A6A74322E134AF500F1D39@mail.herefordshire.gov.uk> References: <801403078973F243A6A74322E134AF500F1D39@mail.herefordshire.gov.uk> Message-ID: <40BDD8E6.5050001@uptime.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Randal, Phil wrote: These guys, like virus authors, are the sociopaths of | the net. | Cool, that makes me a 'sociopaths of the net' then because I have written virus code. It was even polymorphic. I just never released it to the public :) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAvdjmPMoaMn4kKR4RA3/8AJ9L7AVNlPUl2QyPd4V4/0YEM49XTQCeJr/l ZC6Ey47X6hUEuyve4eOcNew= =hBl6 -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From b.passante at ACTINUX.COM Wed Jun 2 14:20:23 2004 From: b.passante at ACTINUX.COM (Brian PASSANTE) Date: Thu Jan 12 21:25:38 2006 Subject: Bad RFC822 field name '' Message-ID: <40BDD417.90600@actinux.com> Hi, I try to found where the problem comes from excatly. I just find why the problem is specific to Qmail. The Qmail.pm script use the Internet.pm lib from Mailtool which use the Header.pm to parse headers. This is this script which get the error message, : Header.pm: croak( "Bad RFC822 field name '$tag'\n") unless(defined $ctag && $ctag =~ /\A($FIELD_NAME|From )/oi); I don't really know why this script return on error message because, it seems the header "-:" is RFC822 compliant. So I don't know if it is a bug in this lib, but i think the Qmail.pm file must take care of error message of the Header.pm file. Have you any idee to do it ? Thanks a lot, Brian. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dnsadmin at 1BIGTHINK.COM Wed Jun 2 16:34:39 2004 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:25:38 2006 Subject: Problem Receiving Mail In-Reply-To: <001701c4487a$d9821f10$01436dc1@faisalxp> References: <001701c4487a$d9821f10$01436dc1@faisalxp> Message-ID: <6.1.0.6.0.20040602113143.055361a8@mx.1bigthink.com> At 04:23 AM 6/2/2004, you wrote: >Hello, >I have MailScanner 4.31 runing on Red Hat 9 with sendmail. Now my problem >is that wheneve I am sending mail to my own address from outlook the mail >is not coming it is getting lost. After disabling MailScanner it is >working fine. Sometimes the mail are coming and sometimes not. >Regards >Faisal Memon You are probably discarding your virus and or spam content. Until you tweak your rulesets and watch your administrator notifications and spam scoring, you will never get this beast leashed! Look into your MailScanner.conf ; read and tweak and comment your changes so that you cna backtrack! Cheers! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dbird at SGHMS.AC.UK Wed Jun 2 18:15:23 2004 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:25:38 2006 Subject: *****SPAM***** Problem Receiving Mail In-Reply-To: <40BD9337.1080809@bluewin.ch> References: <001701c4487a$d9821f10$01436dc1@faisalxp> <40BD9337.1080809@bluewin.ch> Message-ID: <40BE0B2B.2090307@sghms.ac.uk> Patrick Steiner wrote: > I think your problem is that your own mail is filtred as a spam > mail!!! look at the header to see the score from spamassassin: > >X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mybag.homeip.net >X-Spam-Level: ***** >X-Spam-Status: Yes, hits=6.0 required=3.0 tests=BIZ_TLD,HTML_70_80, > HTML_FONTCOLOR_RED,HTML_FONTCOLOR_UNKNOWN,HTML_FONTCOLOR_UNSAFE, > HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_DSBL,RCVD_IN_NJABL, > RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP, > RCVD_IN_SORBS_SOCKS autolearn=no version=2.63 >X-Spam-Report: > * 0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 0.2 HTML_FONT_FACE_BAD BODY: HTML font face is not a word > * 0.1 HTML_FONTCOLOR_UNSAFE BODY: HTML font color not in safe 6x6x6 palette > * 0.1 HTML_70_80 BODY: Message is 70% to 80% HTML > * 0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red > * 0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain > * 1.1 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy server > * [193.109.67.1 listed in dnsbl.sorbs.net] > * 1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server > * [193.109.67.1 listed in dnsbl.sorbs.net] > * 1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org > * [] > * 1.1 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy > * [193.109.67.1 listed in dnsbl.njabl.org] > * 0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org > * [193.109.67.1 listed in dnsbl.njabl.org] > * 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS > * [193.109.67.1 listed in dnsbl.sorbs.net] > You also want to fix your relaying and get yourslef delisted http://openrbl.org/#193.109.67.1 Dan > > > Faisal wrote: > >> Hello, >> I have MailScanner 4.31 runing on Red Hat 9 with sendmail. Now my >> problem is that wheneve I am sending mail to my own address from >> outlook the mail is not coming it is getting lost. After disabling >> MailScanner it is working fine. Sometimes the mail are coming and >> sometimes not. >> Regards >> Faisal Memon >> Mitsuminet (K) Ltd. >> T : 254-20-210342 >> E : faisal@mitsuminet.com >> Msn: faisal@mitsuminet.com >> >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > MailScanner thanks transtec Computers for > their support. -------------------------- MailScanner list > ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From glen.willms at RIVERSIDE.BC.CA Wed Jun 2 17:58:16 2004 From: glen.willms at RIVERSIDE.BC.CA (Glen Willms) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order Message-ID: Is there a way to scan messages for virii before the Spam checks? It would be really nice to not have virii show up as spam, or get added to the bayes database. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Wed Jun 2 21:06:47 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:25:38 2006 Subject: Bad RFC822 field name '' In-Reply-To: <40BDD417.90600@actinux.com> Message-ID: <40BE0927.15494.477DC6BC@localhost> I don't have the will to read (again) rfc822 or 2822, but, even when -: may be legal, the offending header lines must be: [ ? Priority: Normal ] That is definitively rfc822 NON-compliant. Regards. El 2 Jun 2004 a las 15:20, Brian PASSANTE escribi?: > Hi, > > I try to found where the problem comes from excatly. > I just find why the problem is specific to Qmail. > The Qmail.pm script use the Internet.pm lib from Mailtool which use the > Header.pm to parse headers. > This is this script which get the error message, : > > Header.pm: > > croak( "Bad RFC822 field name '$tag'\n") > unless(defined $ctag && $ctag =~ /\A($FIELD_NAME|From )/oi); > > > I don't really know why this script return on error message because, it > seems the header "-:" is RFC822 compliant. > > So I don't know if it is a bug in this lib, but i think the Qmail.pm > file must take care of error message of the Header.pm file. > Have you any idee to do it ? > > Thanks a lot, > > Brian. > -- Mariano Absatz El Baby ---------------------------------------------------------- I like cats too. Let's exchange recipes. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Wed Jun 2 21:46:37 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:25:38 2006 Subject: tiny, low priority patch for ZMailer Message-ID: <40BE127D.29808.47A23F85@localhost> Hi Julian, I just noticed a small bug (mostly invisible to everyone) that slipped thru in the very first version of ZMailer support for MailScanner. It's a 'print STDERR' that should be commented out and is not. --- ZMDiskStore.pm.ORI Wed Jun 2 17:39:46 2004 +++ ZMDiskStore.pm Wed Jun 2 17:40:05 2004 @@ -219,7 +219,7 @@ my $b= Body->new( $this->{hdpath} ); $b->Start(); my $line; - print STDERR "originalBody\n"; + #print STDERR "originalBody\n"; while( $line= $b->Next() ) { $Tf->print($line); #print STDERR "BODY: $line"; See if you can add it so next version is OK... BTW, I noticed this after implementing what I posted in http://tinyurl.com/2hpgn and logging MailScanner's STDOUT and STDERR... suddenly, my logs got full of 'originalBody' lines :-) Were you able to take a look at the patches I posted there? Do you think it has a chance of getting in the main trunk? FWIW, I have it working very smoothly on two production environments (one of them is a 12-server border farm for a large ISP... I'll be reporting about this next week) Regards. -- Mariano Absatz El Baby ---------------------------------------------------------- Everyone must believe in something. I believe I'll have another drink. -- W.C. Fields -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at HOME.CARLO65.DE Wed Jun 2 23:40:43 2004 From: mailscanner at HOME.CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:25:38 2006 Subject: Problem with 4.31.6 and duplicate mails? In-Reply-To: <40BE26B9.9010509@glendown.de> References: <40BE26B9.9010509@glendown.de> Message-ID: <1086216042.8848.1.camel@home.carlo65.de> Hi Garry, Am Mi, den 02.06.2004 schrieb Garry Glendown um 21:12: > After upgrading to 4.31.6 yesterday, I have noticed receiving duplicate > mails, some of which without contents or with "<<< No Message Collected > >>>" in the body ... has anybody else experienced this? Yes, I first experienced this with version 4.30. You should look for the line #lock type=flock and change it to read: lock type=posix. This fixes the problem. Regards, Roland -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed Jun 2 18:56:23 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: References: Message-ID: Glen Willms wrote: > Is there a way to scan messages for virii before the Spam checks? It would > be really nice to not have virii show up as spam, or get added to the bayes > database. Maybe this will answer your question: http://www.mailscanner.biz/maq/#order > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Wed Jun 2 19:15:51 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: Message-ID: <200406021815.i52IFi12025791@monitor.blacknight.ie> Glen We've been asking about this too :) FYI - the plural of virus is viruses Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 1 Euro hosting offer - See: http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From garry at GLENDOWN.DE Wed Jun 2 20:12:57 2004 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:25:38 2006 Subject: Problem with 4.31.6 and duplicate mails? Message-ID: <40BE26B9.9010509@glendown.de> After upgrading to 4.31.6 yesterday, I have noticed receiving duplicate mails, some of which without contents or with "<<< No Message Collected >>>" in the body ... has anybody else experienced this? Bye, -gg -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gib at TMISNET.COM Thu Jun 3 00:10:14 2004 From: gib at TMISNET.COM (Gib Gilbertson) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order Message-ID: On Wed, 2 Jun 2004 17:58:16 +0100, Glen Willms wrote: >Is there a way to scan messages for virii before the Spam checks? It would >be really nice to not have virii show up as spam, or get added to the bayes >database. Maybe at least scan all low scoring spam for viruses? gib -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bayardo.rivas at puntos.org.ni Thu Jun 3 00:22:30 2004 From: bayardo.rivas at puntos.org.ni (Bayardo Rivas) Date: Thu Jan 12 21:25:38 2006 Subject: telnet to smtp port is refused Message-ID: <002e01c448f8$7d27b4e0$0300a8c0@BAR> Hello, I have just installed Mailscanner and ClamAV. I use Suse 8.1 as mailserver. When I start the Mailscanner daemon it starts Sendmail without problems, but when I try to telnet to port 25/smtp i receive a "conection refused" message. I note that when I start sendmail alone, smtp port is open and working ok, but when sendmail start with Mailscanner smtp port is like closed. Thanks for your help. Bayardo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040602/4b7bbf0f/attachment.html From jaearick at COLBY.EDU Thu Jun 3 03:24:14 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <200406021815.i52IFi12025791@monitor.blacknight.ie> References: <200406021815.i52IFi12025791@monitor.blacknight.ie> Message-ID: On Wed, 2 Jun 2004, Michele Neylon :: Blacknight Solutions wrote: > > FYI - the plural of virus is viruses I went to our Classics dept a while back and asked our resident scholar, who speaks Latin, Greek, Hebrew, English, Polish, and probably other languages. She said that correct Latin is "viri", not "virii". But she also said that "viri" will look strange to most people and suggested that the English translation to "viruses" would be correct. Being in academia, I just had to ask. There ya go. Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 04:14:24 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:38 2006 Subject: Some really newbie quesitons. In-Reply-To: <40BDD8E6.5050001@uptime.at> Message-ID: <000e01c44918$e114dc60$2065e0c9@cositputer> No, that's like thinking "what would it be like if I were a serial killer?"... No harm done ;) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David H?hn Sent: Wednesday, June 02, 2004 8:41 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Some really newbie quesitons. -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Randal, Phil wrote: These guys, like virus authors, are the sociopaths of | the net. | Cool, that makes me a 'sociopaths of the net' then because I have written virus code. It was even polymorphic. I just never released it to the public :) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAvdjmPMoaMn4kKR4RA3/8AJ9L7AVNlPUl2QyPd4V4/0YEM49XTQCeJr/l ZC6Ey47X6hUEuyve4eOcNew= =hBl6 -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 04:18:11 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:38 2006 Subject: OT: - RE: Virus Scan Order In-Reply-To: <200406021815.i52IFi12025791@monitor.blacknight.ie> Message-ID: <000f01c44919$675e4d60$2065e0c9@cositputer> That's a sticky situation. The word "virus" is not even supposed to have plural in latin, or so I've heard. http://dictionary.reference.com/help/faq/language/v/virus.html -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: Blacknight Solutions Sent: Wednesday, June 02, 2004 1:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus Scan Order Glen We've been asking about this too :) FYI - the plural of virus is viruses Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 1 Euro hosting offer - See: http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Thu Jun 3 04:31:30 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: References: <200406021815.i52IFi12025791@monitor.blacknight.ie> Message-ID: <80B2CCB3-B50E-11D8-B018-003065F939FE@ucsc.edu> On Jun 2, 2004, at 7:24 PM, Jeff A. Earickson wrote: > On Wed, 2 Jun 2004, Michele Neylon :: Blacknight Solutions wrote: > >> >> FYI - the plural of virus is viruses > > I went to our Classics dept a while back and asked our resident > scholar, > who speaks Latin, Greek, Hebrew, English, Polish, and probably other > languages. She said that correct Latin is "viri", not "virii". But > she > also said that "viri" will look strange to most people and suggested > that > the English translation to "viruses" would be correct. Being in > academia, I just had to ask. There ya go. > Our resident expert on linguistics (who is also one of the people who works on the oxford english dictionary) had this to say about it: Begin forwarded message: > From: "Geoffrey K. Pullum" > Date: May 13, 2002 1:48:57 PM PDT > To: bhorn@cats.ucsc.edu, jeo@cats.ucsc.edu > Cc: anoe@cats.ucsc.edu, coord@cats.ucsc.edu, pullum@cats.ucsc.edu > Subject: Re: virii or viruses? > > There are six candidates on offer: > > "viri" > If "virus" were like "focus/foci" (masculine) the plural would be > "viri". This is in fact the correct plural of "vir", meaning man, > but definitely not of "virus", meaning venom. > > "virus" > I incorrectly thought at first that "virus" was a fourth-declension > word like "status" or "circus", and that would have meant that the > plural looked the same as the singular. But these things are not > the case. And certainly not in English. > > No plural at all. > In fact, "virus" is a neuter noun in Latin, like "pelagus" (neuter), > meaning sea, and according to Kennedy's Latin Primer there is NO > Latin > plural for it. It was never used in the plural > > "vira" > According to UCSC's Dean of Humanities, if "virus" did have a plural > in use in Latin, it would be "vira". > > "virii" > If "virus" had been spelled "virius" and was like "filius" > (masculine), > meaning son, then the plural would have been "virii"; these things > are > not so, and "virii" is just a piece of playful hacker invention (now > very common; use it if it gives you pleasure). > > "viruses" > The only plural for "virus" in the English language is "viruses" > -- unquestionably the safe and most uncontroversial choice. > > GKP > ----------------------------------------------------------------------- > ----- > Geoffrey K. Pullum * pullum@ling.ucsc.edu * > http://ling.ucsc.edu/~pullum > Stevenson College * University of California, Santa Cruz * CA > 95064-1077 > Office: (831)459-4705 * Messages: (831)459-2555 * Fax: > (831)459-3334 > ----------------------------------------------------------------------- > ----- > THE CAMBRIDGE GRAMMAR OF THE ENGLISH LANGUAGE: > http://www.cambridge.org/cgel > ----------------------------------------------------------------------- > ----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 04:43:34 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: Message-ID: <000001c4491c$f38506f0$2065e0c9@cositputer> Viri is "male" in latin. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson Sent: Wednesday, June 02, 2004 9:24 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus Scan Order On Wed, 2 Jun 2004, Michele Neylon :: Blacknight Solutions wrote: > > FYI - the plural of virus is viruses I went to our Classics dept a while back and asked our resident scholar, who speaks Latin, Greek, Hebrew, English, Polish, and probably other languages. She said that correct Latin is "viri", not "virii". But she also said that "viri" will look strange to most people and suggested that the English translation to "viruses" would be correct. Being in academia, I just had to ask. There ya go. Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Thu Jun 3 04:52:21 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:38 2006 Subject: Spam Bounce action issues Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6CE5@dalsxc01.geniant.net> Hi, I seem to be having a lot of instances of spam attempting to get into our mail system by spoofing the recipients name. They are being caught without a problem, but since I have spam actions set to bounce, the bounce message comes back our users...from MailScanner. I have a lot of complaints about this as of late. What is the easist way to tackle this. Thanks, Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040602/f69df87b/attachment.html From jrudd at UCSC.EDU Thu Jun 3 05:11:37 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <000001c4491c$f38506f0$2065e0c9@cositputer> References: <000001c4491c$f38506f0$2065e0c9@cositputer> Message-ID: <1BB19D4A-B514-11D8-B018-003065F939FE@ucsc.edu> On Jun 2, 2004, at 8:43 PM, Alex Neuman wrote: > Viri is "male" in latin. Actually, viri is the plural of vir (and vir is "male/man"), so viri is "males/men", not "male/man". -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 05:26:22 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:38 2006 Subject: Spam Bounce action issues In-Reply-To: <399D85F2BB50BC4295F78EAE203D5C226B6CE5@dalsxc01.geniant.net> Message-ID: <000401c44922$ee80a320$2065e0c9@cositputer> Don't. Bounce, that is. See http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html to see why this is a bad idea. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness Sent: Wednesday, June 02, 2004 10:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Spam Bounce action issues Hi, I seem to be having a lot of instances of spam attempting to get into our mail system by spoofing the recipients name. They are being caught without a problem, but since I have spam actions set to bounce, the bounce message comes back our users...from MailScanner. I have a lot of complaints about this as of late. What is the easist way to tackle this. Thanks, Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Thu Jun 3 05:37:06 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:38 2006 Subject: Spam Bounce action issues Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6CE9@dalsxc01.geniant.net> Well, I have to as I need to let legitimate senders know that their email did not get through and that they must contact us to get added to a white list. We have had many senders get added to the white list this way. I run a script every 15 minutes that cleans the queue of bounces attempting to get sent to invalid addresses. Thanks, Max > > Don't. Bounce, that is. See http://www.mailscanner.biz/maq/ > and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html to see why > this is a bad idea. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness > Sent: Wednesday, June 02, 2004 10:52 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Spam Bounce action issues > > > Hi, > > I seem to be having a lot of instances of spam attempting to > get into our mail system by spoofing the recipients name. > They are being caught without a problem, but since I have > spam actions set to bounce, the bounce message comes back our > users...from MailScanner. I have a lot of complaints about > this as of late. > > What is the easist way to tackle this. > > Thanks, > Max > -------------------------- MailScanner list > ---------------------- To leave, send leave mailscanner to > jiscmail@jiscmail.ac.uk Before posting, please see the Most > Asked Questions at http://www.mailscanner.biz/maq/ and the > archives at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From P.G.M.Peters at utwente.nl Thu Jun 3 07:55:00 2004 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:25:38 2006 Subject: Spam Bounce action issues In-Reply-To: <399D85F2BB50BC4295F78EAE203D5C226B6CE9@dalsxc01.geniant.net> References: <399D85F2BB50BC4295F78EAE203D5C226B6CE9@dalsxc01.geniant.net> Message-ID: <6oitb092rqln08j32vgv5c4vfmch7mqnun@4ax.com> On Wed, 2 Jun 2004 23:37:06 -0500, you wrote: >Well, I have to as I need to let legitimate senders know that their >email did not get through and that they must contact us to get added to >a white list. We have had many senders get added to the white list this >way. > >I run a script every 15 minutes that cleans the queue of bounces >attempting to get sent to invalid addresses. That's not enough. That means that bounces to existing addresses get through. And you will be blocked one time or another. Bouncing spam is like spamming. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From roald.amundsen at BRIKKEN.NO Thu Jun 3 09:11:06 2004 From: roald.amundsen at BRIKKEN.NO (Roald Amundsen) Date: Thu Jan 12 21:25:38 2006 Subject: Logging per domain Message-ID: <40BEDD1A.5080503@brikken.no> One customer would like to get statistics for his own domain only. How can I do this? Maybe write a script that picks out "his" entries in maillog and run Vispan on that? Any ideas? Anyone done this? I have searched the archives but not really found anything similar. -- Mvh Roald Amundsen -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu Jun 3 08:58:20 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:38 2006 Subject: tiny, low priority patch for ZMailer In-Reply-To: <40BE127D.29808.47A23F85@localhost> References: <40BE127D.29808.47A23F85@localhost> Message-ID: <6.1.1.1.2.20040603085754.03af5b60@imap.ecs.soton.ac.uk> Can you take the latest published ZMailer code from the main distribution, apply all your changes and mail me the new files for the next distribution please? At 21:46 02/06/2004, you wrote: >Hi Julian, > >I just noticed a small bug (mostly invisible to everyone) that slipped thru >in the very first version of ZMailer support for MailScanner. > >It's a 'print STDERR' that should be commented out and is not. > >--- ZMDiskStore.pm.ORI Wed Jun 2 17:39:46 2004 >+++ ZMDiskStore.pm Wed Jun 2 17:40:05 2004 >@@ -219,7 +219,7 @@ > my $b= Body->new( $this->{hdpath} ); > $b->Start(); > my $line; >- print STDERR "originalBody\n"; >+ #print STDERR "originalBody\n"; > while( $line= $b->Next() ) { > $Tf->print($line); > #print STDERR "BODY: $line"; > > >See if you can add it so next version is OK... > >BTW, I noticed this after implementing what I posted in >http://tinyurl.com/2hpgn and logging MailScanner's STDOUT and STDERR... >suddenly, my logs got full of >'originalBody' >lines :-) > >Were you able to take a look at the patches I posted there? > >Do you think it has a chance of getting in the main trunk? > >FWIW, I have it working very smoothly on two production environments (one of >them is a 12-server border farm for a large ISP... I'll be reporting about >this next week) > >Regards. > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >Everyone must believe in something. I believe I'll have another drink. > -- W.C. Fields > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From prandal at HEREFORDSHIRE.GOV.UK Thu Jun 3 09:45:59 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order Message-ID: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> I'd vote for scanning everything for viruses, before spam checks. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gib Gilbertson > Sent: 03 June 2004 00:10 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus Scan Order > > On Wed, 2 Jun 2004 17:58:16 +0100, Glen Willms > wrote: > > >Is there a way to scan messages for virii before the Spam checks? It > >would be really nice to not have virii show up as spam, or > get added to > >the bayes database. > > Maybe at least scan all low scoring spam for viruses? > > gib > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From prandal at HEREFORDSHIRE.GOV.UK Thu Jun 3 09:45:05 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order Message-ID: <801403078973F243A6A74322E134AF500F1DA0@mail.herefordshire.gov.uk> It's very useful to have viruses flagged as spam. It increases the chances of new variants of familiar viruses being blocked before the AV vendors have new patterns out. That said, the behaviour of MailScanner does need tweaking to realise that once flagged as a Virus, the Spam actions should not take place. But it's too late, then... In particular, the "Quarantine Silent Viruses = no" has no effect whatsoever if the message has been flagged as high-scoring spam. Arrrgh. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Glen Willms > Sent: 02 June 2004 17:58 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Virus Scan Order > > Is there a way to scan messages for virii before the Spam > checks? It would be really nice to not have virii show up as > spam, or get added to the bayes database. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Thu Jun 3 09:48:52 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> Message-ID: <200406030848.i538mk4t022116@monitor.blacknight.ie> I second Phil. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 1 Euro hosting offer - See: http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jose at TREELOGIC.COM Thu Jun 3 09:56:50 2004 From: jose at TREELOGIC.COM (=?iso-8859-1?Q?Jos=E9_Angel_Blanco?=) Date: Thu Jan 12 21:25:38 2006 Subject: Enable all file attachments References: <5C0296D26910694BB9A9BBFC577E7AB002370794@pascal.priv.bmrb.co.uk> Message-ID: <041e01c44948$b558b8a0$1901a8c0@redes1> How can I enable all file attachments with MailScanner for send and receive? Thank you -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Thu Jun 3 09:58:11 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> References: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> Message-ID: <40BEE823.6050507@solid-state-logic.com> Thirded IMHO everything should be scanned for malware - just in case I forget and release something I shouldn't... Yes I know it increases load, but I'd rather be safe than sorry. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Randal, Phil wrote: > I'd vote for scanning everything for viruses, before spam checks. > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gib Gilbertson >>Sent: 03 June 2004 00:10 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Virus Scan Order >> >>On Wed, 2 Jun 2004 17:58:16 +0100, Glen Willms >> wrote: >> >> >>>Is there a way to scan messages for virii before the Spam checks? It >>>would be really nice to not have virii show up as spam, or >> >>get added to >> >>>the bayes database. >> >>Maybe at least scan all low scoring spam for viruses? >> >>gib >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at SMITS.CO.UK Thu Jun 3 10:27:04 2004 From: mailscanner at SMITS.CO.UK (MailScanner) Date: Thu Jan 12 21:25:38 2006 Subject: Logging per domain Message-ID: <58696C94787F16468267F3509F115030077074@hermes.clumpton.homeip.net> Use MailWatch http://mailwatch.sourceforge.net which gives them excellent statistics, drilldowns, etc. on all aspect of your mail filtering for them. Bart... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roald Amundsen Posted At: 03 June 2004 09:11 Posted To: MailScanner Conversation: Logging per domain Subject: Logging per domain One customer would like to get statistics for his own domain only. How can I do this? Maybe write a script that picks out "his" entries in maillog and run Vispan on that? Any ideas? Anyone done this? I have searched the archives but not really found anything similar. -- Mvh Roald Amundsen -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From paddy at PANICI.NET Thu Jun 3 10:29:13 2004 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: References: Message-ID: <20040603092912.GA28188@cobalt0.panici.net> I've long thought of mailscanner as a engine for scheduling the path of the data through filters and resulting actions. How dificult would it be to make the ordering more configurable ? (I have no particular need for this) Regards, Paddy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Thu Jun 3 10:49:27 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:38 2006 Subject: Enable all file attachments In-Reply-To: <041e01c44948$b558b8a0$1901a8c0@redes1> Message-ID: <200406030949.i539nL4t007428@monitor.blacknight.ie> > How can I enable all file attachments with MailScanner for > send and receive? What do you mean? Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 1 Euro hosting offer - See: http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jose at TREELOGIC.COM Thu Jun 3 11:00:47 2004 From: jose at TREELOGIC.COM (=?iso-8859-1?Q?Jos=E9_Angel_Blanco?=) Date: Thu Jan 12 21:25:38 2006 Subject: Enable all file attachments References: <200406030949.i539nL4t007428@monitor.blacknight.ie> Message-ID: <048a01c44951$a4c7e980$1901a8c0@redes1> I want that MailScanner don?t block any file attachment by file type. I mean if I send an exe without virus or a Html file without malicious scripts the MailScanner don?t block it Thank you ----- Original Message ----- From: "Michele Neylon :: Blacknight Solutions" To: Sent: Thursday, June 03, 2004 11:49 AM Subject: Re: Enable all file attachments > > How can I enable all file attachments with MailScanner for > > send and receive? > > What do you mean? > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > 1 Euro hosting offer - See: > http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From fbongat at LMD.ENS.FR Thu Jun 3 10:51:43 2004 From: fbongat at LMD.ENS.FR (Frederic Bongat) Date: Thu Jan 12 21:25:38 2006 Subject: problems with mailscanner, spamassassin and postfix Message-ID: <40BEF4AF.40201@lmd.ens.fr> Hello, I have 2 problems on my mail server : - I have the following message which is repeated all the time (1 time by second, bad for log files) in my logs (/var/log/mail/warnings), and I do not know how to make to stop it : "Jun 3 11:06:51 server MailScanner[1794]: Messages found but no hashed queue directories. Please enable hashed queues for incoming and deferred with a depth of 1 or 2. See the Postfix documentation for hash_queue_names and hash_queue_depth" I added in my main.cf : hash_queue_depth = 1 hash_queue_names = incoming but nothing to make, I always have same the messages - with MailScanner and spamassassin, the spams are deleted and not delivered, and I however use the following parameters in MailScanner.conf : Spam Actions = deliver High Scoring Spam Actions = deliver Non Spam Actions = deliver Any idea ? My configuration : Mandrake 10 Official MailScanner 4.31.4-1 postfix 2 spamassassin 2.63 f-secure -- Frederic -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Thu Jun 3 11:09:17 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:38 2006 Subject: Enable all file attachments Message-ID: On Thursday, June 03, 2004 12:01 PM Jos? Angel Blanco wrote: > I want that MailScanner don?t block any file attachment by file type. > I mean if I send an exe without virus or a Html file without > malicious scripts the MailScanner don?t block it Look at the filename.rules.conf and filetype.rules.conf files. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From roald.amundsen at BRIKKEN.NO Thu Jun 3 11:19:38 2004 From: roald.amundsen at BRIKKEN.NO (Roald Amundsen) Date: Thu Jan 12 21:25:38 2006 Subject: Logging per domain In-Reply-To: <58696C94787F16468267F3509F115030077074@hermes.clumpton.homeip.net> References: <58696C94787F16468267F3509F115030077074@hermes.clumpton.homeip.net> Message-ID: <40BEFB3A.4060608@brikken.no> MailScanner wrote: >Use MailWatch http://mailwatch.sourceforge.net which gives them >excellent statistics, drilldowns, etc. on all aspect of your mail >filtering for them. > >Bart... > > > I have looked at it, but it seems that it does not do what I want. I might be wrong however.. ;) The customer wants to see only his own domain, not all the other domains on the server. >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Roald Amundsen >Posted At: 03 June 2004 09:11 >Posted To: MailScanner >Conversation: Logging per domain >Subject: Logging per domain > > >One customer would like to get statistics for his own domain only. How >can I do this? Maybe write a script that picks out "his" entries in >maillog and run Vispan on that? > >Any ideas? Anyone done this? I have searched the archives but not really >found anything similar. > > > -- Mvh Roald Amundsen -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu Jun 3 11:33:47 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:38 2006 Subject: problems with mailscanner, spamassassin and postfix In-Reply-To: <40BEF4AF.40201@lmd.ens.fr> References: <40BEF4AF.40201@lmd.ens.fr> Message-ID: <6.1.1.1.2.20040603113313.06854458@imap.ecs.soton.ac.uk> At 10:51 03/06/2004, you wrote: >Hello, > >I have 2 problems on my mail server : > >- I have the following message which is repeated all the time (1 time by >second, bad for log files) in my logs (/var/log/mail/warnings), and I do >not know how to make to stop it : > >"Jun 3 11:06:51 server MailScanner[1794]: Messages found but no hashed >queue directories. Please enable hashed queues for incoming and deferred >with a depth of 1 or 2. See the Postfix documentation for >hash_queue_names and hash_queue_depth" > >I added in my main.cf : >hash_queue_depth = 1 >hash_queue_names = incoming Please read the error message carefully, it explicitly says "incoming and deferred". Your configuration line above only says "incoming". >but nothing to make, I always have same the messages > >- with MailScanner and spamassassin, the spams are deleted and not >delivered, and I however use the following parameters in MailScanner.conf : >Spam Actions = deliver >High Scoring Spam Actions = deliver >Non Spam Actions = deliver > >Any idea ? > >My configuration : >Mandrake 10 Official >MailScanner 4.31.4-1 >postfix 2 >spamassassin 2.63 >f-secure > >-- >Frederic > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From fbongat at LMD.ENS.FR Thu Jun 3 11:54:16 2004 From: fbongat at LMD.ENS.FR (Frederic Bongat) Date: Thu Jan 12 21:25:38 2006 Subject: problems with mailscanner, spamassassin and postfix In-Reply-To: <40BF0181.7080301@lmd.ens.fr> References: <40BEF4AF.40201@lmd.ens.fr> <6.1.1.1.2.20040603113313.06854458@imap.ecs.soton.ac.uk> <40BF0181.7080301@lmd.ens.fr> Message-ID: <40BF0358.9060605@lmd.ens.fr> > > hash_queue_depth = 2 > hash_queue_names = incoming deferred > Sorry ! With this one, it's ok ! Thanks And undelivered spam an idea ? -- Frederic Bongat -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From fbongat at LMD.ENS.FR Thu Jun 3 11:46:25 2004 From: fbongat at LMD.ENS.FR (Frederic Bongat) Date: Thu Jan 12 21:25:38 2006 Subject: problems with mailscanner, spamassassin and postfix In-Reply-To: <6.1.1.1.2.20040603113313.06854458@imap.ecs.soton.ac.uk> References: <40BEF4AF.40201@lmd.ens.fr> <6.1.1.1.2.20040603113313.06854458@imap.ecs.soton.ac.uk> Message-ID: <40BF0181.7080301@lmd.ens.fr> >> >> "Jun 3 11:06:51 server MailScanner[1794]: Messages found but no hashed >> queue directories. Please enable hashed queues for incoming and deferred >> with a depth of 1 or 2. See the Postfix documentation for >> hash_queue_names and hash_queue_depth" >> >> I added in my main.cf : >> hash_queue_depth = 1 >> hash_queue_names = incoming > > > Please read the error message carefully, it explicitly says "incoming and > deferred". Your configuration line above only says "incoming". > Sorry for my last information, butI tested the various combinations and anything made there. hash_queue_depth = 1 hash_queue_names = incoming deferred or hash_queue_depth = 2 hash_queue_names = incoming deferred -- Frederic Bongat -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Thu Jun 3 11:57:27 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:25:38 2006 Subject: problems with mailscanner, spamassassin and postfix In-Reply-To: <40BF0181.7080301@lmd.ens.fr> References: <40BEF4AF.40201@lmd.ens.fr> <6.1.1.1.2.20040603113313.06854458@imap.ecs.soton.ac.uk> <40BF0181.7080301@lmd.ens.fr> Message-ID: <40BF0417.1010703@themarshalls.co.uk> Frederic Bongat wrote: >>> >>> "Jun 3 11:06:51 server MailScanner[1794]: Messages found but no hashed >>> queue directories. Please enable hashed queues for incoming and >>> deferred >>> with a depth of 1 or 2. See the Postfix documentation for >>> hash_queue_names and hash_queue_depth" >>> >>> I added in my main.cf : >>> hash_queue_depth = 1 >>> hash_queue_names = incoming >> >> >> >> Please read the error message carefully, it explicitly says "incoming >> and >> deferred". Your configuration line above only says "incoming". >> > > Sorry for my last information, butI tested the various combinations and > anything made there. > hash_queue_depth = 1 > hash_queue_names = incoming deferred > or > hash_queue_depth = 2 > hash_queue_names = incoming deferred Send through a message. Postfix only seems to make it's hash queues when it receives mail (On some distros). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pb at WANTECH.SE Thu Jun 3 12:49:52 2004 From: pb at WANTECH.SE (=?iso-8859-1?Q?Patrik_B=E4ckstr=F6m?=) Date: Thu Jan 12 21:25:38 2006 Subject: block F-Secure "Internal error: Bad file"-files Message-ID: <00ee01c44960$e1ab6250$1196a8c0@internal.wantech.se> On some files, mostly .zip, F-Secure failes to scan the file and returns the errormessage "Internal error: Bad file [ArchiveScanner]". This is, ofcourse, a problem with F-Secure. However, i want to block files which F-Secure can't scan since there is no way of knowing what's inside them. How do i make MailScanner do that? /pb -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ddw at BAS.AC.UK Thu Jun 3 12:32:59 2004 From: ddw at BAS.AC.UK (Douglas Willis) Date: Thu Jan 12 21:25:38 2006 Subject: Allow password protected archives. In-Reply-To: <40B5B0CE.5060103@solid-state-logic.com> References: <40B35857.706@bas.ac.uk> <6.1.1.1.2.20040525185727.03f22f38@imap.ecs.soton.ac.uk> <40B5A70D.7030807@bas.ac.uk> <40B5AF0C.9080009@solid-state-logic.com> <40B5B0CE.5060103@solid-state-logic.com> Message-ID: <40BF0C6B.3030507@bas.ac.uk> Martin Hepworth wrote: >> >> From: /[\@\-]bas\.ac.uk$/ yes >> From: default no > > > oops > > From: /[\@\-]bas\.ac\.uk$/ yes > From: default no > > The whitespaces are tabs.. > > I'll get me coat....:-) > > -- > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > This seems to have worked. But still not sure why it stopped in the first place. -- Douglas Willis (ddw@nerc-bas.ac.uk) British Antarctic Survey High Cross, Madingley Road Cambridge, CB3 0ET, United Kingdom tel: +44 1223 221400, fax: +44 1223 362616 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Thu Jun 3 13:04:24 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <40BEE823.6050507@solid-state-logic.com> References: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> <40BEE823.6050507@solid-state-logic.com> Message-ID: <279D3546-B556-11D8-B018-003065F939FE@ucsc.edu> On Jun 3, 2004, at 1:58 AM, Martin Hepworth wrote: > Thirded > > IMHO everything should be scanned for malware - just in case I forget > and release something I shouldn't... > > Yes I know it increases load, but I'd rather be safe than sorry. > Actually, I think it would _reduce_ the load. I know when Julian was still designing he says that virus scanning was more expensive and thus getting rid of as many things as you can is better before you pass it on to the virus scanner. But, I think things have changed since then, and Spam Assassin is VERY expensive. Further, if you're not deleting spam, doing the spam scanning first doesn't reduce your virus load at all. Whereas, if you are at least removing infected attachments during virus scanning, you'll at last reduce the sizes of messages that get passed to Spam Assassin if you do the virus scanning first. As anecdotal evidence, on days where our scanning machines are being saturated, if I turn off spam scanning, our queues clear out pretty quickly and then stay low. (I can't really turn off the virus scanning though, as it's part of our security infrastructure ... where spam scanning is more of a convenience, sorta) At one point, there was a request to have a variable that would specify the order of different features, but Julian said it would require a significant re-write. That's probably true for just reversing the order, as well. I think specifying the order would be great, but even just doing the virus scan first would greatly help our scanning loads. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rich at MAIL.WVNET.EDU Thu Jun 3 13:30:16 2004 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <279D3546-B556-11D8-B018-003065F939FE@ucsc.edu> References: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> <40BEE823.6050507@solid-state-logic.com> <279D3546-B556-11D8-B018-003065F939FE@ucsc.edu> Message-ID: <40BF19D8.4060203@mail.wvnet.edu> John Rudd wrote: > On Jun 3, 2004, at 1:58 AM, Martin Hepworth wrote: > >> Thirded >> >> IMHO everything should be scanned for malware - just in case I forget >> and release something I shouldn't... >> >> Yes I know it increases load, but I'd rather be safe than sorry. >> > > Actually, I think it would _reduce_ the load. I know when Julian was > still designing he says that virus scanning was more expensive and thus > getting rid of as many things as you can is better before you pass it > on to the virus scanner. But, I think things have changed since then, > and Spam Assassin is VERY expensive. Further, if you're not deleting > spam, doing the spam scanning first doesn't reduce your virus load at > all. Whereas, if you are at least removing infected attachments during > virus scanning, you'll at last reduce the sizes of messages that get > passed to Spam Assassin if you do the virus scanning first. > > > As anecdotal evidence, on days where our scanning machines are being > saturated, if I turn off spam scanning, our queues clear out pretty > quickly and then stay low. (I can't really turn off the virus scanning > though, as it's part of our security infrastructure ... where spam > scanning is more of a convenience, sorta) > > At one point, there was a request to have a variable that would specify > the order of different features, but Julian said it would require a > significant re-write. That's probably true for just reversing the > order, as well. I think specifying the order would be great, but even > just doing the virus scan first would greatly help our scanning loads. > This topic comes up frequently -- seems almost weekly. Julian has said it is desirable but it isn't going to happen over night. He's also suggested making it dynamic in that he could analyze traffic patterns and switch the order on the fly. An idea that's occurred to me is to install clamav-milter. It rejects infected messages at the MTA. That is, if the message is infected it is refused by sendmail and MS never sees it. Wouldn't that achieve what you're asking for? Is there any reason that such a setup would be incompatible with MailScanner? -- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 259 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040603/0b0d7574/rich.vcf From martinh at SOLID-STATE-LOGIC.COM Thu Jun 3 13:47:15 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <40BF19D8.4060203@mail.wvnet.edu> References: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> <40BEE823.6050507@solid-state-logic.com> <279D3546-B556-11D8-B018-003065F939FE@ucsc.edu> <40BF19D8.4060203@mail.wvnet.edu> Message-ID: <40BF1DD3.20006@solid-state-logic.com> Richard well yes that's one way around, but I'd like notifications and the stats to pop into MailWatch so its gotto go through MS. Also I use Exim on my gateway so although I could config exim with their version of milter it wouldn't give me stats either.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Richard Lynch wrote: > John Rudd wrote: > >> On Jun 3, 2004, at 1:58 AM, Martin Hepworth wrote: >> >>> Thirded >>> >>> IMHO everything should be scanned for malware - just in case I forget >>> and release something I shouldn't... >>> >>> Yes I know it increases load, but I'd rather be safe than sorry. >>> >> >> Actually, I think it would _reduce_ the load. I know when Julian was >> still designing he says that virus scanning was more expensive and thus >> getting rid of as many things as you can is better before you pass it >> on to the virus scanner. But, I think things have changed since then, >> and Spam Assassin is VERY expensive. Further, if you're not deleting >> spam, doing the spam scanning first doesn't reduce your virus load at >> all. Whereas, if you are at least removing infected attachments during >> virus scanning, you'll at last reduce the sizes of messages that get >> passed to Spam Assassin if you do the virus scanning first. >> >> >> As anecdotal evidence, on days where our scanning machines are being >> saturated, if I turn off spam scanning, our queues clear out pretty >> quickly and then stay low. (I can't really turn off the virus scanning >> though, as it's part of our security infrastructure ... where spam >> scanning is more of a convenience, sorta) >> >> At one point, there was a request to have a variable that would specify >> the order of different features, but Julian said it would require a >> significant re-write. That's probably true for just reversing the >> order, as well. I think specifying the order would be great, but even >> just doing the virus scan first would greatly help our scanning loads. >> > This topic comes up frequently -- seems almost weekly. Julian has said > it is desirable but it isn't going to happen over night. He's also > suggested making it dynamic in that he could analyze traffic patterns > and switch the order on the fly. > > An idea that's occurred to me is to install clamav-milter. It rejects > infected messages at the MTA. That is, if the message is infected it > is refused by sendmail and MS never sees it. Wouldn't that achieve what > you're asking for? Is there any reason that such a setup would be > incompatible with MailScanner? > > -- > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu Jun 3 13:48:45 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:38 2006 Subject: block F-Secure "Internal error: Bad file"-files In-Reply-To: <00ee01c44960$e1ab6250$1196a8c0@internal.wantech.se> References: <00ee01c44960$e1ab6250$1196a8c0@internal.wantech.se> Message-ID: <6.1.1.1.2.20040603134731.03b21db8@imap.ecs.soton.ac.uk> I suggest you forward this to F-Secure tech support. They are about to release a new version and you may find it is fixed in there. If you put one of the troublesome files on a website somewhere I can get it from, I will test it out for you and let you know what happens. I will then add functionality to MailScanner to support this if it still happens with the new version and is a common problem. At 12:49 03/06/2004, you wrote: >On some files, mostly .zip, F-Secure failes to scan the file and returns the >errormessage "Internal error: Bad file [ArchiveScanner]". > >This is, ofcourse, a problem with F-Secure. However, i want to block files >which F-Secure can't scan since there is no way of knowing what's inside >them. How do i make MailScanner do that? > >/pb > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Thu Jun 3 14:12:48 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <40BF1FA4.30309@uptime.at> References: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> <40BEE823.6050507@solid-state-logic.com> <279D3546-B556-11D8-B018-003065F939FE@ucsc.edu> <40BF19D8.4060203@mail.wvnet.edu> <40BF1DD3.20006@solid-state-logic.com> <40BF1FA4.30309@uptime.at> Message-ID: <40BF23D0.30606@solid-state-logic.com> David technically no, but why technically bother with MS at all as it can in other ways too.. the nice thing about MS is that is acts as a glue and you can alter the email processing very easily without having to mess with half a dozen different programs. ie administratively its 'easier' to do it in MS (of course Julian/someone has to fess with the code radically so for them it's not that much easier ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Martin Hepworth wrote: > >> Richard >> >> well yes that's one way around, but I'd like notifications and the stats >> to pop into MailWatch so its gotto go through MS. > > > > > I do not quite see this as a valid point. It is _no_ problem at all to > alter the clamav milter in such a way that it _could_ provide staticts > to even an altered mailwatch. I do agree with the poster of the message > before, if the virus handling kann be done _directly_ on the MTA level > it has no advantages from a technical point of view to do them in MS > > that is just my opinion > > - -d > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (Darwin) > > iD8DBQFAvx+kPMoaMn4kKR4RA6saAJ0e/LpV1HpMTisx/nVkbid4GAjETgCdEOYU > 1Ntigb+BhilHs4avjaXoo9o= > =oowa > -----END PGP SIGNATURE----- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Thu Jun 3 13:50:00 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <40BF19D8.4060203@mail.wvnet.edu> References: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> <40BEE823.6050507@solid-state-logic.com> <279D3546-B556-11D8-B018-003065F939FE@ucsc.edu> <40BF19D8.4060203@mail.wvnet.edu> Message-ID: <86AB4005-B55C-11D8-B018-003065F939FE@ucsc.edu> On Jun 3, 2004, at 5:30 AM, Richard Lynch wrote: > John Rudd wrote: > >> On Jun 3, 2004, at 1:58 AM, Martin Hepworth wrote: >> >>> Thirded >>> >>> IMHO everything should be scanned for malware - just in case I forget >>> and release something I shouldn't... >>> >>> Yes I know it increases load, but I'd rather be safe than sorry. >>> >> >> Actually, I think it would _reduce_ the load. I know when Julian was >> still designing he says that virus scanning was more expensive and >> thus >> getting rid of as many things as you can is better before you pass it >> on to the virus scanner. But, I think things have changed since then, >> and Spam Assassin is VERY expensive. Further, if you're not deleting >> spam, doing the spam scanning first doesn't reduce your virus load at >> all. Whereas, if you are at least removing infected attachments >> during >> virus scanning, you'll at last reduce the sizes of messages that get >> passed to Spam Assassin if you do the virus scanning first. >> >> >> As anecdotal evidence, on days where our scanning machines are being >> saturated, if I turn off spam scanning, our queues clear out pretty >> quickly and then stay low. (I can't really turn off the virus >> scanning >> though, as it's part of our security infrastructure ... where spam >> scanning is more of a convenience, sorta) >> >> At one point, there was a request to have a variable that would >> specify >> the order of different features, but Julian said it would require a >> significant re-write. That's probably true for just reversing the >> order, as well. I think specifying the order would be great, but even >> just doing the virus scan first would greatly help our scanning loads. >> > This topic comes up frequently -- seems almost weekly. Julian has said > it is desirable but it isn't going to happen over night. He's also > suggested making it dynamic in that he could analyze traffic patterns > and switch the order on the fly. > > An idea that's occurred to me is to install clamav-milter. It rejects > infected messages at the MTA. That is, if the message is infected it > is refused by sendmail and MS never sees it. Wouldn't that achieve > what > you're asking for? Is there any reason that such a setup would be > incompatible with MailScanner? > It wouldn't be incompatible with MS, but it might be incompatible with each site's MTA. For example, I'm hoping to drop sendmail completely. So, a milter wouldn't really help me much. Though, what might make it easier is to have multiple installations of mailscanner with different queues. Sort of like: MS#1 -> does virus scanning and probably dangerous content scanning, but absolutely no spam scanning; has mqueue.1 as its incoming directory, and dumps message into mqueue.2 without invoking sendmail MS#2 -> does all of your spam scanning and such; has mqueue.2 as its incoming directory, and mqueue as its outgoing (with or without invoking sendmail). That does mean keeping around 2 versions of mailscanner, or at least invoking it twice, each with different config files (I haven't tried doing that, so I don't know how hard/easy it is to set that up). The other option, esp. if you're on a smaller site where the performance hit wont bother you, is that you can do Spam Assassin via procmail, and just use MailScanner for its non-spam aspects (that's what I do at home, right now: RBL's in the MTA, virus/content scanning in MailScanner, Spam Assassin in procmail). Those aren't as elegant as being able to adjust the order MS does its work, but they do have the overall effect of reducing how much traffic gets through to Spam Assassin without depending upon MTA specific features like milters. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dh at UPTIME.AT Thu Jun 3 13:55:00 2004 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:25:38 2006 Subject: Virus Scan Order In-Reply-To: <40BF1DD3.20006@solid-state-logic.com> References: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> <40BEE823.6050507@solid-state-logic.com> <279D3546-B556-11D8-B018-003065F939FE@ucsc.edu> <40BF19D8.4060203@mail.wvnet.edu> <40BF1DD3.20006@solid-state-logic.com> Message-ID: <40BF1FA4.30309@uptime.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Martin Hepworth wrote: > Richard > > well yes that's one way around, but I'd like notifications and the stats > to pop into MailWatch so its gotto go through MS. I do not quite see this as a valid point. It is _no_ problem at all to alter the clamav milter in such a way that it _could_ provide staticts to even an altered mailwatch. I do agree with the poster of the message before, if the virus handling kann be done _directly_ on the MTA level it has no advantages from a technical point of view to do them in MS that is just my opinion - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAvx+kPMoaMn4kKR4RA6saAJ0e/LpV1HpMTisx/nVkbid4GAjETgCdEOYU 1Ntigb+BhilHs4avjaXoo9o= =oowa -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brent at MIRABITO.COM Thu Jun 3 14:23:09 2004 From: brent at MIRABITO.COM (Brent Strignano) Date: Thu Jan 12 21:25:39 2006 Subject: Virus Scan Order Message-ID: <62E46E0C3CB8024C807447814E1B20A501225EE8@granitemail.mirabito.com> For lightly loaded servers could you run two MS processes on the same box like this? MTA --> mqueue.in --> MS1 Virus Scan --> mqueue.2 --> MS2 Spam Scan --> mqueue --> MTA Would just need to set the incoming, outgoing and work dirs differently. Brent Strignano System Administrator Granite Capital Holdings Sidney, NY -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Thursday, June 03, 2004 9:13 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus Scan Order David technically no, but why technically bother with MS at all as it can in other ways too.. the nice thing about MS is that is acts as a glue and you can alter the email processing very easily without having to mess with half a dozen different programs. ie administratively its 'easier' to do it in MS (of course Julian/someone has to fess with the code radically so for them it's not that much easier ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Martin Hepworth wrote: > >> Richard >> >> well yes that's one way around, but I'd like notifications and the >> stats to pop into MailWatch so its gotto go through MS. > > > > > I do not quite see this as a valid point. It is _no_ problem at all to > alter the clamav milter in such a way that it _could_ provide staticts > to even an altered mailwatch. I do agree with the poster of the > message before, if the virus handling kann be done _directly_ on the > MTA level it has no advantages from a technical point of view to do > them in MS > > that is just my opinion > > - -d > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (Darwin) > > iD8DBQFAvx+kPMoaMn4kKR4RA6saAJ0e/LpV1HpMTisx/nVkbid4GAjETgCdEOYU > 1Ntigb+BhilHs4avjaXoo9o= > =oowa > -----END PGP SIGNATURE----- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gebhard at EPOST.DE Thu Jun 3 11:12:18 2004 From: gebhard at EPOST.DE (Holger Gebhard) Date: Thu Jan 12 21:25:39 2006 Subject: Hi Julian, please read this Mail (Part 1) Message-ID: Hi Julian, hi Group... Sorry for this long Mail, but no one of my Messages the Last time are answered... I postet two Problems... (Duplicated Warning in Report and Problem with Rulefiles). No other one seems to have similar Problems? For the first Problem I have found a "temporarly" solution because i could not found the actual problem. The Duplicated Warnings in Reports can be found in the following Funktions: Maximun Mesage Size Maximum Attachments Per Message Allow Partitial Messages Block Encrypted Messages Block Unencrypted Messages All these Features are processed in SweepContent.pm (sub scanbatch, except "Maximum Attachments Per Message" (in Message.pm, sub Explode). One Example for "Maximum Message Size": For the first I checked all Reportvalues in SweepConent.pm (Values like "message->{otherreports}", etc). Allways only one Reportword... Seems all to be OK for Sweepcontent.pm... Then i checked the Reportwords in Message.pm... For the first i checked all Values like "$text", etc. in "sub CombineReports". For this Values also always only one Reportword. Starting from "sub Clean" (for example the Value "$everyreport") the Warning Messages are Duplicated... So the Problem must be in "sub CombineReports" So i checked this statements and loops: --------------------------------------------- # Now try to map all the reports onto their parents as far as possible #print STDERR "About to combine reports\n"; my($key, $value, $parent, %foundparent); while(($key, $value) = each %reports) { $parent = $this->{file2parent}{$key}; #print STDERR "Looking at report for $key (son of $parent)\n"; if (defined $parent && exists($this->{safefile2file}{$parent})) { #print STDERR "Found parent of $key is $parent\n"; $foundparent{$key} = 1; $this->{allreports}{$parent} .= $value; $this->{alltypes}{$parent} .= $types{$key}; } } # And delete the records for members we have found. #foreach $key (keys %foundparent) { # print STDERR "Deleting report for $key\n"; # delete $this->{allreports}{$key}; # delete $this->{alltypes}{$key}; #} # Now look for the reports we can't match anywhere and make them # map to the entire message. while(($key, $value) = each %reports) { if (defined $foundparent{$key} && !exists($this->{safefile2file} {$key})) { #print STDERR "Promoting report for $key\n"; delete $this->{allreports}{$key}; delete $this->{alltypes}{$key}; $this->{allreports}{""} .= $value; $this->{alltypes}{""} .= $types{$key}; } } #print STDERR "Finished combining reports\n"; } -------------------------------------------------- For the Example "Maximum Message Size" the Message matches the if statement: if (defined $parent && exists($this->{safefile2file}{$parent})) { I dont think this is the right statement? According to my opinion a message over the Maximal Size should run in the following if statement: if (defined $foundparent{$key} && !exists($this->{safefile2file}{$key})) { Ok... I tried to figure out why the Message runs in the first if statement... After a few days i could not find why :-( Then I tried a little trick... Added some lines like the following: --------------------------------------------- # Now try to map all the reports onto their parents as far as possible #print STDERR "About to combine reports\n"; my($key, $value, $parent, %foundparent); while(($key, $value) = each %reports) { $parent = $this->{file2parent}{$key}; #print STDERR "Looking at report for $key (son of $parent)\n"; if (defined $parent && exists($this->{safefile2file}{$parent})) { #print STDERR "Found parent of $key is $parent\n"; $foundparent{$key} = 1; $this->{allreports}{$parent} .= $value; $this->{alltypes}{$parent} .= $types{$key}; #if ($value =~ /Die maximale/) { if ($value eq MailScanner::Config::LanguageValue($this, 'toobig') || MailScanner::Config::LanguageValue ($this, 'partialmessage') || MailScanner::Config::LanguageValue ($this, 'toomanyattachments') || MailScanner::Config::LanguageValue ($this, 'blockencrypted') || MailScanner::Config::LanguageValue ($this, 'blockunencrypted')) { delete $this->{safefile2file}{$key}; delete $this->{allreports}; delete $this->{alltypes}; } } } --------------------------------------------- After my If statement for the Messages with "Duplicated Warnings" no "{safefile2file}{$key}" is found and the message runs in the correct if statement... This Helps... No more Duplicated Warnings... But i think this is only a "temporarly" solution... Can anybody figure out where is the "real" problem? Many thanks for help... Holger My System: Debian Postfix 2.0.19 (Split Queues) MailScanner 4.30-3 SpamAssassin 2.63 RBLs, etc. P.S. Also tried to solve the Problem with Postfix 2.1.1, Single Queue Postfix and MailScanner 4.31-6... Nothing helps... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gebhard at EPOST.DE Thu Jun 3 11:28:37 2004 From: gebhard at EPOST.DE (Holger Gebhard) Date: Thu Jan 12 21:25:39 2006 Subject: Hi Julian, please read this Mail (Part 2) Message-ID: For the Secound Part (Problem with Rulefiles): The most of my Funktions are set to per User/Domain-Rulesets and works fine... But some Rulessets like Allow Password-Protected Archives Warning Is Attachment Inline HTML Warning (up to now I could not examine all "Ruleset Features") only works with "per Domain" Settings... One Example for one of my Rulefiles (Allow Password-Protected Archives): To: user@domain.com yes To: @domain.com no FromOrTo: default no When a Email is send to user123@domain.com the Attachment is blocked for "@domain.com". Works fine... In a new Mail to user@domain.com the Attachment is also blocked. It seems that in this Rule no "user@domain.com" is checked? Are there different Rulefiles, or should this work? Thanks for help Holger -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pb at WANTECH.SE Thu Jun 3 14:40:00 2004 From: pb at WANTECH.SE (=?iso-8859-1?Q?Patrik_B=E4ckstr=F6m?=) Date: Thu Jan 12 21:25:39 2006 Subject: block F-Secure "Internal error: Bad file"-files References: <00ee01c44960$e1ab6250$1196a8c0@internal.wantech.se> <6.1.1.1.2.20040603134731.03b21db8@imap.ecs.soton.ac.uk> Message-ID: <026401c44970$446d6000$1196a8c0@internal.wantech.se> Unfortunately i don't have a copy of the file :-( Since it's not detected as a virus it's not placed in the quarantine. I'll have to ask the recipient(s) and see if they still have a copy. Anyway, here is the messages logged by fsav and mailscanner: Jun 3 10:46:09 hostname fsavd: Failed to scan file /mailscanner/tmp/7066/./0C3511C64AD/ReMailer-6418.doc.zip: Internal error: Bad file [ArchiveScanner]. Jun 3 10:46:09 hostname MailScanner[7066]: 21 files could not be scanned If you look in the fsav documentation (http://www.f-secure.com/products/anti-virus/linux/fsav.shtml) there is a bunch of different error-messages that indicate that the scan failed for this or that reason. It would be neat if there was an option i MailScanner to block files if and when the virusscanner exits with one of these error-messages. Even if F-Secure fixes the problem with extracting some types of ZIP-files, there could be some other reasons for the scanner to fail and then i would rather see the message being blocked than let through unscanned. /pb ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, June 03, 2004 2:48 PM Subject: Re: block F-Secure "Internal error: Bad file"-files > I suggest you forward this to F-Secure tech support. They are about to > release a new version and you may find it is fixed in there. > > If you put one of the troublesome files on a website somewhere I can get it > from, I will test it out for you and let you know what happens. I will then > add functionality to MailScanner to support this if it still happens with > the new version and is a common problem. > > At 12:49 03/06/2004, you wrote: > >On some files, mostly .zip, F-Secure failes to scan the file and returns the > >errormessage "Internal error: Bad file [ArchiveScanner]". > > > >This is, ofcourse, a problem with F-Secure. However, i want to block files > >which F-Secure can't scan since there is no way of knowing what's inside > >them. How do i make MailScanner do that? > > > >/pb > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From stefanzman at yahoo.com Thu Jun 3 14:43:08 2004 From: stefanzman at yahoo.com (Stefan Zauchenberger) Date: Thu Jan 12 21:25:39 2006 Subject: "speed" of virusscanners In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001649DC5@pascal.priv.bmrb.co.uk> Message-ID: <20040603134308.60789.qmail@web41314.mail.yahoo.com> Has anyone been able to find this article online yet? --- "Spicer, Kevin" wrote: > Peter Peters wrote: > > Just read an article on the speed of anti virus > vendors. How fast are > > they with new definitions. Measured between > februari 15 and march 15. > > When the first one detected a new (version of a) > virus time was > > started. All others where measured untill they > started to detect the > > same (version of) the virus. > > > > Averages: (rank) > > Kaspersky 00:43 1 > > F-port 01:38 3 > > F-secure 02:41 7 > > AVG 03:32 8 > > Sophos 03:48 9 > > McAfee 08:13 12 > > Symantec 09:17 14 > > InoculateIT-VET 11:30 16 > > So what was at 2,4,5,6,10,11,13,15 ? > > Is the article online? > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only > for the > recipient and may contain confidential and/or > privileged > material. If you have received this in error, > please contact the > sender and delete this message immediately. > Disclosure, copying > or other action taken in respect of this email or in > > reliance on it is prohibited. BMRB International > Limited > accepts no liability in relation to any personal > emails, or > content of any email which does not directly relate > to our > business. > > -------------------------- MailScanner list > ---------------------- > To leave, send leave mailscanner to > jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions > at > http://www.mailscanner.biz/maq/ and the archives > at > http://www.jiscmail.ac.uk/lists/mailscanner.html __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lists99 at HOTMAIL.COM Thu Jun 3 14:48:33 2004 From: lists99 at HOTMAIL.COM (List Account) Date: Thu Jan 12 21:25:39 2006 Subject: New spam faking whitelisting Message-ID: Hello all, I am running MailScanner 4.26.8-1 with postfix 2.0.18, SpamAssassin 2.63 and ClamAV 0.70. Starting today, I'm seeing spam messages comming in saying that they are white listed, but they aren't on my whitelist in /etc/MailScanner/rules/spam.whitelist.rules. Here are the message details from MailWatch: Received on: 03/06/04 08:40:20 Received by: mailscanner Received from: 61.202.42.238 (n042238.ppp.dion.ne.jp) 124.8.92.244 ID: D0AEE900 Message Headers: Received: from n042238.ppp.dion.ne.jp (N042238.ppp.dion.ne.jp [61.202.42.238]) by mailscanner.ourdomain.com (Postfix) with SMTP id D0AEE900; Thu, 3 Jun 2004 08:40:04 -0500 (CDT) Received: from bfzoqwcn-rtfu363.de.twirl.English@canada.com ([124.8.92.244]) by umxo4989-eku33.61.202.42.238 with Microsoft SMTPSVC(0.0.8246.1834); Thu, 03 Jun 2004 07:29:06 -0600 From: "Efren Hyde" To: user@ourdomain.com Cc: info@ourdomain.com, user2@ourdomain.com, user3@ourdomain.com, user4@ourdomain.com, jobs@ourdomain.com, user5@ourdomain.com, user6@ourdomain.com Subject: invest in yourself, get a new job Date: Thu, 03 Jun 2004 15:26:06 +0200 Message-ID: <18484457687322.64.53502@eunkzq-db12511.localhost> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--13344725039681107" From: twirl.english@canada.com To: user@ourdomain.com user@ourdomain.com user2@ourdomain.com user2@ourdomain.com user3@ourdomain.com user3@ourdomain.com jobs@ourdomain.com jobs@ourdomain.com user4@ourdomain.com user4@ourdomain.com user5@ourdomain.com user5@ourdomain.com Subject: invest in yourself, get a new job Size: 2.5Kb Virus: N Blocked File: N Other Infection: N Report: Spam: N Action(s): deliver High Scoring Spam: N Listed in RBL: N Whitelisted: Y Blacklisted: N SpamAssassin Spam: N SpamAssassin Score: 0.00\ Is anyone else seeing this, and what can I do to stop it? Thanks, Howard _________________________________________________________________ Getting married? Find great tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Thu Jun 3 15:02:19 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:39 2006 Subject: 4.31.6: grumbles about install.sh In-Reply-To: <6.1.1.1.2.20040601210710.02a1d218@imap.ecs.soton.ac.uk> References: <6.1.1.1.2.20040601210710.02a1d218@imap.ecs.soton.ac.uk> Message-ID: On Tue, 1 Jun 2004, Julian Field wrote: > >3) I have both gcc and cc (Sun Forte 7) installed. I build the > >public-domain perl with Sun's compiler, because of threading, > >interactions with Sun's shared libs, etc. My heart sank when I saw > >the symlink of /tmp/MStmpinstall../cc to /usr/local/bin/gcc. > >Ugh. > > Where should I look for cc? /opt/SUNWspro/bin? Yes. That is where Fort 6/7/8 go on Suns. Thanks Julian. Jeff -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Thu Jun 3 15:14:26 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:39 2006 Subject: Spam Bounce action issues Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6D1E@dalsxc01.geniant.net> What is the suggestion then to notify legitimate users that their email has been stopped and to contact us without sending out these messages to spoofed addresses? Max > >Well, I have to as I need to let legitimate senders know that their > >email did not get through and that they must contact us to > get added to > >a white list. We have had many senders get added to the > white list this > >way. > > > >I run a script every 15 minutes that cleans the queue of bounces > >attempting to get sent to invalid addresses. > > That's not enough. That means that bounces to existing > addresses get through. And you will be blocked one time or > another. Bouncing spam is like spamming. > > -- > Peter Peters, senior netwerkbeheerder > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, > http://www.utwente.nl/itbe > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From prandal at HEREFORDSHIRE.GOV.UK Thu Jun 3 15:21:45 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:39 2006 Subject: Spam Bounce action issues Message-ID: <801403078973F243A6A74322E134AF500F1E27@mail.herefordshire.gov.uk> If you can tell that they are legitimate, then there's a spamassassin rule just waiting to be constructed. Also, traing Bayes so the genuine stuff is learnt as ham helps too. IMHO, you're addressing the wrong problem with the wrong solution. The real problem is that you're misidentifying ham as spam somewhere along the line. Fix that and no more bounce messages are required. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness > Sent: 03 June 2004 15:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spam Bounce action issues > > What is the suggestion then to notify legitimate users that > their email has been stopped and to contact us without > sending out these messages to spoofed addresses? > > Max > > > > >Well, I have to as I need to let legitimate senders know > that their > > >email did not get through and that they must contact us to > > get added to > > >a white list. We have had many senders get added to the > > white list this > > >way. > > > > > >I run a script every 15 minutes that cleans the queue of bounces > > >attempting to get sent to invalid addresses. > > > > That's not enough. That means that bounces to existing > addresses get > > through. And you will be blocked one time or another. > Bouncing spam is > > like spamming. > > > > -- > > Peter Peters, senior netwerkbeheerder > > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > telefoon: 053 - 489 2301, fax: 053 - 489 2383, > > http://www.utwente.nl/itbe > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu Jun 3 15:20:35 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:39 2006 Subject: 4.31.6: grumbles about install.sh In-Reply-To: References: <6.1.1.1.2.20040601210710.02a1d218@imap.ecs.soton.ac.uk> Message-ID: <6.1.1.1.2.20040603152004.124a67d8@imap.ecs.soton.ac.uk> At 15:02 03/06/2004, you wrote: >On Tue, 1 Jun 2004, Julian Field wrote: > > > >3) I have both gcc and cc (Sun Forte 7) installed. I build the > > >public-domain perl with Sun's compiler, because of threading, > > >interactions with Sun's shared libs, etc. My heart sank when I saw > > >the symlink of /tmp/MStmpinstall../cc to /usr/local/bin/gcc. > > >Ugh. > > > > Where should I look for cc? /opt/SUNWspro/bin? > >Yes. That is where Fort 6/7/8 go on Suns. Thanks Julian. Jeff Done. I have also changed it so that the tnef binary is installed into /opt/MailScanner/bin and /usr/local/bin is not used, as you suggested. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From newcomer at DICKINSON.EDU Thu Jun 3 15:46:20 2004 From: newcomer at DICKINSON.EDU (Don Newcomer) Date: Thu Jan 12 21:25:39 2006 Subject: Syslog Message-ID: First off, I'm using MailScanner 4.31.6, SpamAssassin 2.63, and Perl 5.8.3 on a Tru64 UNIX version 5.1B box. I'm logging all of my MailScanner entries to a separate syslog file but I'm running into truncation problems with some of the spam reports (I'm logging all spam scores). Is there a maximum line length for the logging function in SA, the Perl module, or syslog itself? It seems to max out at about 1024 for the text. I've written a handy script that gives me the counts (in reverse sorted order) of hits for each rule with the score and the .cf file that contains the rule but I'm hitting problems where some rulenames are being truncated in the logs. Thanks. Don Newcomer Senior Manager, Systems Infrastructure Systems Department Library and Information Services Dickinson College P.O. Box 1773 Carlisle, PA 17013 717-245-1256 (Voice) 717-245-1690 (FAX) newcomer@dickinson.edu -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Thu Jun 3 15:54:47 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:39 2006 Subject: Syslog Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0023707A0@pascal.priv.bmrb.co.uk> Don Newcomer wrote: > First off, I'm using MailScanner 4.31.6, SpamAssassin 2.63, and Perl > 5.8.3 on a Tru64 UNIX version 5.1B box. I'm logging all of my > MailScanner entries to a separate syslog file but I'm running into > truncation problems with some of the spam reports (I'm logging all > spam scores). Is there a maximum line length for the logging function > in SA, the Perl module, or syslog itself? It seems to max out at > about 1024 for the text. I've written a handy script that gives me > the counts (in reverse sorted order) of hits for each rule with the > score and the .cf file that contains the rule but I'm hitting > problems where some rulenames are being truncated in the logs. > Thanks. I think you'll find its syslog. Syslog uses UDP so a syslog message is limited to a single UDP message BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 15:59:34 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:39 2006 Subject: Virus Scan Order In-Reply-To: <801403078973F243A6A74322E134AF500F1DA1@mail.herefordshire.gov.uk> Message-ID: <000201c4497b$649b7050$2065e0c9@cositputer> Me, too! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: Thursday, June 03, 2004 3:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus Scan Order I'd vote for scanning everything for viruses, before spam checks. Phil -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cconn at ABACOM.COM Thu Jun 3 16:12:15 2004 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:25:39 2006 Subject: New spam faking whitelisting In-Reply-To: References: Message-ID: <40BF3FCF.8050403@abacom.com> Casanova, Chase wrote: > Custom ruleset for local.cf: > > header LOCAL_HDR_POSTMASTER ALL=~/postmaster@yourdomain.com/i > describe LOCAL_HDR_POSTMASTER Header contains postmaster@yourdomain.com > score LOCAL_HDR_POSTMASTER 100.0 > > MailScanner.conf setting: > > High Scoring Spam Actions = forward postmaster@yourdomain.com > > or you may be looking for another Extra High Scoring Spam Action....I would be interested in learning how to set that up.... Julian? Hello, This would have the unfortunate side-effect of forwarding hundreds of thousands of SPAM emails to the postmaster account. I am only trying to receive emails sent to postmaster@mydomain without whitelisting the entire Cc: list should there be one. I thought that by creating a ruleset for high scoring spam I could do this. I am going to stop pondering and actually try it since this does not seem to be something others have tried. Chris -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cconn at ABACOM.COM Thu Jun 3 15:59:24 2004 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:25:39 2006 Subject: {Spam?} [MAILSCANNER] New spam faking whitelisting In-Reply-To: References: Message-ID: <40BF3CCC.5030106@abacom.com> Casanova, Chase wrote: > Chris, > > Can you not do what you want with the Spam Actions setting in MailScanner.conf > > Spam Actions = store forward postmaster@yourdomain.com > Hello, Yes, but this is not what I want to do. When using sendmail (I don't know about other MTAs), if you whitelist an email address, all other Cc: or Bcc: addresses will receive the SPAM. What I want to establish is the possibility of not using the whitelist function but rather create a ruleset under the spam actions for high scoring spam, and deliver spam to the postmaster account at scores less than 100 while deleting spam with score of 10 or more for other users, even if they are Cc: or Bcc: on the spam sent to the postmaster. Chris > -Chase > > -----Original Message----- > From: Chris Conn [mailto:cconn@ABACOM.COM] > Sent: Thursday, June 03, 2004 10:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking > whitelisting > > > List Account wrote: > >>I think I found the problem. The problem is one of the addresses, >>jobs@ourdomain.com, is on the whitelist. Is there any to not allow the >>message for everyone just because that one address is whitelisted? >> > > Hello, > > I am also trying to tackle this problem as my whitelist to a postmaster > account is causing Cc: and Bcc: recipients to receive the spam. > > If it cannot be done with the whitelist feature, could it be instead > done by creating a ruleset for the high-score spam action? For > instance, have a high scoring spam of 10 for all but the postmaster > address, set to 100? > > Chris > > >>Thanks, >> >>Howard >> >> >> >>>From: Martin Hepworth >>>Reply-To: MailScanner mailing list >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: {Spam?} [MAILSCANNER] New spam faking whitelisting >>>Date: Thu, 3 Jun 2004 15:04:57 +0100 >>> >>>Hi >>> >>>what does /etc/MailScanner/rules/spam.whitelist.rules look like >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>List Account wrote: >>> >>> >>>>Hello all, >>>> >>>>I am running MailScanner 4.26.8-1 with postfix 2.0.18, SpamAssassin 2.63 >>>>and >>>>ClamAV 0.70. Starting today, I'm seeing spam messages comming in saying >>>>that they are white listed, but they aren't on my whitelist in >>>>/etc/MailScanner/rules/spam.whitelist.rules. Here are the message >>>>details >>>>from MailWatch: >>>> >>>>Received on: 03/06/04 08:40:20 >>>>Received by: mailscanner >>>>Received from: 61.202.42.238 (n042238.ppp.dion.ne.jp) >>>>124.8.92.244 >>>>ID: D0AEE900 >>>>Message Headers: Received: from n042238.ppp.dion.ne.jp >>>>(N042238.ppp.dion.ne.jp [61.202.42.238]) >>>>by mailscanner.ourdomain.com (Postfix) with SMTP >>>>id D0AEE900; Thu, 3 Jun 2004 08:40:04 -0500 (CDT) >>>>Received: from bfzoqwcn-rtfu363.de.twirl.English@canada.com >>>>([124.8.92.244]) >>>>by umxo4989-eku33.61.202.42.238 with Microsoft SMTPSVC(0.0.8246.1834); >>>>Thu, 03 Jun 2004 07:29:06 -0600 >>>>From: "Efren Hyde" >>>>To: user@ourdomain.com >>>>Cc: info@ourdomain.com, user2@ourdomain.com, >>>>user3@ourdomain.com, user4@ourdomain.com, >>>>jobs@ourdomain.com, user5@ourdomain.com, >>>>user6@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Date: Thu, 03 Jun 2004 15:26:06 +0200 >>>>Message-ID: <18484457687322.64.53502@eunkzq-db12511.localhost> >>>>MIME-Version: 1.0 >>>>Content-Type: multipart/alternative; >>>>boundary="--13344725039681107" >>>>From: twirl.english@canada.com >>>>To: user@ourdomain.com >>>>user@ourdomain.com >>>>user2@ourdomain.com >>>>user2@ourdomain.com >>>>user3@ourdomain.com >>>>user3@ourdomain.com >>>>jobs@ourdomain.com >>>>jobs@ourdomain.com >>>>user4@ourdomain.com >>>>user4@ourdomain.com >>>>user5@ourdomain.com >>>>user5@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Size: 2.5Kb >>>>Virus: N >>>>Blocked File: N >>>>Other Infection: N >>>>Report: >>>>Spam: N Action(s): deliver >>>>High Scoring Spam: N >>>>Listed in RBL: N >>>>Whitelisted: Y >>>>Blacklisted: N >>>>SpamAssassin Spam: N >>>>SpamAssassin Score: 0.00\ >>>> >>>>Is anyone else seeing this, and what can I do to stop it? >>>> >>>>Thanks, >>>> >>>>Howard >>>> >>>>_________________________________________________________________ >>>>Getting married? Find great tips, tools and the latest trends at MSN >>>>Life >>>>Events. http://lifeevents.msn.com/category.aspx?cid=married >>>> >>>>-------------------------- MailScanner list ---------------------- >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>Before posting, please see the Most Asked Questions at >>>>http://www.mailscanner.biz/maq/ and the archives at >>>>http://www.jiscmail.ac.uk/lists/mailscanner.html >>>> >>> >>>********************************************************************** >>> >>>This email and any files transmitted with it are confidential and >>>intended solely for the use of the individual or entity to whom they >>>are addressed. If you have received this email in error please notify >>>the system manager. >>> >>>This footnote confirms that this email message has been swept >>>for the presence of computer viruses and is believed to be clean. >>> >>>********************************************************************** >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>Before posting, please see the Most Asked Questions at >>>http://www.mailscanner.biz/maq/ and the archives at >>>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >>_________________________________________________________________ >>Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage! >>http://join.msn.click-url.com/go/onm00200362ave/direct/01/ >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Thu Jun 3 18:11:43 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:25:39 2006 Subject: Spam Bounce action issues References: <399D85F2BB50BC4295F78EAE203D5C226B6D1E@dalsxc01.geniant.net> Message-ID: <00b101c4498d$de1e2370$6300a8c0@SSILVA2K> If your users are on a particular subnet, then you can whitelist that subnet. ----- Original Message ----- From: "Max Kipness" To: Sent: Thursday, June 03, 2004 7:14 AM Subject: Re: Spam Bounce action issues What is the suggestion then to notify legitimate users that their email has been stopped and to contact us without sending out these messages to spoofed addresses? Max > >Well, I have to as I need to let legitimate senders know that their > >email did not get through and that they must contact us to > get added to > >a white list. We have had many senders get added to the > white list this > >way. > > > >I run a script every 15 minutes that cleans the queue of bounces > >attempting to get sent to invalid addresses. > > That's not enough. That means that bounces to existing > addresses get through. And you will be blocked one time or > another. Bouncing spam is like spamming. > > -- > Peter Peters, senior netwerkbeheerder > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, > http://www.utwente.nl/itbe > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bayardo.rivas at puntos.org.ni Thu Jun 3 19:07:01 2004 From: bayardo.rivas at puntos.org.ni (Bayardo Rivas) Date: Thu Jan 12 21:25:39 2006 Subject: telnet to smtp port is refused In-Reply-To: <1086266924.40bf1e2c2d5b8@webmail.keko.com.ar> Message-ID: <004301c44995$981a4630$0300a8c0@BAR> What I saw is that when I start Mailscannner (and Sendmail) the smtp port is closed. And when I sart only sendmail smtp port is listening. Check this logs... This is when Sendmail is started alone: ============================================ mailserver:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 puntos.org.ni ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6; Thu, 3 Jun 2004 11:49:38 +0600 ^] telnet> quit 221 2.0.0 puntos.org.ni closing connection Connection closed by foreign host. mailserver:~ # telnet mailserver.puntos.org.ni 25 Trying 200.85.166.76... Connected to mailserver.puntos.org.ni. Escape character is '^]'. 220 puntos.org.ni ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6; Thu, 3 Jun 2004 11:49:56 +0600 ^] telnet> quit 221 2.0.0 puntos.org.ni closing connection Connection closed by foreign host. As you can see... Everything is Ok. But when I start Mailsecanner: ======================================================================== mailserver:~ # rcMailScanner start Initializing incoming sendmail done Initializing outgoing sendmail done Initializing MailScanner mailserver:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 puntos.org.ni ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6; Thu, 3 Jun 2004 1 1:50:26 +0600 ^] telnet> quit 221 2.0.0 puntos.org.ni closing connection Connection closed by foreign host. mailserver:~ # telnet mailserver.puntos.org.ni 25 Trying 200.85.166.76... telnet: connect to address 200.85.166.76: Connection refused Trying 192.168.0.1... telnet: connect to address 192.168.0.1: Connection refused ======================================== Thanks for any help. Bayardo -----Mensaje original----- De: Luciano Giacchetta [mailto:lucianog@keko.com.ar] Enviado el: Jueves, 03 de Junio de 2004 06:49 a.m. Para: bayardo.rivas@puntos.org.ni Asunto: Re: telnet to smtp port is refused You check if the port is open inbound and outbound ? You can telnet smtp port by localhost ? Are you sure that sendmail works ok ? I never saw any problem with MS and Ports.... Luciano Quoting Bayardo Rivas : > Hello, > > I have just installed Mailscanner and ClamAV. I use Suse 8.1 as > mailserver. When I start the Mailscanner daemon it starts Sendmail > without problems, but when I try to telnet to port 25/smtp i receive a > "conection refused" message. I note that when I start sendmail alone, > smtp port is open and working ok, but when sendmail start with > Mailscanner smtp port is like closed. > > Thanks for your help. > > Bayardo > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ------------------------------------------------- ?Todav?a no naveg?s con Keko? Hac? click aqu?: http://www.keko.com.ar -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ELKNET.NET Thu Jun 3 17:00:39 2004 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:25:39 2006 Subject: Razor discover reload question Message-ID: I have a cron job that does a Razor discover every two hours. On occasion though, I see MS throughput drop WAY down and my queue of mail waiting to be scanned grows very large. When this happens, I have verified that RAZOR is no longer functioning (no RAZOR entries in the logged spam), and SA is taking a long time to finish a batch scan due to RAZOR having to time out. When this happens, my assumption is that the Razor server is not responding. If I stop and then restart MS, it takes right off emptying the queue, and many RAZOR entries are seen in the log. This would indicate that the Razor server is functioning just fine now. All I did was stop and restart MS. So, my question is this. When the Razor discover job runs in cron and updates the Razor server list, do I need to reload MS so that it reads the updated server list? I know that if I change any .cf rule file I have to reload MS so that it sees the changes, is this true for the Razor server list also? Thanks! -Alan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ELKNET.NET Thu Jun 3 17:21:40 2004 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:25:39 2006 Subject: Spam Bounce action issues Message-ID: I too am one of those that feels I must send bounce messages to senders so that they are aware that their email was not accpeted, rather than them thinking 'no news is good news'. In my defense, I do run a narrow band between low scoring spam that I bounce and high scoring spam that I do not bounce. I also do not bounce any virus non-deliveries. Now, on to how I prevent my own customers from receiving bounce reports so that they do not receive erroneous reports from messages with forged from headers. I utilize MS's "spam.nobounce.rules" rule set, and place an entry in it to delete messages identified as spam where the 'From' address is from my domain. Identified spam from other domains has an action of 'delete bounce'. So, considering that my domain is 'elknet.net', my 'spam.nobounce.rules' file looks like this: From: *@elknet.net delete FromorTo: default delete bounce That takes care of the problem for me! -Alan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Thu Jun 3 19:39:47 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:39 2006 Subject: Spam Bounce action issues Message-ID: On Thursday, June 03, 2004 6:22 PM Alan wrote: > That takes care of the problem for me! But it does not for the people that are getting joe jobbed by you... :-) I see your point and I do not have a solution. I currently run a low-score 6, high-score 15 setup, quarantine spam/viruses for 30 days and have not yet encountered a high scoring spam false positive. I deliver low-scoring spam which is then automatically put in a spam-folder in the corresponding recipient mailbox. This takes care of the occasional low scoring spam false positive. If a message really is a false positive high scoring message and therefore does not get delivered it could indeed pose a big problem. But I am not yet willing to accept the alternative: spam thousands of mails to innocent people. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 19:50:50 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:39 2006 Subject: Razor discover reload question In-Reply-To: Message-ID: <000b01c4499b$b1ee9ce0$2065e0c9@cositputer> .cf rules and razor have to do with SpamAssassin, which I thought got loaded once for every batch of messages scanned. My idea was that if you changed a rule or did a pyzor/razor discover and/or changed/added .cf rules then the next batch would get the changes implementes. If what you say is true then I have a lot of work to do... ;) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alan Sent: Thursday, June 03, 2004 11:01 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Razor discover reload question I have a cron job that does a Razor discover every two hours. On occasion though, I see MS throughput drop WAY down and my queue of mail waiting to be scanned grows very large. When this happens, I have verified that RAZOR is no longer functioning (no RAZOR entries in the logged spam), and SA is taking a long time to finish a batch scan due to RAZOR having to time out. When this happens, my assumption is that the Razor server is not responding. If I stop and then restart MS, it takes right off emptying the queue, and many RAZOR entries are seen in the log. This would indicate that the Razor server is functioning just fine now. All I did was stop and restart MS. So, my question is this. When the Razor discover job runs in cron and updates the Razor server list, do I need to reload MS so that it reads the updated server list? I know that if I change any .cf rule file I have to reload MS so that it sees the changes, is this true for the Razor server list also? Thanks! -Alan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From schristen at RESOTECH.COM Thu Jun 3 17:33:30 2004 From: schristen at RESOTECH.COM (Stephan Christen RSTI) Date: Thu Jan 12 21:25:39 2006 Subject: Bad RFC822 field name '' Message-ID: Did anyone find a cure for this disease? My MailScanner "defuncts" about once a day, because of it. Workaround or tips are highly appreciated! Cheers Stephan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jun 3 19:07:55 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:39 2006 Subject: telnet to smtp port is refused In-Reply-To: <004301c44995$981a4630$0300a8c0@BAR> References: <1086266924.40bf1e2c2d5b8@webmail.keko.com.ar> <004301c44995$981a4630$0300a8c0@BAR> Message-ID: Bayardo Rivas wrote: > What I saw is that when I start Mailscannner (and Sendmail) the smtp > port is closed. And when I sart only sendmail smtp port is listening. What is the output of # netstat -lnp | grep 25 When MailScanner is on? Are you using two sendmail.cf files? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu Jun 3 20:00:10 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:39 2006 Subject: Bad RFC822 field name '' In-Reply-To: References: Message-ID: <6.1.1.1.2.20040603195930.02a45e78@imap.ecs.soton.ac.uk> At 17:33 03/06/2004, you wrote: >Did anyone find a cure for this disease? My MailScanner "defuncts" about >once a day, because of it. > >Workaround or tips are highly appreciated! The last posting I saw was that the opencomputing guys (who wrote the Qmail support) are working on it. Check their website at opencomputing.sourceforge.net. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Thu Jun 3 20:28:30 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:39 2006 Subject: Question about SA, RBLs and Bayes Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> A user received an email from someone that was just basically a personal letter. There really wasn't anything to spammy about it. Well, the email got tagged as spam as follows: Jun 3 09:00:56 manhattan MailScanner[336]: Message i53E0UHu002354 from 66.163.170.83 (xxx.xxx@swbell.net ) to xxx.com is spam, SpamAssassin (score=10.66, required 8, BAYES_99 5.40, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16, RCVD_IN_XBL 5.00) 1) I searched to find where the XBL came from and finally realized I had created a custom rule under /etc/mail/spamassasin. Maybe this score is too high. But when I went to www.spamhaus.org to check the IP listed above in their XBL database, it said it was not listed? Now I tracked down that the user has a DSL account and his IP changes. But is the XBL a realtime check against someone's active IP? Or why would it report that the IP was on the list if it wasn't? Here is the rule I used (I've now lowered the score): # XBL is the Spamhaus Exploits Block List: http://www.spamhaus.org/xbl/ header RCVD_IN_XBL eval:check_rbl_txt('xbl','xbl.spamhaus.org.') describe RCVD_IN_XBL Received via a relay in Spamhaus XBL tflags RCVD_IN_XBL net score RCVD_IN_XBL 2 Have I made a mistake here? 2) Obviously I have problems with Bayes and need to train more ham?? When I resent the actual message back through our system from myself to myself, the bayes score was very low. Could the bayes score be largely based on the fact that it came from the domain swbell.net? And bayes has learned from a lot of spam coming from there? Thanks, Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040603/6558cda4/attachment.html From alex at nkpanama.com Thu Jun 3 20:39:57 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:39 2006 Subject: Question about SA, RBLs and Bayes In-Reply-To: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> Message-ID: <001001c449a2$8edcef70$2065e0c9@cositputer> Could be one of the IP's where the message went through was in fact in the XBL. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness Sent: Thursday, June 03, 2004 2:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Question about SA, RBLs and Bayes A user received an email from someone that was just basically a personal letter. There really wasn't anything to spammy about it. Well, the email got tagged as spam as follows: Jun 3 09:00:56 manhattan MailScanner[336]: Message i53E0UHu002354 from 66.163.170.83 (xxx.xxx @swbell.net) to xxx.com is spam, SpamAssassin (score=10.66, required 8, BAYES_99 5.40, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16, RCVD_IN_XBL 5.00) 1) I searched to find where the XBL came from and finally realized I had created a custom rule under /etc/mail/spamassasin. Maybe this score is too high. But when I went to www.spamhaus.org to check the IP listed above in their XBL database, it said it was not listed? Now I tracked down that the user has a DSL account and his IP changes. But is the XBL a realtime check against someone's active IP? Or why would it report that the IP was on the list if it wasn't? Here is the rule I used (I've now lowered the score): # XBL is the Spamhaus Exploits Block List: http://www.spamhaus.org/xbl/ header RCVD_IN_XBL eval:check_rbl_txt('xbl','xbl.spamhaus.org.') describe RCVD_IN_XBL Received via a relay in Spamhaus XBL tflags RCVD_IN_XBL net score RCVD_IN_XBL 2 Have I made a mistake here? 2) Obviously I have problems with Bayes and need to train more ham?? When I resent the actual message back through our system from myself to myself, the bayes score was very low. Could the bayes score be largely based on the fact that it came from the domain swbell.net? And bayes has learned from a lot of spam coming from there? Thanks, Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040603/0018ee24/attachment.html From lists99 at HOTMAIL.COM Thu Jun 3 20:29:23 2004 From: lists99 at HOTMAIL.COM (List Account) Date: Thu Jan 12 21:25:39 2006 Subject: Performance problems Message-ID: Hello everyone, I know this is more of a RedHat problem than a MailScanner problem, but I can't get an answer from the taroon list. I'm running RedHat ES 3.0 with MailScanner, postfix, ClamAV and SpamAssassin. From a fresh reboot, MailScanner performs beautifully, and will continue to do so for about a month. After a month however, all the memory in the system is eaten up by buffer and cache according to top. MailScanner then starts to use the swap space, which put the performance in the toilet. Is there any way to limit the amount of memory used for buffer and cache? I've looked all over the net, but maybe someone here has run into this and has a fix. My machine is a Dell 1750 with dual 2.4 P4s and 1 GB RAM. Thanks, Howard _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkbowman at neo.rr.com Thu Jun 3 20:51:30 2004 From: mkbowman at neo.rr.com (Matthew K Bowman) Date: Thu Jan 12 21:25:39 2006 Subject: W32.Explet.A@mm not detected? Message-ID: <000b01c449a4$2d592e60$2567a8c0@mkbowman> Hello A couple of the office PCs here got infected with W32.Explet.A which came out on June 2nd. Neither f-prot, clamav or Symantec AV (on the PCs) have detected it. My f-prot and clamav are uptodate. Is anyone else having the same problem? http://securityresponse.symantec.com/avcenter/venc/data/w32.explet.a@mm.html Matthew -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkettler at EVI-INC.COM Thu Jun 3 20:57:19 2004 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:25:39 2006 Subject: Question about SA, RBLs and Bayes In-Reply-To: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.ne t> References: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> Message-ID: <6.0.0.22.0.20040603154057.02974758@192.168.50.2> At 03:28 PM 6/3/2004, Max Kipness wrote: >1) I searched to find where the XBL came from and finally realized I had >created a custom rule under /etc/mail/spamassasin. Maybe this score is too >high. > >But when I went to www.spamhaus.org to check the >IP listed above in their XBL database, it said it was not listed? Now I >tracked down that the user has a DSL account and his IP changes. But is >the XBL a realtime check against someone's active IP? Or why would it >report that the IP was on the list if it wasn't? The XBL doesn't do a reatime test of an active IP.. However, being a RBL type system XBL's contents change constantly. XBL gets it's contents from OPM and CBL. One can read on the website that OPM expires entries for dynamic IPs more quickly than for static. I don't know how fast they expire them, but 12 or 24 hours wouldn't be surprising to me. > Here is the rule I used (I've now lowered the score): > ># XBL is the Spamhaus Exploits Block List: >http://www.spamhaus.org/xbl/ >header RCVD_IN_XBL eval:check_rbl_txt('xbl','xbl.spamhaus.org.') >describe RCVD_IN_XBL Received via a relay in Spamhaus XBL >tflags RCVD_IN_XBL net >score RCVD_IN_XBL 2 >Have I made a mistake here? Nope, looks good. > >2) Obviously I have problems with Bayes and need to train more ham?? When >I resent the actual message back through our system from myself to myself, >the bayes score was very low. Could the bayes score be largely based on >the fact that it came from the domain swbell.net? And bayes has learned >from a lot of spam coming from there? Unlikely to be something as simple as just the sending domain, or any other single token. The typical short message is going to have about 2 dozen tokens in it. It would be VERY uncommon for a single token to be the breaking point between BAYES_99 and BAYES_00. Try running the message through spamassassin -D and look at all the tokens listed and their scores. (note: don't freak out if one or two tokens has a score on the "wrong side". It's the aggregate that matters) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Thu Jun 3 20:59:51 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:39 2006 Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.72] Message-ID: <40BF8337.7070702@ucgbook.com> FYI -------- Original Message -------- Subject: [Clamav-announce] announcing ClamAV 0.72 Date: Thu, 3 Jun 2004 21:00:19 +0200 From: Luca Gibelli To: clamav-announce@lists.sourceforge.net Dear ClamAV users, ClamAV 0.72 is available for download. Major bugfixes in this release include crashes with corrupted BinHex messages and some Excel documents. Protection against archive bombs (not fully functional since 0.70) was improved and a number of other improvements were made. The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca@clamav.net) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg PS: I hope you are still alive ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Clamav-announce mailing list Clamav-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/clamav-announce -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Thu Jun 3 21:13:13 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:39 2006 Subject: Question about SA, RBLs and Bayes Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6E56@dalsxc01.geniant.net> Ok, after checking more, I found out that I was checking Yahoo/SWBell's SMTP server IP. What is actually listed on CBL is the guy's DSL IP. I couldn't see this IP in the Sendmail logs, but when he sent me a message directly I could see in OPTIONS in Outlook. Thanks, Max ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alex Neuman Sent: Thursday, June 03, 2004 2:40 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Question about SA, RBLs and Bayes Could be one of the IP's where the message went through was in fact in the XBL. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness Sent: Thursday, June 03, 2004 2:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Question about SA, RBLs and Bayes A user received an email from someone that was just basically a personal letter. There really wasn't anything to spammy about it. Well, the email got tagged as spam as follows: Jun 3 09:00:56 manhattan MailScanner[336]: Message i53E0UHu002354 from 66.163.170.83 (xxx.xxx@swbell.net ) to xxx.com is spam, SpamAssassin (score=10.66, required 8, BAYES_99 5.40, HTML_MESSAGE 0.10, NO_REAL_NAME 0.16, RCVD_IN_XBL 5.00) 1) I searched to find where the XBL came from and finally realized I had created a custom rule under /etc/mail/spamassasin. Maybe this score is too high. But when I went to www.spamhaus.org to check the IP listed above in their XBL database, it said it was not listed? Now I tracked down that the user has a DSL account and his IP changes. But is the XBL a realtime check against someone's active IP? Or why would it report that the IP was on the list if it wasn't? Here is the rule I used (I've now lowered the score): # XBL is the Spamhaus Exploits Block List: http://www.spamhaus.org/xbl/ header RCVD_IN_XBL eval:check_rbl_txt('xbl','xbl.spamhaus.org.') describe RCVD_IN_XBL Received via a relay in Spamhaus XBL tflags RCVD_IN_XBL net score RCVD_IN_XBL 2 Have I made a mistake here? 2) Obviously I have problems with Bayes and need to train more ham?? When I resent the actual message back through our system from myself to myself, the bayes score was very low. Could the bayes score be largely based on the fact that it came from the domain swbell.net? And bayes has learned from a lot of spam coming from there? Thanks, Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040603/2733b20e/attachment.html From info at AG-IT.DE Thu Jun 3 21:20:24 2004 From: info at AG-IT.DE (Andrei Gologan) Date: Thu Jan 12 21:25:39 2006 Subject: Logging per domain References: <58696C94787F16468267F3509F115030077074@hermes.clumpton.homeip.net> <40BEFB3A.4060608@brikken.no> Message-ID: <041201c449a8$3ae8df90$6b00a8c0@tuck> > MailScanner wrote: > > >Use MailWatch http://mailwatch.sourceforge.net which gives them > >excellent statistics, drilldowns, etc. on all aspect of your mail > >filtering for them. > > > >Bart... > > > > > > > I have looked at it, but it seems that it does not do what I want. I > might be wrong however.. ;) > > The customer wants to see only his own domain, not all the other domains > on the server. Since it is all mysql and php you can easil modify it , or make an own page with a query only for his domain. Andrei -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From info at AG-IT.DE Thu Jun 3 21:23:28 2004 From: info at AG-IT.DE (Andrei Gologan) Date: Thu Jan 12 21:25:39 2006 Subject: domain signature / report directory References: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> <6.0.0.22.0.20040603154057.02974758@192.168.50.2> Message-ID: <041f01c449a8$a87d3dd0$6b00a8c0@tuck> Hi, Is it possible to have a per domain signature and or entire report directories ? I have customers from a lot of countries, and they have to get the texts in their language. Thank You Andrei -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Chase.Casanova at RDU.COM Thu Jun 3 21:37:57 2004 From: Chase.Casanova at RDU.COM (Casanova, Chase) Date: Thu Jan 12 21:25:39 2006 Subject: {Spam?} [MAILSCANNER] New spam faking whitelisting Message-ID: Chris, The Spam Action and High Scoring Spam Action will do just what you want, but only if your Required SpamAssassin Score = 10 Then you just do: Spam Actions = forward postmaster@yourdomain.com High SpamAssassin Score = 100 High Scoring Spam Actions = delete If your Required SpamAssassin Score is not 10 and you want to store the Spam that scored below 10. Then with the standard MailScanner.conf settings you won't be able to drop the Spam with a score over 100. i.e. make you High SpamAssassin Score = 10 Spam Actions = store forward postmaster@yourdomain.com High SpamAssassin Score = 10 High Scoring Spam Actions = forward postmaster@yourdomain.com -Chase -----Original Message----- From: Chris Conn [mailto:cconn@ABACOM.COM] Sent: Thursday, June 03, 2004 10:59 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking whitelisting Casanova, Chase wrote: > Chris, > > Can you not do what you want with the Spam Actions setting in MailScanner.conf > > Spam Actions = store forward postmaster@yourdomain.com > Hello, Yes, but this is not what I want to do. When using sendmail (I don't know about other MTAs), if you whitelist an email address, all other Cc: or Bcc: addresses will receive the SPAM. What I want to establish is the possibility of not using the whitelist function but rather create a ruleset under the spam actions for high scoring spam, and deliver spam to the postmaster account at scores less than 100 while deleting spam with score of 10 or more for other users, even if they are Cc: or Bcc: on the spam sent to the postmaster. Chris > -Chase > > -----Original Message----- > From: Chris Conn [mailto:cconn@ABACOM.COM] > Sent: Thursday, June 03, 2004 10:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking > whitelisting > > > List Account wrote: > >>I think I found the problem. The problem is one of the addresses, >>jobs@ourdomain.com, is on the whitelist. Is there any to not allow the >>message for everyone just because that one address is whitelisted? >> > > Hello, > > I am also trying to tackle this problem as my whitelist to a postmaster > account is causing Cc: and Bcc: recipients to receive the spam. > > If it cannot be done with the whitelist feature, could it be instead > done by creating a ruleset for the high-score spam action? For > instance, have a high scoring spam of 10 for all but the postmaster > address, set to 100? > > Chris > > >>Thanks, >> >>Howard >> >> >> >>>From: Martin Hepworth >>>Reply-To: MailScanner mailing list >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: {Spam?} [MAILSCANNER] New spam faking whitelisting >>>Date: Thu, 3 Jun 2004 15:04:57 +0100 >>> >>>Hi >>> >>>what does /etc/MailScanner/rules/spam.whitelist.rules look like >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>List Account wrote: >>> >>> >>>>Hello all, >>>> >>>>I am running MailScanner 4.26.8-1 with postfix 2.0.18, SpamAssassin 2.63 >>>>and >>>>ClamAV 0.70. Starting today, I'm seeing spam messages comming in saying >>>>that they are white listed, but they aren't on my whitelist in >>>>/etc/MailScanner/rules/spam.whitelist.rules. Here are the message >>>>details >>>>from MailWatch: >>>> >>>>Received on: 03/06/04 08:40:20 >>>>Received by: mailscanner >>>>Received from: 61.202.42.238 (n042238.ppp.dion.ne.jp) >>>>124.8.92.244 >>>>ID: D0AEE900 >>>>Message Headers: Received: from n042238.ppp.dion.ne.jp >>>>(N042238.ppp.dion.ne.jp [61.202.42.238]) >>>>by mailscanner.ourdomain.com (Postfix) with SMTP >>>>id D0AEE900; Thu, 3 Jun 2004 08:40:04 -0500 (CDT) >>>>Received: from bfzoqwcn-rtfu363.de.twirl.English@canada.com >>>>([124.8.92.244]) >>>>by umxo4989-eku33.61.202.42.238 with Microsoft SMTPSVC(0.0.8246.1834); >>>>Thu, 03 Jun 2004 07:29:06 -0600 >>>>From: "Efren Hyde" >>>>To: user@ourdomain.com >>>>Cc: info@ourdomain.com, user2@ourdomain.com, >>>>user3@ourdomain.com, user4@ourdomain.com, >>>>jobs@ourdomain.com, user5@ourdomain.com, >>>>user6@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Date: Thu, 03 Jun 2004 15:26:06 +0200 >>>>Message-ID: <18484457687322.64.53502@eunkzq-db12511.localhost> >>>>MIME-Version: 1.0 >>>>Content-Type: multipart/alternative; >>>>boundary="--13344725039681107" >>>>From: twirl.english@canada.com >>>>To: user@ourdomain.com >>>>user@ourdomain.com >>>>user2@ourdomain.com >>>>user2@ourdomain.com >>>>user3@ourdomain.com >>>>user3@ourdomain.com >>>>jobs@ourdomain.com >>>>jobs@ourdomain.com >>>>user4@ourdomain.com >>>>user4@ourdomain.com >>>>user5@ourdomain.com >>>>user5@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Size: 2.5Kb >>>>Virus: N >>>>Blocked File: N >>>>Other Infection: N >>>>Report: >>>>Spam: N Action(s): deliver >>>>High Scoring Spam: N >>>>Listed in RBL: N >>>>Whitelisted: Y >>>>Blacklisted: N >>>>SpamAssassin Spam: N >>>>SpamAssassin Score: 0.00\ >>>> >>>>Is anyone else seeing this, and what can I do to stop it? >>>> >>>>Thanks, >>>> >>>>Howard >>>> >>>>_________________________________________________________________ >>>>Getting married? Find great tips, tools and the latest trends at MSN >>>>Life >>>>Events. http://lifeevents.msn.com/category.aspx?cid=married >>>> >>>>-------------------------- MailScanner list ---------------------- >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>Before posting, please see the Most Asked Questions at >>>>http://www.mailscanner.biz/maq/ and the archives at >>>>http://www.jiscmail.ac.uk/lists/mailscanner.html >>>> >>> >>>********************************************************************** >>> >>>This email and any files transmitted with it are confidential and >>>intended solely for the use of the individual or entity to whom they >>>are addressed. If you have received this email in error please notify >>>the system manager. >>> >>>This footnote confirms that this email message has been swept >>>for the presence of computer viruses and is believed to be clean. >>> >>>********************************************************************** >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>Before posting, please see the Most Asked Questions at >>>http://www.mailscanner.biz/maq/ and the archives at >>>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >>_________________________________________________________________ >>Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage! >>http://join.msn.click-url.com/go/onm00200362ave/direct/01/ >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From KShortt at AZERTY.COM Thu Jun 3 21:38:39 2004 From: KShortt at AZERTY.COM (Shortt, Kevin) Date: Thu Jan 12 21:25:39 2006 Subject: mysql insert issue with FC2 Message-ID: <210DF55DED65B547896F728FB057F3B202E3037D@seaver.ussco.com> Hi everyone, MailScanner is working, but I am setting up Real Time SQL Logging using the "Always Looked Up Last = &SQLRealTimeLogging". I have "SQLRealTimeLogging.pm" placed into CustomFunctions directory. I am unable to insert into mysql. See my .pm and log entry at the bottom of this message. I have marked "IT DIES HERE" where the death occurs. This is what I have. All packages are installed as RPM's. OS: Fedora Core 2 MS: mailscanner-4.30.3-2 PERL: perl-DBI-1.40-4 perl-DBD-MySQL-2.9003-4 DB: mysql-3.23.58-9 mysql-server-3.23.58-9 I can insert with a test script, but not through my custom.pm. If I create a test.pl script that inserts and place it into CustomFunctions, then that script will work. I have tried everything. I've changed the database it only include one table and one field. I changed from using execute to using do. It just will not insert into that database. I have scanned this mailling list and DBI's lists. If anyone has had this problem before, please let me know. Thanks.. -k ---- my custom.pm (SQLRealTimeLogging.pm) - this is placed into CustomFunctions directory. package MailScanner::CustomConfig; use DBI; use strict 'vars'; use strict 'refs'; no strict 'subs'; # Allow bare words for parameter %'s my $database = "mailscanner"; my $dbuser = "mailscanner"; my $dbpass = "!mailscanner32!"; my $mysqlsocket = "/db/mysql/mysql.sock"; my $dbhandle; my $sthMail; my $sthReport; my $sthRecipient; sub InitSQLRealTimeLogging { MailScanner::Log::InfoLog("Initialising SQL Real Time Logging "); $dbhandle = DBI->connect("DBI:mysql:$database:localhost;mysql_socket=$mysqlsocket;", "$dbuser", $dbpass, {'RaiseError' => 1, 'PrintError' => 1}) or MailScanner::Log::DieLog("Cannot connect to the database: %s", $DBI::errstr); # $dbhandle->trace(1,"/tmp/mysql.trace2"); $sthMail = $dbhandle->prepare("INSERT INTO maillog_mail (time, msg_id, size, from_user, from_domain, subject, clientip, archives, isspam, ishighspam, sascore, spamreport) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)") or die(" Prepare did not work: %s", $DBI::errstr); $sthReport = $dbhandle->prepare("INSERT INTO maillog_report (msg_id, filename, filereport) VALUES (?,?,?)"); $sthRecipient = $dbhandle->prepare("INSERT INTO maillog_recipient (msg_id, to_user, to_domain) VALUES (?,?,?)"); } sub SQLRealTimeLogging { use DBI; my($message) = @_; my $id = $message->{id}; my $size = $message->{size}; my $from = $message->{from}; my ($from_user, $from_domain); # split the from address into user and domain bits. # This may be unnecessary for you; we use it to more easily determine # inbound vs outbound email in a multi-domain environment. # HINT: refine queries using SQL 'join' with a table containing local # domains. ($from_user, $from_domain) = split /\@/, $from; my @to = @{$message->{to}}; my $subject = $message->{subject}; my $clientip = $message->{clientip}; my $archives = join(',', @{$message->{archiveplaces}}); my $isspam = $message->{isspam}; my $ishighspam = $message->{ishigh}; my $sascore = $message->{sascore}; my $spamreport = $message->{spamreport}; # Get rid of control chars and tidy-up SpamAssassin report $spamreport =~ s/\n/ /g; $spamreport =~ s/\t//g; # Get timestamp, and format it so it is suitable to use with MySQL my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(); my($timestamp) = sprintf("%d-%02d-%02d %02d:%02d:%02d",$year+1900,$mon+1,$mday,$hour,$min,$sec); # maillog_mail insert my @fields=($timestamp, $id, $size, $from_user, $from_domain, $subject, $clientip, $archives, $isspam, $ishighspam, $sascore, $spamreport); map { s/\'/\\'/g } @fields; map { ($_ eq '')?'NULL':"$_" } @fields; # Debug statements added for verifying date is populating fields array. MailScanner::Log::InfoLog("=========================\nfields array - \n0:[$fields[0]] 1:[$fields[1]] \n2:[$fields[2]] 3:[$fields[3]] \n"); MailScanner::Log::InfoLog("4:[$fields[4]] 5:[$fields[5]] \n6:[$fields[6]] 7:[$fields[7]] \n"); MailScanner::Log::InfoLog("8:[$fields[8]] 9:[$fields[9]] \n10:[$fields[10]] 11:[$fields[11]] \n====================\n"); # Insert @fields into a database table $sthMail->execute($timestamp, $id, $size, $from_user, $from_domain, $subject, $clientip, $archives, $isspam, $ishighspam, $sascore, "$spamreport") or MailScanner::Log::DieLog("Cannot insert into maillog_mail: %s", $DBI::errstr); # IT DIES HERE on the above execute statement. my($file, $text); while(($file, $text) = each %{$message->{allreports}}) { $file = "the entire message" if $file eq ""; # Use the sanitised filename to avoid problems caused by people forcing # logging of attachment filenames which contain nasty SQL instructions. $file = $message->{file2safefile}{$file} or $file; $text =~ s/\n/ /; # Make sure text report only contains 1 line $text =~ s/\t/ /; # and no tab characters my @fields = ($id, $file, $text); map { s/\'/\\'/g } @fields; $sthReport->execute($fields[0],$fields[1],$fields[2]) or MailScanner::Log::DieLog("Cannot insert row into maillog_report: [$DBI::errstr]"); } for (@to) { # again, split the recipient's email into user and domain halves first. # see comment above about splitting the email like this. my ($to_user, $to_domain); ($to_user, $to_domain) = split /\@/, $_; my @fields = ($id, $to_user, $to_domain); map { s/\'/\\'/g } @fields; $sthRecipient->execute($fields[0],$fields[1],$fields[2]) or MailScanner::Log::DieLog("Cannot insert row into maillog_recipient: [%s]", $DBI::errstr); } } sub EndSQLRealTimeLogging { MailScanner::Log::InfoLog("Ending SQL Real-Time Logging"); # Close database connection $dbhandle->disconnect(); } 1; ---- end custom.pm ----one entry of one message Jun 3 16:28:03 hostname MailScanner[12208]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... Jun 3 16:28:03 hostname MailScanner[12208]: Config: calling custom init function SQLRealTimeLogging Jun 3 16:28:03 hostname MailScanner[12208]: Initialising SQL Real Time Logging Jun 3 16:28:03 hostname MailScanner[12208]: Config: calling custom init function MultipleQueueDir Jun 3 16:28:03 hostname MailScanner[12208]: Using locktype = flock Jun 3 16:28:04 hostname MailScanner[12208]: New Batch: Forwarding 1 unscanned messages, 6679 bytes Jun 3 16:28:04 hostname MailScanner[12208]: MCP Checks completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Spam Checks: Found 1 spam messages Jun 3 16:28:04 hostname MailScanner[12208]: Spam Checks completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Unscanned: Delivered 1 messages Jun 3 16:28:04 hostname MailScanner[12208]: Virus and Content Scanning: Starting Jun 3 16:28:04 hostname MailScanner[12208]: Virus Scanning completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Virus Processing completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Disinfection completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Batch completed at 6679 bytes per second (6679 / 0) Jun 3 16:28:04 hostname MailScanner[12208]: ========================= Jun 3 16:28:04 hostname MailScanner[12208]: fields array - Jun 3 16:28:04 hostname MailScanner[12208]: 0:[2004-06-03 16:28:04] 1:[i53KRoO7012126] Jun 3 16:28:04 hostname MailScanner[12208]: 2:[6679] 3:[fakeuser] Jun 3 16:28:04 hostname MailScanner[12208]: 4:[fakedomain.com] 5:[Don, Extend Your Auto Warranty, Extend Your Peace of Mind.] Jun 3 16:28:04 hostname MailScanner[12208]: 6:[192.168.0.1] 7:[] Jun 3 16:28:04 hostname MailScanner[12208]: 8:[1] 9:[0] Jun 3 16:28:04 hostname MailScanner[12208]: 10:[8.528] 11:[spam, SBL+XBL, SpamAssassin (score=8.528, required 6, BAYES_90 2.10, BUY_DIRECT 1.82, HTML_50_60 0.10, HTML_MESSAGE 0.10, HTML_WEB_BUGS 0.34, NO_OBLIGATION 1.46, RCVD_IN_BL_SPAMCOP_NET 1.50, RCVD_IN_SBL 1.11)] Jun 3 16:28:04 hostname MailScanner[12208]: ==================== Jun 3 16:28:04 hostname MailScanner[12208]: Cannot insert into maillog_mail: -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscribe at KRINGSTAD.NET Thu Jun 3 21:54:18 2004 From: subscribe at KRINGSTAD.NET (subscribe) Date: Thu Jan 12 21:25:39 2006 Subject: {Spa(m)?} [MAILSCANNER] New spam faking whitelisting Message-ID: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D81EE@kirk.kringstad.net> Is it just me who are filtering mail on the subject ? Why can't you remove the {Spam?} in subject when replying ? --- Trond -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Casanova, Chase Sent: 3. juni 2004 22:38 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: {Spam?} [MAILSCANNER] New spam faking whitelisting Chris, The Spam Action and High Scoring Spam Action will do just what you want, but only if your Required SpamAssassin Score = 10 Then you just do: Spam Actions = forward postmaster@yourdomain.com High SpamAssassin Score = 100 High Scoring Spam Actions = delete If your Required SpamAssassin Score is not 10 and you want to store the Spam that scored below 10. Then with the standard MailScanner.conf settings you won't be able to drop the Spam with a score over 100. i.e. make you High SpamAssassin Score = 10 Spam Actions = store forward postmaster@yourdomain.com High SpamAssassin Score = 10 High Scoring Spam Actions = forward postmaster@yourdomain.com -Chase -----Original Message----- From: Chris Conn [mailto:cconn@ABACOM.COM] Sent: Thursday, June 03, 2004 10:59 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking whitelisting Casanova, Chase wrote: > Chris, > > Can you not do what you want with the Spam Actions setting in > MailScanner.conf > > Spam Actions = store forward postmaster@yourdomain.com > Hello, Yes, but this is not what I want to do. When using sendmail (I don't know about other MTAs), if you whitelist an email address, all other Cc: or Bcc: addresses will receive the SPAM. What I want to establish is the possibility of not using the whitelist function but rather create a ruleset under the spam actions for high scoring spam, and deliver spam to the postmaster account at scores less than 100 while deleting spam with score of 10 or more for other users, even if they are Cc: or Bcc: on the spam sent to the postmaster. Chris > -Chase > > -----Original Message----- > From: Chris Conn [mailto:cconn@ABACOM.COM] > Sent: Thursday, June 03, 2004 10:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking > whitelisting > > > List Account wrote: > >>I think I found the problem. The problem is one of the addresses, >>jobs@ourdomain.com, is on the whitelist. Is there any to not allow >>the message for everyone just because that one address is whitelisted? >> > > Hello, > > I am also trying to tackle this problem as my whitelist to a > postmaster account is causing Cc: and Bcc: recipients to receive the spam. > > If it cannot be done with the whitelist feature, could it be instead > done by creating a ruleset for the high-score spam action? For > instance, have a high scoring spam of 10 for all but the postmaster > address, set to 100? > > Chris > > >>Thanks, >> >>Howard >> >> >> >>>From: Martin Hepworth >>>Reply-To: MailScanner mailing list >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: {Spam?} [MAILSCANNER] New spam faking whitelisting >>>Date: Thu, 3 Jun 2004 15:04:57 +0100 >>> >>>Hi >>> >>>what does /etc/MailScanner/rules/spam.whitelist.rules look like >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>List Account wrote: >>> >>> >>>>Hello all, >>>> >>>>I am running MailScanner 4.26.8-1 with postfix 2.0.18, SpamAssassin >>>>2.63 and ClamAV 0.70. Starting today, I'm seeing spam messages >>>>comming in saying that they are white listed, but they aren't on my >>>>whitelist in /etc/MailScanner/rules/spam.whitelist.rules. Here are >>>>the message details from MailWatch: >>>> >>>>Received on: 03/06/04 08:40:20 >>>>Received by: mailscanner >>>>Received from: 61.202.42.238 (n042238.ppp.dion.ne.jp) >>>>124.8.92.244 >>>>ID: D0AEE900 >>>>Message Headers: Received: from n042238.ppp.dion.ne.jp >>>>(N042238.ppp.dion.ne.jp [61.202.42.238]) by >>>>mailscanner.ourdomain.com (Postfix) with SMTP id D0AEE900; Thu, 3 >>>>Jun 2004 08:40:04 -0500 (CDT) >>>>Received: from bfzoqwcn-rtfu363.de.twirl.English@canada.com >>>>([124.8.92.244]) >>>>by umxo4989-eku33.61.202.42.238 with Microsoft >>>>SMTPSVC(0.0.8246.1834); Thu, 03 Jun 2004 07:29:06 -0600 >>>>From: "Efren Hyde" >>>>To: user@ourdomain.com >>>>Cc: info@ourdomain.com, user2@ourdomain.com, user3@ourdomain.com, >>>>user4@ourdomain.com, jobs@ourdomain.com, user5@ourdomain.com, >>>>user6@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Date: Thu, 03 Jun 2004 15:26:06 +0200 >>>>Message-ID: <18484457687322.64.53502@eunkzq-db12511.localhost> >>>>MIME-Version: 1.0 >>>>Content-Type: multipart/alternative; boundary="--13344725039681107" >>>>From: twirl.english@canada.com >>>>To: user@ourdomain.com >>>>user@ourdomain.com >>>>user2@ourdomain.com >>>>user2@ourdomain.com >>>>user3@ourdomain.com >>>>user3@ourdomain.com >>>>jobs@ourdomain.com >>>>jobs@ourdomain.com >>>>user4@ourdomain.com >>>>user4@ourdomain.com >>>>user5@ourdomain.com >>>>user5@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Size: 2.5Kb >>>>Virus: N >>>>Blocked File: N >>>>Other Infection: N >>>>Report: >>>>Spam: N Action(s): deliver >>>>High Scoring Spam: N >>>>Listed in RBL: N >>>>Whitelisted: Y >>>>Blacklisted: N >>>>SpamAssassin Spam: N >>>>SpamAssassin Score: 0.00\ >>>> >>>>Is anyone else seeing this, and what can I do to stop it? >>>> >>>>Thanks, >>>> >>>>Howard >>>> >>>>_________________________________________________________________ >>>>Getting married? Find great tips, tools and the latest trends at MSN >>>>Life Events. http://lifeevents.msn.com/category.aspx?cid=married >>>> >>>>-------------------------- MailScanner list ---------------------- >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>Before posting, please see the Most Asked Questions at >>>>http://www.mailscanner.biz/maq/ and the archives at >>>>http://www.jiscmail.ac.uk/lists/mailscanner.html >>>> >>> >>>********************************************************************* >>>* >>> >>>This email and any files transmitted with it are confidential and >>>intended solely for the use of the individual or entity to whom they >>>are addressed. If you have received this email in error please notify >>>the system manager. >>> >>>This footnote confirms that this email message has been swept for the >>>presence of computer viruses and is believed to be clean. >>> >>>********************************************************************* >>>* >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>Before posting, please see the Most Asked Questions at >>>http://www.mailscanner.biz/maq/ and the archives at >>>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >>_________________________________________________________________ >>Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage! >>http://join.msn.click-url.com/go/onm00200362ave/direct/01/ >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Thu Jun 3 21:56:16 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:39 2006 Subject: domain signature / report directory In-Reply-To: <041f01c449a8$a87d3dd0$6b00a8c0@tuck> References: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> <6.0.0.22.0.20040603154057.02974758@192.168.50.2> <041f01c449a8$a87d3dd0$6b00a8c0@tuck> Message-ID: <40BF9070.4000006@ucgbook.com> Andrei Gologan wrote: > Is it possible to have a per domain signature and or entire report > directories ? > I have customers from a lot of countries, and they have to get the texts in > their language. You should be able to do that with rulesets pointing to different files. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ELKNET.NET Thu Jun 3 21:09:59 2004 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:25:39 2006 Subject: Razor discover reload question Message-ID: On Thu, 3 Jun 2004 13:50:50 -0500, Alex Neuman wrote: >.cf rules and razor have to do with SpamAssassin, which I thought got loaded >once for every batch of messages scanned. > >My idea was that if you changed a rule or did a pyzor/razor discover and/or >changed/added .cf rules then the next batch would get the changes >implementes. > >If what you say is true then I have a lot of work to do... ;) I'm pretty sure that you have to reload MS after changing any .cf files. I know the cron scripts that update the various rule files (like chickenpox, tripwire etc.) all include the command to reload MS in the script. And when I make changed to my custom scripts, I don't see them taking effect until after I reload. I'm just not sure if a new Razor discovery that results in a server change also needs a reload. I just know that early this morning, my Razor stopped working until I manually stopped and restarted MS. -Alan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ELKNET.NET Thu Jun 3 21:18:21 2004 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:25:39 2006 Subject: Spam Bounce action issues Message-ID: Look, can we please stop beating the dead horse issue. Yes, those of us that continue to bounce messages, low score or otherwise, know that we are unliked by the masses that never bounce. We're not going to convince you otherwise, nor are you going to convince us. Its a dead issue... It seems everytime a legitimate question related to bounce comes up, an avalanche of "DON'T BOUNCE" replies get posted. Some of us are going to bounce, and flaying the dead horse isn't helpful. I was trying to stay on topic related to those of us who DO bounce, on how to not bounce spam reports to our own customers when the 'From' of a spam is faked. In my situation, I know for a fact that any email coming into my MS that has a 'From' domain of my own domain is faked. I know that because outbound email from my customers, the only ones whom should be using my domain in their address, do not pass through my MS server. Hence, and email saying its from my domain is faked, and I delete it with no bounce. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Thu Jun 3 22:31:10 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:39 2006 Subject: Performance problems In-Reply-To: References: Message-ID: <1086298269.15314.7.camel@bach.kevinspicer.co.uk> On Thu, 2004-06-03 at 20:29, List Account wrote: > Hello everyone, > > I know this is more of a RedHat problem than a MailScanner problem, but I > can't get an answer from the taroon list. I'm running RedHat ES 3.0 with > MailScanner, postfix, ClamAV and SpamAssassin. From a fresh reboot, > MailScanner performs beautifully, and will continue to do so for about a > month. After a month however, all the memory in the system is eaten up by > buffer and cache according to top. MailScanner then starts to use the swap > space, which put the performance in the toilet. Is there any way to limit > the amount of memory used for buffer and cache? I've looked all over the > net, but maybe someone here has run into this and has a fix. My machine is > a Dell 1750 with dual 2.4 P4s and 1 GB RAM. Odds are you have a process running wiith a memory leak, this won't be MailScanner as MailScanner restarts itself every few hours to avoid this problem. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From info at AG-IT.DE Thu Jun 3 22:49:45 2004 From: info at AG-IT.DE (Andrei Gologan) Date: Thu Jan 12 21:25:39 2006 Subject: domain signature / report directory References: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> <6.0.0.22.0.20040603154057.02974758@192.168.50.2> <041f01c449a8$a87d3dd0$6b00a8c0@tuck> <40BF9070.4000006@ucgbook.com> Message-ID: <049301c449b4$b67b2080$6b00a8c0@tuck> > Andrei Gologan wrote: > > Is it possible to have a per domain signature and or entire report > > directories ? > > I have customers from a lot of countries, and they have to get the texts in > > their language. > > You should be able to do that with rulesets pointing to different files. > > -- > /Peter Bonivart > Ok I got it if I want only the signature but if i want the whole %report-dir% to change that does not work, it cannot be a ruleset. Now I have seen the languages.conf , does anybody know how to use it ? Do I actually have to change all these: Language Strings = %report-dir%/languages.conf Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Isnt there a way to make %report-dir% based on rules ? Thanks Andrei www.ag-it.net -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jun 3 22:42:56 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:39 2006 Subject: domain signature / report directory In-Reply-To: <40BF9070.4000006@ucgbook.com> References: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> <6.0.0.22.0.20040603154057.02974758@192.168.50.2> <041f01c449a8$a87d3dd0$6b00a8c0@tuck> <40BF9070.4000006@ucgbook.com> Message-ID: Peter Bonivart wrote: > Andrei Gologan wrote: > >> Is it possible to have a per domain signature and or entire report >> directories ? >> I have customers from a lot of countries, and they have to get the >> texts in >> their language. > > > You should be able to do that with rulesets pointing to different files. Yes, but it could be easier if he could set %report-dir% as a ruleset, which doesn't seem to be possible right now. I can't tell how complicated it is to do... Julian? Meanwhile, you can always set rulesets for individual reports in MailScanner.conf. It is in the section: > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From karl.bailey at LANDMARK-INFORMATION.CO.UK Thu Jun 3 22:55:18 2004 From: karl.bailey at LANDMARK-INFORMATION.CO.UK (Karl Bailey) Date: Thu Jan 12 21:25:39 2006 Subject: Virus Vulnerability Message-ID: Been looking at a site: www.testvirus.org Which will fire a number of tests at a mail account. Among these are: Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability" And Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability" Both of these tests seemed to get through the MailScanner system I am running, one of which got picked up by the mcaffee groupshield solution on an exchange server (number 23). The other (21) wasn't picked up by anything & made it to the mail client... Is this a problem with my config (which I suspect), or is this actually a problem & if so can the hole be plugged? I'm running latest version of Mailscanner, kaspersky AVP, Mcaffee uvscan & f-prot. Regards Karl Bailey Systems Administrator ===================================== This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify Landmark Information Group on +44(0) 1392 441700. For more information about the Landmark Information Group visit www.landmark-information.co.uk This email and any attachments have been scanned for viruses and to the best of our knowledge are clean. ==================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From elhannaford at PSFINC.COM Thu Jun 3 22:59:09 2004 From: elhannaford at PSFINC.COM (Edward L. Hannaford) Date: Thu Jan 12 21:25:39 2006 Subject: Blank SpamCheck Message-ID: I'm using MailScanner 4.27.7 and SpamAssassin 2.63. Occasionally spams get through MailScanner with the following in the header: X-PSFInc-MailScanner-Information: Please contact the ISP for more information X-PSFInc-MailScanner: Found to be clean X-PSFInc-MailScanner-SpamCheck: X-MailScanner-From: elhannaford@psfinc.com X-MailScanner-To: elhannaford@psfinc.com Note that the SpamCheck line is blank after the colon. This entry confuses the heck out of me. Normally I get some kind of status on the SpamCheck line, even if a timeout triggers. Why would this line be blank after the colon? -Ed P.S. While writing this I noticed that the From and To were identical. I checked the other failures from today and they have identical From and To entries also. Might this be a bug? Or might I have misconfigured something somewhere? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jun 3 22:43:50 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:40 2006 Subject: domain signature / report directory In-Reply-To: <40BF9070.4000006@ucgbook.com> References: <399D85F2BB50BC4295F78EAE203D5C226B6E30@dalsxc01.geniant.net> <6.0.0.22.0.20040603154057.02974758@192.168.50.2> <041f01c449a8$a87d3dd0$6b00a8c0@tuck> <40BF9070.4000006@ucgbook.com> Message-ID: Sorry, I hit ctrl-enter instead of ctrl-v Peter Bonivart wrote: > Andrei Gologan wrote: > >> Is it possible to have a per domain signature and or entire report >> directories ? >> I have customers from a lot of countries, and they have to get the >> texts in >> their language. Yes, but it could be easier if he could set %report-dir% as a ruleset, which doesn't seem to be possible right now. I can't tell how complicated it is to do... Julian? Meanwhile, you can always set rulesets for individual reports in MailScanner.conf. It is in the section: # # Reports and Responses # --------------------- # Ugo > > > You should be able to do that with rulesets pointing to different files. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 20:00:48 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues In-Reply-To: Message-ID: <000c01c4499d$16cbe1d0$2065e0c9@cositputer> Two questions then: 1. How would your system distinguish fake and non-fake bounces? and most importantly, 2. How would other people (i.e., me) distinguish bounces from faked headers vs. bounces from actual spam? Those who choose to bounce spam back to senders just create more problems than they solve, while using more bandwidth than they should. How can anyone tell that the spam came from a specific sender or it was a fake (a joe job)? And if two such people bounce each other, and they think that their messages are spam, then bounce them back... Hmmm... This is a bad situation waiting to happen. Reminds me of a problem with a virus faking a mail from Person B to Person A (who was on vacation) a message, and Person A's misconfigured vacation program sent a message back to Person B (who was, coincidentally, also on vacation, using the same misconfigured vacation program), and vice versa, until high cpu loads and low disk space forced them to fix their configuration. Bouncing bad content (like .exe files where policy says otherwise) is a good idea. Bouncing spammy messages is still problematic, IMHO. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alan Sent: Thursday, June 03, 2004 11:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam Bounce action issues I too am one of those that feels I must send bounce messages to senders so that they are aware that their email was not accpeted, rather than them thinking 'no news is good news'. In my defense, I do run a narrow band between low scoring spam that I bounce and high scoring spam that I do not bounce. I also do not bounce any virus non-deliveries. Now, on to how I prevent my own customers from receiving bounce reports so that they do not receive erroneous reports from messages with forged from headers. I utilize MS's "spam.nobounce.rules" rule set, and place an entry in it to delete messages identified as spam where the 'From' address is from my domain. Identified spam from other domains has an action of 'delete bounce'. So, considering that my domain is 'elknet.net', my 'spam.nobounce.rules' file looks like this: From: *@elknet.net delete FromorTo: default delete bounce That takes care of the problem for me! -Alan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 20:01:49 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues In-Reply-To: Message-ID: <000d01c4499d$3ab7be70$2065e0c9@cositputer> Exactly my same setup, except my scores are a bit closer together. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan-Peter Koopmann Sent: Thursday, June 03, 2004 1:40 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam Bounce action issues On Thursday, June 03, 2004 6:22 PM Alan wrote: > That takes care of the problem for me! But it does not for the people that are getting joe jobbed by you... :-) I see your point and I do not have a solution. I currently run a low-score 6, high-score 15 setup, quarantine spam/viruses for 30 days and have not yet encountered a high scoring spam false positive. I deliver low-scoring spam which is then automatically put in a spam-folder in the corresponding recipient mailbox. This takes care of the occasional low scoring spam false positive. If a message really is a false positive high scoring message and therefore does not get delivered it could indeed pose a big problem. But I am not yet willing to accept the alternative: spam thousands of mails to innocent people. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jase at SENSIS.COM Thu Jun 3 22:11:29 2004 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:25:40 2006 Subject: Logging per domain Message-ID: Even easier - just set up a filter for that domain, and then view your reports. No code changes needed. Jase Andrei Gologan wrote: >> MailScanner wrote: >> >>> Use MailWatch http://mailwatch.sourceforge.net which gives them >>> excellent statistics, drilldowns, etc. on all aspect of your mail >>> filtering for them. >>> >>> Bart... >>> >>> >>> >> I have looked at it, but it seems that it does not do what I want. I >> might be wrong however.. ;) >> >> The customer wants to see only his own domain, not all the other >> domains on the server. > > Since it is all mysql and php you can easil modify it , or make an > own page with a query only for his domain. > > Andrei > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jase at SENSIS.COM Thu Jun 3 22:17:33 2004 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:25:40 2006 Subject: Virus Scan Order Message-ID: Not sure about the actual load, the it certainly takes my server a longer amount of time to do spam checks than to do virus checks, and I'm running with 2 virus scanners. Jase Martin Hepworth wrote: > Thirded > > IMHO everything should be scanned for malware - just in case I forget > and release something I shouldn't... > > Yes I know it increases load, but I'd rather be safe than sorry. > > > Randal, Phil wrote: >> I'd vote for scanning everything for viruses, before spam checks. >> >> Phil >> >> ---- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >> >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gib Gilbertson >>> Sent: 03 June 2004 00:10 To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Virus Scan Order >>> >>> On Wed, 2 Jun 2004 17:58:16 +0100, Glen Willms >>> wrote: >>> >>> >>>> Is there a way to scan messages for virii before the Spam checks? >>>> It would be really nice to not have virii show up as spam, or >>> >>> get added to >>> >>>> the bayes database. >>> >>> Maybe at least scan all low scoring spam for viruses? >>> >>> gib >>> >>> -------------------------- MailScanner list ---------------------- >>> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>> Before posting, please see the Most Asked Questions at >>> http://www.mailscanner.biz/maq/ and the archives at >>> http://www.jiscmail.ac.uk/lists/mailscanner.html >>> >> >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Thu Jun 3 23:20:24 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:40 2006 Subject: Blank SpamCheck In-Reply-To: References: Message-ID: <35BF3AEA-B5AC-11D8-B018-003065F939FE@ucsc.edu> On Jun 3, 2004, at 2:59 PM, Edward L. Hannaford wrote: > I'm using MailScanner 4.27.7 and SpamAssassin 2.63. Occasionally > spams get > through MailScanner with the following in the header: > > X-PSFInc-MailScanner-Information: Please contact the ISP for more > information > X-PSFInc-MailScanner: Found to be clean > X-PSFInc-MailScanner-SpamCheck: > X-MailScanner-From: elhannaford@psfinc.com > X-MailScanner-To: elhannaford@psfinc.com > > Note that the SpamCheck line is blank after the colon. This entry > confuses > the heck out of me. Normally I get some kind of status on the > SpamCheck > line, even if a timeout triggers. Why would this line be blank after > the colon? > > -Ed > > P.S. While writing this I noticed that the From and To were > identical. I > checked the other failures from today and they have identical From and > To > entries also. Might this be a bug? Or might I have misconfigured > something > somewhere? > Did the from or to match any of your "Spam Check" rules, such that the check isn't being done? That's what the Spam Check line looks like for me if the "Spam Check" rule said "no" for that message. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bayardo.rivas at puntos.org.ni Thu Jun 3 23:50:51 2004 From: bayardo.rivas at puntos.org.ni (Bayardo Rivas) Date: Thu Jan 12 21:25:40 2006 Subject: telnet to smtp port is refused In-Reply-To: Message-ID: <003d01c449bd$3c999040$0300a8c0@BAR> You asked me about the quantity of sendmail.cf files i am using, I supposed to be using only one sendmail.cf And the results for netstat -lnp | grep 25 when Mailscanner is on: # netstat -lnp | grep 25 tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 25610/named tcp 0 0 200.85.166.76:53 0.0.0.0:* LISTEN 25610/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25610/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1555/sendmail: acce udp 0 0 0.0.0.0:3072 0.0.0.0:* 25610/named udp 0 0 192.168.0.1:53 0.0.0.0:* 25610/named udp 0 0 200.85.166.76:53 0.0.0.0:* 25610/named udp 0 0 127.0.0.1:53 0.0.0.0:* 25610/named udp 0 0 :::3073 :::* 25610/named unix 2 [ ACC ] STREAM LISTENING 2588605 1555/sendmail: acce /var/run/sendmail/control # And the results for netstat -lnp | grep 25 when ONLY SENDMAIL is on: # netstat -lnp | grep 25 tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 25610/named tcp 0 0 200.85.166.76:53 0.0.0.0:* LISTEN 25610/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25610/named tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1846/sendmail: acce udp 0 0 0.0.0.0:3072 0.0.0.0:* 25610/named udp 0 0 192.168.0.1:53 0.0.0.0:* 25610/named udp 0 0 200.85.166.76:53 0.0.0.0:* 25610/named udp 0 0 127.0.0.1:53 0.0.0.0:* 25610/named udp 0 0 :::3073 :::* 25610/named # Thanks for your help. Bayardo Rivas. -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Ugo Bellavance Enviado el: Jueves, 03 de Junio de 2004 12:08 p.m. Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: telnet to smtp port is refused Bayardo Rivas wrote: > What I saw is that when I start Mailscannner (and Sendmail) the smtp > port is closed. And when I sart only sendmail smtp port is listening. What is the output of # netstat -lnp | grep 25 When MailScanner is on? Are you using two sendmail.cf files? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 23:41:02 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:40 2006 Subject: {Spa(m)?} [MAILSCANNER] New spam faking whitelisting In-Reply-To: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D81EE@kirk.kringstad.net> Message-ID: <200406032241.i53MfA64001593@nkpanama.com> Me, too! I should seriously consider filtering on headers like "is spam" instead of the {Spa(m)?} thing at the subject - or use something else, like (S) on the subject line. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of subscribe Sent: Thursday, June 03, 2004 3:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: {Spa(m)?} [MAILSCANNER] New spam faking whitelisting Is it just me who are filtering mail on the subject ? Why can't you remove the {Spam?} in subject when replying ? --- Trond -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Casanova, Chase Sent: 3. juni 2004 22:38 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: {Spam?} [MAILSCANNER] New spam faking whitelisting Chris, The Spam Action and High Scoring Spam Action will do just what you want, but only if your Required SpamAssassin Score = 10 Then you just do: Spam Actions = forward postmaster@yourdomain.com High SpamAssassin Score = 100 High Scoring Spam Actions = delete If your Required SpamAssassin Score is not 10 and you want to store the Spam that scored below 10. Then with the standard MailScanner.conf settings you won't be able to drop the Spam with a score over 100. i.e. make you High SpamAssassin Score = 10 Spam Actions = store forward postmaster@yourdomain.com High SpamAssassin Score = 10 High Scoring Spam Actions = forward postmaster@yourdomain.com -Chase -----Original Message----- From: Chris Conn [mailto:cconn@ABACOM.COM] Sent: Thursday, June 03, 2004 10:59 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking whitelisting Casanova, Chase wrote: > Chris, > > Can you not do what you want with the Spam Actions setting in > MailScanner.conf > > Spam Actions = store forward postmaster@yourdomain.com > Hello, Yes, but this is not what I want to do. When using sendmail (I don't know about other MTAs), if you whitelist an email address, all other Cc: or Bcc: addresses will receive the SPAM. What I want to establish is the possibility of not using the whitelist function but rather create a ruleset under the spam actions for high scoring spam, and deliver spam to the postmaster account at scores less than 100 while deleting spam with score of 10 or more for other users, even if they are Cc: or Bcc: on the spam sent to the postmaster. Chris > -Chase > > -----Original Message----- > From: Chris Conn [mailto:cconn@ABACOM.COM] > Sent: Thursday, June 03, 2004 10:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking > whitelisting > > > List Account wrote: > >>I think I found the problem. The problem is one of the addresses, >>jobs@ourdomain.com, is on the whitelist. Is there any to not allow >>the message for everyone just because that one address is whitelisted? >> > > Hello, > > I am also trying to tackle this problem as my whitelist to a > postmaster account is causing Cc: and Bcc: recipients to receive the spam. > > If it cannot be done with the whitelist feature, could it be instead > done by creating a ruleset for the high-score spam action? For > instance, have a high scoring spam of 10 for all but the postmaster > address, set to 100? > > Chris > > >>Thanks, >> >>Howard >> >> >> >>>From: Martin Hepworth >>>Reply-To: MailScanner mailing list >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: {Spam?} [MAILSCANNER] New spam faking whitelisting >>>Date: Thu, 3 Jun 2004 15:04:57 +0100 >>> >>>Hi >>> >>>what does /etc/MailScanner/rules/spam.whitelist.rules look like >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>List Account wrote: >>> >>> >>>>Hello all, >>>> >>>>I am running MailScanner 4.26.8-1 with postfix 2.0.18, SpamAssassin >>>>2.63 and ClamAV 0.70. Starting today, I'm seeing spam messages >>>>comming in saying that they are white listed, but they aren't on my >>>>whitelist in /etc/MailScanner/rules/spam.whitelist.rules. Here are >>>>the message details from MailWatch: >>>> >>>>Received on: 03/06/04 08:40:20 >>>>Received by: mailscanner >>>>Received from: 61.202.42.238 (n042238.ppp.dion.ne.jp) >>>>124.8.92.244 >>>>ID: D0AEE900 >>>>Message Headers: Received: from n042238.ppp.dion.ne.jp >>>>(N042238.ppp.dion.ne.jp [61.202.42.238]) by >>>>mailscanner.ourdomain.com (Postfix) with SMTP id D0AEE900; Thu, 3 >>>>Jun 2004 08:40:04 -0500 (CDT) >>>>Received: from bfzoqwcn-rtfu363.de.twirl.English@canada.com >>>>([124.8.92.244]) >>>>by umxo4989-eku33.61.202.42.238 with Microsoft >>>>SMTPSVC(0.0.8246.1834); Thu, 03 Jun 2004 07:29:06 -0600 >>>>From: "Efren Hyde" >>>>To: user@ourdomain.com >>>>Cc: info@ourdomain.com, user2@ourdomain.com, user3@ourdomain.com, >>>>user4@ourdomain.com, jobs@ourdomain.com, user5@ourdomain.com, >>>>user6@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Date: Thu, 03 Jun 2004 15:26:06 +0200 >>>>Message-ID: <18484457687322.64.53502@eunkzq-db12511.localhost> >>>>MIME-Version: 1.0 >>>>Content-Type: multipart/alternative; boundary="--13344725039681107" >>>>From: twirl.english@canada.com >>>>To: user@ourdomain.com >>>>user@ourdomain.com >>>>user2@ourdomain.com >>>>user2@ourdomain.com >>>>user3@ourdomain.com >>>>user3@ourdomain.com >>>>jobs@ourdomain.com >>>>jobs@ourdomain.com >>>>user4@ourdomain.com >>>>user4@ourdomain.com >>>>user5@ourdomain.com >>>>user5@ourdomain.com >>>>Subject: invest in yourself, get a new job >>>>Size: 2.5Kb >>>>Virus: N >>>>Blocked File: N >>>>Other Infection: N >>>>Report: >>>>Spam: N Action(s): deliver >>>>High Scoring Spam: N >>>>Listed in RBL: N >>>>Whitelisted: Y >>>>Blacklisted: N >>>>SpamAssassin Spam: N >>>>SpamAssassin Score: 0.00\ >>>> >>>>Is anyone else seeing this, and what can I do to stop it? >>>> >>>>Thanks, >>>> >>>>Howard >>>> >>>>_________________________________________________________________ >>>>Getting married? Find great tips, tools and the latest trends at MSN >>>>Life Events. http://lifeevents.msn.com/category.aspx?cid=married >>>> >>>>-------------------------- MailScanner list ---------------------- >>>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>>Before posting, please see the Most Asked Questions at >>>>http://www.mailscanner.biz/maq/ and the archives at >>>>http://www.jiscmail.ac.uk/lists/mailscanner.html >>>> >>> >>>********************************************************************* >>>* >>> >>>This email and any files transmitted with it are confidential and >>>intended solely for the use of the individual or entity to whom they >>>are addressed. If you have received this email in error please notify >>>the system manager. >>> >>>This footnote confirms that this email message has been swept for the >>>presence of computer viruses and is believed to be clean. >>> >>>********************************************************************* >>>* >>> >>>-------------------------- MailScanner list ---------------------- >>>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>>Before posting, please see the Most Asked Questions at >>>http://www.mailscanner.biz/maq/ and the archives at >>>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> >>_________________________________________________________________ >>Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage! >>http://join.msn.click-url.com/go/onm00200362ave/direct/01/ >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 23:42:46 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues In-Reply-To: Message-ID: <200406032243.i53Mgr64001740@nkpanama.com> Then set up a ruleset that includes "if from my ip range and from my domain, don't bounce - otherwise do". And bury the horse, it's gathering flies ;) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alan Sent: Thursday, June 03, 2004 3:18 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam Bounce action issues Look, can we please stop beating the dead horse issue. Yes, those of us that continue to bounce messages, low score or otherwise, know that we are unliked by the masses that never bounce. We're not going to convince you otherwise, nor are you going to convince us. Its a dead issue... It seems everytime a legitimate question related to bounce comes up, an avalanche of "DON'T BOUNCE" replies get posted. Some of us are going to bounce, and flaying the dead horse isn't helpful. I was trying to stay on topic related to those of us who DO bounce, on how to not bounce spam reports to our own customers when the 'From' of a spam is faked. In my situation, I know for a fact that any email coming into my MS that has a 'From' domain of my own domain is faked. I know that because outbound email from my customers, the only ones whom should be using my domain in their address, do not pass through my MS server. Hence, and email saying its from my domain is faked, and I delete it with no bounce. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu Jun 3 23:44:10 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:40 2006 Subject: Virus Vulnerability In-Reply-To: Message-ID: <200406032244.i53MiH64001843@nkpanama.com> It's a non-issue. Look at the archives, the message is mangled in such an obscure way that it doesn't pose a threat - just proves there are holes in the way messages are processed by servers and clients. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Karl Bailey Sent: Thursday, June 03, 2004 4:55 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus Vulnerability Been looking at a site: www.testvirus.org Which will fire a number of tests at a mail account. Among these are: Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability" And Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability" Both of these tests seemed to get through the MailScanner system I am running, one of which got picked up by the mcaffee groupshield solution on an exchange server (number 23). The other (21) wasn't picked up by anything & made it to the mail client... Is this a problem with my config (which I suspect), or is this actually a problem & if so can the hole be plugged? I'm running latest version of Mailscanner, kaspersky AVP, Mcaffee uvscan & f-prot. Regards Karl Bailey Systems Administrator ===================================== This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify Landmark Information Group on +44(0) 1392 441700. For more information about the Landmark Information Group visit www.landmark-information.co.uk This email and any attachments have been scanned for viruses and to the best of our knowledge are clean. ==================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu Jun 3 23:44:37 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:40 2006 Subject: Virus Vulnerability In-Reply-To: References: Message-ID: Karl Bailey wrote: > Been looking at a site: > > www.testvirus.org > > > Which will fire a number of tests at a mail account. Among these are: > > > Test #21: Eicar virus within zip file hidden using the "Long MIME > > Boundary Vulnerability" > > And > > Test #23: Eicar virus within zip file hidden using the "Empty MIME > > Boundary Vulnerability" > > > Both of these tests seemed to get through the MailScanner system I am > > running, one of which got picked up by the mcaffee groupshield solution > > on an exchange server (number 23). The other (21) wasn't picked up by > > anything & made it to the mail client... > > > Is this a problem with my config (which I suspect), or is this actually > > a problem & if so can the hole be plugged? > > > I'm running latest version of Mailscanner, kaspersky AVP, Mcaffee uvscan > > & f-prot. Hi Karl, I suggest you search the archives for testvirus or testvirus.org, since this has been discussed many times in the past. Don't forget that testvirus.org is owned by a company who sells mail security products. > > > Regards > > Karl Bailey > > Systems Administrator > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri Jun 4 00:00:54 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:40 2006 Subject: telnet to smtp port is refused In-Reply-To: <003d01c449bd$3c999040$0300a8c0@BAR> References: <003d01c449bd$3c999040$0300a8c0@BAR> Message-ID: Bayardo Rivas wrote: > You asked me about the quantity of sendmail.cf files i am using, I > supposed to be using only one sendmail.cf > > > And the results for netstat -lnp | grep 25 when Mailscanner is on: > > # netstat -lnp | grep 25 > > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1555/sendmail: acce > And the results for netstat -lnp | grep 25 when ONLY SENDMAIL is on: > > # netstat -lnp | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN 1846/sendmail: acce There is obviously a problem with your config. When running with MailScanner, sendmail only listens on your loopback address 127.0.0.1, while it listens to all interfaces when started as standalone. I don't know exactly where to look, but your sendmail gets an option at MailScanner startup that is different from what you've got as standalone. Maybe examine /etc/init.d/MailScanner and search for "OAddr=" I never worked on suse, so this is really the best I can do. Hope this helps. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bayardo.rivas at puntos.org.ni Fri Jun 4 00:37:20 2004 From: bayardo.rivas at puntos.org.ni (Bayardo Rivas) Date: Thu Jan 12 21:25:40 2006 Subject: telnet to smtp port is refused In-Reply-To: Message-ID: <005501c449c3$b996ba90$0300a8c0@BAR> Thanks a lot Ugo... This really help. If anyone else have a suggestion I will appreciate it. Bayardo -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Ugo Bellavance Enviado el: Jueves, 03 de Junio de 2004 05:01 p.m. Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: telnet to smtp port is refused Bayardo Rivas wrote: > You asked me about the quantity of sendmail.cf files i am using, I > supposed to be using only one sendmail.cf > > > And the results for netstat -lnp | grep 25 when Mailscanner is on: > > # netstat -lnp | grep 25 > > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1555/sendmail: acce > And the results for netstat -lnp | grep 25 when ONLY SENDMAIL is on: > > # netstat -lnp | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN 1846/sendmail: acce There is obviously a problem with your config. When running with MailScanner, sendmail only listens on your loopback address 127.0.0.1, while it listens to all interfaces when started as standalone. I don't know exactly where to look, but your sendmail gets an option at MailScanner startup that is different from what you've got as standalone. Maybe examine /etc/init.d/MailScanner and search for "OAddr=" I never worked on suse, so this is really the best I can do. Hope this helps. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Fri Jun 4 00:39:15 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:25:40 2006 Subject: telnet to smtp port is refused References: <003d01c449bd$3c999040$0300a8c0@BAR> Message-ID: <00cb01c449c3$fc368ba0$6300a8c0@SSILVA2K> Try this command ls -alR /etc |grep sendmail.cf you should see only one sendmail.cf listed ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Thursday, June 03, 2004 4:00 PM Subject: Re: telnet to smtp port is refused Bayardo Rivas wrote: > You asked me about the quantity of sendmail.cf files i am using, I > supposed to be using only one sendmail.cf > > > And the results for netstat -lnp | grep 25 when Mailscanner is on: > > # netstat -lnp | grep 25 > > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1555/sendmail: acce > And the results for netstat -lnp | grep 25 when ONLY SENDMAIL is on: > > # netstat -lnp | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN 1846/sendmail: acce There is obviously a problem with your config. When running with MailScanner, sendmail only listens on your loopback address 127.0.0.1, while it listens to all interfaces when started as standalone. I don't know exactly where to look, but your sendmail gets an option at MailScanner startup that is different from what you've got as standalone. Maybe examine /etc/init.d/MailScanner and search for "OAddr=" I never worked on suse, so this is really the best I can do. Hope this helps. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From elhannaford at PSFINC.COM Fri Jun 4 00:46:14 2004 From: elhannaford at PSFINC.COM (Edward L. Hannaford) Date: Thu Jan 12 21:25:40 2006 Subject: Blank SpamCheck Message-ID: On Thu, 3 Jun 2004 15:20:24 -0700, John Rudd wrote: >Did the from or to match any of your "Spam Check" rules, such that the >check isn't being done? That's what the Spam Check line looks like for >me if the "Spam Check" rule said "no" for that message. > Bingo! Got it! I created this rule deliberately, as we use this server to route email from several internal hosts into our Exchange server. I guess I've got to redo the rule so that this spam won't get through. Maybe a rule based on IP addresses ... hmmm ... Thank you very much for your help! -Ed -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From markee at bandwidthco.com Fri Jun 4 02:40:41 2004 From: markee at bandwidthco.com (Mark E. Donaldson) Date: Thu Jan 12 21:25:40 2006 Subject: telnet to smtp port is refused In-Reply-To: <004301c44995$981a4630$0300a8c0@BAR> Message-ID: <200406040140.i541eaCj011158@server5.bandwidthco.com> It looks like tcpwrappers is blocking your connection. You may need to add an entry to your hosts.allow file to permit smtp connections. The "sendmail rpm binary" in the SUSE Linux distribution is compiled with libwrap, or support for tcpwrappers. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bayardo Rivas Sent: Thursday, June 03, 2004 11:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: telnet to smtp port is refused What I saw is that when I start Mailscannner (and Sendmail) the smtp port is closed. And when I sart only sendmail smtp port is listening. Check this logs... This is when Sendmail is started alone: ============================================ mailserver:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 puntos.org.ni ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6; Thu, 3 Jun 2004 11:49:38 +0600 ^] telnet> quit 221 2.0.0 puntos.org.ni closing connection Connection closed by foreign host. mailserver:~ # telnet mailserver.puntos.org.ni 25 Trying 200.85.166.76... Connected to mailserver.puntos.org.ni. Escape character is '^]'. 220 puntos.org.ni ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6; Thu, 3 Jun 2004 11:49:56 +0600 ^] telnet> quit 221 2.0.0 puntos.org.ni closing connection Connection closed by foreign host. As you can see... Everything is Ok. But when I start Mailsecanner: ======================================================================== mailserver:~ # rcMailScanner start Initializing incoming sendmail done Initializing outgoing sendmail done Initializing MailScanner mailserver:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 puntos.org.ni ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6; Thu, 3 Jun 2004 1 1:50:26 +0600 ^] telnet> quit 221 2.0.0 puntos.org.ni closing connection Connection closed by foreign host. mailserver:~ # telnet mailserver.puntos.org.ni 25 Trying 200.85.166.76... telnet: connect to address 200.85.166.76: Connection refused Trying 192.168.0.1... telnet: connect to address 192.168.0.1: Connection refused ======================================== Thanks for any help. Bayardo -----Mensaje original----- De: Luciano Giacchetta [mailto:lucianog@keko.com.ar] Enviado el: Jueves, 03 de Junio de 2004 06:49 a.m. Para: bayardo.rivas@puntos.org.ni Asunto: Re: telnet to smtp port is refused You check if the port is open inbound and outbound ? You can telnet smtp port by localhost ? Are you sure that sendmail works ok ? I never saw any problem with MS and Ports.... Luciano Quoting Bayardo Rivas : > Hello, > > I have just installed Mailscanner and ClamAV. I use Suse 8.1 as > mailserver. When I start the Mailscanner daemon it starts Sendmail > without problems, but when I try to telnet to port 25/smtp i receive a > "conection refused" message. I note that when I start sendmail alone, > smtp port is open and working ok, but when sendmail start with > Mailscanner smtp port is like closed. > > Thanks for your help. > > Bayardo > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ------------------------------------------------- ?Todav?a no naveg?s con Keko? Hac? click aqu?: http://www.keko.com.ar -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at bandwidthco.com is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at bandwidthco.com is for your absolute protection. ######################################################## -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jose at TREELOGIC.COM Fri Jun 4 08:05:31 2004 From: jose at TREELOGIC.COM (=?iso-8859-1?Q?Jos=E9_Angel_Blanco?=) Date: Thu Jan 12 21:25:40 2006 Subject: Enable all file attachments References: Message-ID: <068601c44a02$531ce890$1901a8c0@redes1> Ok, I see. But is possible that MailScanner does not check any file type? How? Thank you ----- Original Message ----- From: "Jan-Peter Koopmann" To: Sent: Thursday, June 03, 2004 12:09 PM Subject: Re: Enable all file attachments > On Thursday, June 03, 2004 12:01 PM Jos? Angel Blanco wrote: > > > I want that MailScanner don?t block any file attachment by file type. > > I mean if I send an exe without virus or a Html file without > > malicious scripts the MailScanner don?t block it > > Look at the filename.rules.conf and filetype.rules.conf files. > > Regards, > JP > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 4 08:19:32 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues Message-ID: On Thursday, June 03, 2004 10:18 PM Alan wrote: > Look, can we please stop beating the dead horse issue. Yes, > those of us that continue to bounce messages, low score or > otherwise, know that we are unliked by the masses that never > bounce. We're not going to convince you otherwise, nor are > you going to convince us. Its a dead issue... So that means we can start answering questions like this with a simple "search the archives" again? No problem. :-) There are several reasons why this horse gets beaten over and over again: - For most of us it is simply wrong (not to say stupid in most circumstances) to bounce spam. - Most people who are bouncing spam do not understand the implications. Many do not even seem to know that senders are faked or that this is actively used as a joe job attack. Therefore everytime such a person simply writes a "how do I bounce spam"-like question, we feel obliged to "answer" and tell him/her all the implications. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 4 08:22:36 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:40 2006 Subject: {Spa(m)?} [MAILSCANNER] New spam faking whitelisting Message-ID: On Friday, June 04, 2004 12:41 AM Alex Neuman wrote: > > Me, too! > > > I should seriously consider filtering on headers like "is > spam" instead of the {Spa(m)?} thing at the subject - or use > something else, like (S) on the subject line. You should get rid of the subject change alltogether. Just my point of view. But if you feed messages with changed subject to SpamAssassin it is not as effective. BTW: Was there any real reason for the full-quote? Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 4 08:27:45 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:40 2006 Subject: Enable all file attachments Message-ID: On Friday, June 04, 2004 9:06 AM Jos? Angel Blanco wrote: > Ok, I see. But is possible that MailScanner does not check > any file type? > How? The simples solution coming to mind would be a very small filename.rules.conf which allows everything. But honestly: Why would you want such a thing? Even if you allow EXE etc. attachments in your corporation there are several checks in filename.rules.conf that really make sense for all installations. There is no sense in accepting mails with many whitespaces in subjects etc. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jose at TREELOGIC.COM Fri Jun 4 08:41:30 2004 From: jose at TREELOGIC.COM (=?iso-8859-1?Q?Jos=E9_Angel_Blanco?=) Date: Thu Jan 12 21:25:40 2006 Subject: Enable all file attachments References: Message-ID: <06a801c44a07$5a25a6e0$1901a8c0@redes1> I am having problem receiving and sending HTML scripts. We work in a software development enterprise and continously we are sending HTML scripts in mails. How can I enable HTML scripts in mails? ----- Original Message ----- From: "Jan-Peter Koopmann" To: Sent: Friday, June 04, 2004 9:27 AM Subject: Re: Enable all file attachments > On Friday, June 04, 2004 9:06 AM Jos? Angel Blanco wrote: > > > Ok, I see. But is possible that MailScanner does not check > > any file type? > > How? > > The simples solution coming to mind would be a very small filename.rules.conf which allows everything. But honestly: Why would you want such a thing? Even if you allow EXE etc. attachments in your corporation there are several checks in filename.rules.conf that really make sense for all installations. There is no sense in accepting mails with many whitespaces in subjects etc. > > > Regards, > JP > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From b.passante at ACTINUX.COM Fri Jun 4 09:02:49 2004 From: b.passante at ACTINUX.COM (Brian PASSANTE) Date: Thu Jan 12 21:25:40 2006 Subject: Bad RFC822 field name '' Message-ID: <40C02CA9.4010704@actinux.com> Hi, >I don't have the will to read (again) rfc822 or 2822, but, even when >-: >may be legal, the offending header lines must be: >[ > > Priority: Normal ] > >That is definitively rfc822 NON-compliant. I know that "-:" is rfc822 compliant but the perl lib Mail::Header is not agree with that :) I tested parsing a email with the perl lib with the "-:" header and it return the same rfc822 error. I find the origin a the error but I am unable to correct it. In the Header.pm of the Mailtools libs, the function : sub _tag_case { my $tag = shift; $tag =~ s/\:$//; join('-', map { /^[b-df-hj-np-tv-z]+$|^(?:MIME|SWE|SOAP|LDAP)$/i ? uc($_) : ucfirst(lc($_)) } split('-', $tag)); } When parsing, "-:" headers, it return "", and after when a check is done by : croak( "Bad RFC822 field name '$tag'\n") unless(defined $ctag && $ctag =~ /\A($FIELD_NAME|From )/oi); the error appear because nothing is not rfc compliant. About a tips: just comment the 210 & 211 ligne of the Header.pm : croak( "Bad RFC822 field name '$tag'\n") unless(defined $ctag && $ctag =~ /\A($FIELD_NAME|From )/oi); It is not so really bad, because, if Qmail receive a buggy headers mail, it refuses it so we don't have to really check the rfc. I test it by injecting all my buggy mail, and everything is working fine. Have a nice day -- Brian PASSANTE, Tomao groupe KPF -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 08:57:29 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:40 2006 Subject: Enable all file attachments In-Reply-To: <06a801c44a07$5a25a6e0$1901a8c0@redes1> References: <06a801c44a07$5a25a6e0$1901a8c0@redes1> Message-ID: <6.1.1.1.2.20040604085652.122ddec0@imap.ecs.soton.ac.uk> Make sure they are in attachments, not in the main message body. The HTML content checks do not apply to attachments. At 08:41 04/06/2004, you wrote: >I am having problem receiving and sending HTML scripts. We work in a >software development enterprise and continously we are sending HTML scripts >in mails. How can I enable HTML scripts in mails? >----- Original Message ----- >From: "Jan-Peter Koopmann" >To: >Sent: Friday, June 04, 2004 9:27 AM >Subject: Re: Enable all file attachments > > > > On Friday, June 04, 2004 9:06 AM Jos? Angel Blanco wrote: > > > > > Ok, I see. But is possible that MailScanner does not check > > > any file type? > > > How? > > > > The simples solution coming to mind would be a very small >filename.rules.conf which allows everything. But honestly: Why would you >want such a thing? Even if you allow EXE etc. attachments in your >corporation there are several checks in filename.rules.conf that really make >sense for all installations. There is no sense in accepting mails with many >whitespaces in subjects etc. > > > > > > Regards, > > JP > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Stefan.Benediktsson at ADDPRO.SE Fri Jun 4 09:08:13 2004 From: Stefan.Benediktsson at ADDPRO.SE (Stefan Benediktsson) Date: Thu Jan 12 21:25:40 2006 Subject: SV: mysql insert issue with FC2 Message-ID: <8567ADC293046244BD4A41BDF8A9BA242EE7DC@ap02.addpro.local> Hi Kevin, I havn't used the SQLRealTimeLoggin.pm before, but I have just been setting up MailWatch (http://mailwatch.sourceforge.net) which probably is doing about the same thing (i.e. logging to mysql + generating statistics via apache/php). I had a heck of a time getting the database connection to work until I found out that there was some compatibility issues with DBD::mysql 2.9003-4... I think you are banging your head against the same problem here. Downgrade to DBD::mysql 2.1028 and I think you will be back on the track again... Let me know if this solves your problem... brgds, /Stefan -----Ursprungligt meddelande----- Fr?n: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] F?r Shortt, Kevin Skickat: den 3 juni 2004 22:39 Till: MAILSCANNER@JISCMAIL.AC.UK ?mne: mysql insert issue with FC2 Hi everyone, MailScanner is working, but I am setting up Real Time SQL Logging using the "Always Looked Up Last = &SQLRealTimeLogging". I have "SQLRealTimeLogging.pm" placed into CustomFunctions directory. I am unable to insert into mysql. See my .pm and log entry at the bottom of this message. I have marked "IT DIES HERE" where the death occurs. This is what I have. All packages are installed as RPM's. OS: Fedora Core 2 MS: mailscanner-4.30.3-2 PERL: perl-DBI-1.40-4 perl-DBD-MySQL-2.9003-4 DB: mysql-3.23.58-9 mysql-server-3.23.58-9 I can insert with a test script, but not through my custom.pm. If I create a test.pl script that inserts and place it into CustomFunctions, then that script will work. I have tried everything. I've changed the database it only include one table and one field. I changed from using execute to using do. It just will not insert into that database. I have scanned this mailling list and DBI's lists. If anyone has had this problem before, please let me know. Thanks.. -k ---- my custom.pm (SQLRealTimeLogging.pm) - this is placed into CustomFunctions directory. package MailScanner::CustomConfig; use DBI; use strict 'vars'; use strict 'refs'; no strict 'subs'; # Allow bare words for parameter %'s my $database = "mailscanner"; my $dbuser = "mailscanner"; my $dbpass = "!mailscanner32!"; my $mysqlsocket = "/db/mysql/mysql.sock"; my $dbhandle; my $sthMail; my $sthReport; my $sthRecipient; sub InitSQLRealTimeLogging { MailScanner::Log::InfoLog("Initialising SQL Real Time Logging "); $dbhandle = DBI->connect("DBI:mysql:$database:localhost;mysql_socket=$mysqlsocket;", "$dbuser", $dbpass, {'RaiseError' => 1, 'PrintError' => 1}) or MailScanner::Log::DieLog("Cannot connect to the database: %s", $DBI::errstr); # $dbhandle->trace(1,"/tmp/mysql.trace2"); $sthMail = $dbhandle->prepare("INSERT INTO maillog_mail (time, msg_id, size, from_user, from_domain, subject, clientip, archives, isspam, ishighspam, sascore, spamreport) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)") or die(" Prepare did not work: %s", $DBI::errstr); $sthReport = $dbhandle->prepare("INSERT INTO maillog_report (msg_id, filename, filereport) VALUES (?,?,?)"); $sthRecipient = $dbhandle->prepare("INSERT INTO maillog_recipient (msg_id, to_user, to_domain) VALUES (?,?,?)"); } sub SQLRealTimeLogging { use DBI; my($message) = @_; my $id = $message->{id}; my $size = $message->{size}; my $from = $message->{from}; my ($from_user, $from_domain); # split the from address into user and domain bits. # This may be unnecessary for you; we use it to more easily determine # inbound vs outbound email in a multi-domain environment. # HINT: refine queries using SQL 'join' with a table containing local # domains. ($from_user, $from_domain) = split /\@/, $from; my @to = @{$message->{to}}; my $subject = $message->{subject}; my $clientip = $message->{clientip}; my $archives = join(',', @{$message->{archiveplaces}}); my $isspam = $message->{isspam}; my $ishighspam = $message->{ishigh}; my $sascore = $message->{sascore}; my $spamreport = $message->{spamreport}; # Get rid of control chars and tidy-up SpamAssassin report $spamreport =~ s/\n/ /g; $spamreport =~ s/\t//g; # Get timestamp, and format it so it is suitable to use with MySQL my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(); my($timestamp) = sprintf("%d-%02d-%02d %02d:%02d:%02d",$year+1900,$mon+1,$mday,$hour,$min,$sec); # maillog_mail insert my @fields=($timestamp, $id, $size, $from_user, $from_domain, $subject, $clientip, $archives, $isspam, $ishighspam, $sascore, $spamreport); map { s/\'/\\'/g } @fields; map { ($_ eq '')?'NULL':"$_" } @fields; # Debug statements added for verifying date is populating fields array. MailScanner::Log::InfoLog("=========================\nfields array - \n0:[$fields[0]] 1:[$fields[1]] \n2:[$fields[2]] 3:[$fields[3]] \n"); MailScanner::Log::InfoLog("4:[$fields[4]] 5:[$fields[5]] \n6:[$fields[6]] 7:[$fields[7]] \n"); MailScanner::Log::InfoLog("8:[$fields[8]] 9:[$fields[9]] \n10:[$fields[10]] 11:[$fields[11]] \n====================\n"); # Insert @fields into a database table $sthMail->execute($timestamp, $id, $size, $from_user, $from_domain, $subject, $clientip, $archives, $isspam, $ishighspam, $sascore, "$spamreport") or MailScanner::Log::DieLog("Cannot insert into maillog_mail: %s", $DBI::errstr); # IT DIES HERE on the above execute statement. my($file, $text); while(($file, $text) = each %{$message->{allreports}}) { $file = "the entire message" if $file eq ""; # Use the sanitised filename to avoid problems caused by people forcing # logging of attachment filenames which contain nasty SQL instructions. $file = $message->{file2safefile}{$file} or $file; $text =~ s/\n/ /; # Make sure text report only contains 1 line $text =~ s/\t/ /; # and no tab characters my @fields = ($id, $file, $text); map { s/\'/\\'/g } @fields; $sthReport->execute($fields[0],$fields[1],$fields[2]) or MailScanner::Log::DieLog("Cannot insert row into maillog_report: [$DBI::errstr]"); } for (@to) { # again, split the recipient's email into user and domain halves first. # see comment above about splitting the email like this. my ($to_user, $to_domain); ($to_user, $to_domain) = split /\@/, $_; my @fields = ($id, $to_user, $to_domain); map { s/\'/\\'/g } @fields; $sthRecipient->execute($fields[0],$fields[1],$fields[2]) or MailScanner::Log::DieLog("Cannot insert row into maillog_recipient: [%s]", $DBI::errstr); } } sub EndSQLRealTimeLogging { MailScanner::Log::InfoLog("Ending SQL Real-Time Logging"); # Close database connection $dbhandle->disconnect(); } 1; ---- end custom.pm ----one entry of one message Jun 3 16:28:03 hostname MailScanner[12208]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... Jun 3 16:28:03 hostname MailScanner[12208]: Config: calling custom init function SQLRealTimeLogging Jun 3 16:28:03 hostname MailScanner[12208]: Initialising SQL Real Time Logging Jun 3 16:28:03 hostname MailScanner[12208]: Config: calling custom init function MultipleQueueDir Jun 3 16:28:03 hostname MailScanner[12208]: Using locktype = flock Jun 3 16:28:04 hostname MailScanner[12208]: New Batch: Forwarding 1 unscanned messages, 6679 bytes Jun 3 16:28:04 hostname MailScanner[12208]: MCP Checks completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Spam Checks: Found 1 spam messages Jun 3 16:28:04 hostname MailScanner[12208]: Spam Checks completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Unscanned: Delivered 1 messages Jun 3 16:28:04 hostname MailScanner[12208]: Virus and Content Scanning: Starting Jun 3 16:28:04 hostname MailScanner[12208]: Virus Scanning completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Virus Processing completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Disinfection completed at 6679 bytes per second Jun 3 16:28:04 hostname MailScanner[12208]: Batch completed at 6679 bytes per second (6679 / 0) Jun 3 16:28:04 hostname MailScanner[12208]: ========================= Jun 3 16:28:04 hostname MailScanner[12208]: fields array - Jun 3 16:28:04 hostname MailScanner[12208]: 0:[2004-06-03 16:28:04] 1:[i53KRoO7012126] Jun 3 16:28:04 hostname MailScanner[12208]: 2:[6679] 3:[fakeuser] Jun 3 16:28:04 hostname MailScanner[12208]: 4:[fakedomain.com] 5:[Don, Extend Your Auto Warranty, Extend Your Peace of Mind.] Jun 3 16:28:04 hostname MailScanner[12208]: 6:[192.168.0.1] 7:[] Jun 3 16:28:04 hostname MailScanner[12208]: 8:[1] 9:[0] Jun 3 16:28:04 hostname MailScanner[12208]: 10:[8.528] 11:[spam, SBL+XBL, SpamAssassin (score=8.528, required 6, BAYES_90 2.10, BUY_DIRECT 1.82, HTML_50_60 0.10, HTML_MESSAGE 0.10, HTML_WEB_BUGS 0.34, NO_OBLIGATION 1.46, RCVD_IN_BL_SPAMCOP_NET 1.50, RCVD_IN_SBL 1.11)] Jun 3 16:28:04 hostname MailScanner[12208]: ==================== Jun 3 16:28:04 hostname MailScanner[12208]: Cannot insert into maillog_mail: -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 4 10:02:16 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:40 2006 Subject: Enable all file attachments Message-ID: On Friday, June 04, 2004 9:41 AM Jos? Angel Blanco wrote: > I am having problem receiving and sending HTML scripts. We > work in a software development enterprise and continously we > are sending HTML scripts in mails. How can I enable HTML > scripts in mails? If I understand your problem correctly this has nothing to do with attachments. Special tags like forms, scripts, iframes etc. are checked in HTML mails depending on your settings in MailScanner.conf. I _strongly_ suggest you start reading the _entire_ MailScanner.conf and try to understand all the options. You will then find options like Allow Script Tags that might help you. The config file is exceptionally well documented by Julian. PLEASE read it first! Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Fri Jun 4 14:54:07 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6ED0@dalsxc01.geniant.net> > So, considering that my domain is 'elknet.net', my > 'spam.nobounce.rules' > file looks like this: > > From: *@elknet.net delete > FromorTo: default delete bounce > > That takes care of the problem for me! > > -Alan Alan, Where do I find this config? Or can I just add the 'From: ourdomain delete' to the spam.actions.rules file? Thanks, Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From m at WHERES.CO.UK Fri Jun 4 15:09:21 2004 From: m at WHERES.CO.UK (Matthew Baker) Date: Thu Jan 12 21:25:40 2006 Subject: IPBlock question Message-ID: <40C08291.7090709@wheres.co.uk> Hi All, I have set up the module so entries are being added to the access.db. This works fine. However the Cronjob perl script copied off the end of CustomConfig.pm which runs hourly does not seem to remove old entries properly. What happens is that if I run strings /etc/mail/access.db I get the entries for hostnames and IPs added. Then if I run the IPBlock cleaner and run the strings command again it will sometimes not remove the entry from the access.db and sometimes remove part of the string. E.g. will remove the last segment up to the last '.' of an IP or hostname. It does however seem to remove them from the IPBlock.db file and log that lines were removed from the access file. Obvious things I have tried are: 1. Making sure the $Refusal line matches in the CustomConfig.pm and the cron script. 2. I have reduced the $OneHour to 1 so it should in theory remove entries one second old (just for testing but I have waited an hour and tested too). 3. I have rewritten the $Refusal so there are no special chars (:// in a URL was taken out). 4. Ran a separate file to the main access.db for testing. I'm running: Fedora Core 1 MailScanner 4.31.6-1 rpm sendmail-8.12.11 (built from src not rpm) perl 5.8.3-16 rpm Incidentally it was doing this in 4.29-7 before I upgraded earlier today. Thanks in advance. Matt -- [root@mail-gw mail]# strings IPBaccess.db "550 Site blocked by MailScanner due to excessive email see www.sovision.com" 194.105.69.87 "550 Site blocked by MailScanner due to excessive email see www.sovision.com" barney.gwork.org [root@mail-gw mail]# /usr/local/sbin/IPB IPBedit.pl IPBlock-clean.pl [root@mail-gw mail]# /usr/local/sbin/IPBlock-clean.pl [root@mail-gw mail]# Jun 4 14:41:29 mail-gw IPBlock[2551]: Deleted 2 entries from sendmail access database [root@mail-gw mail]# strings IPBaccess.db "550 Site blocked by MailScanner due to excessive email see www.sovision.com" 194.105.69.87 "550 Site blocked by MailScanner due to excessive email see www.sovision.com" barney.gwork.org -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Fri Jun 4 15:11:02 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Corpus size and false positives? Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6EDA@dalsxc01.geniant.net> Hi, Here is the size of my spam/ham corpuses: bayes corpus size: nspam = 15538, nham = 9517 I had my bayes threshold seeting to 7, which may have been a bit low, and I'm seeing some false positives. I've now raised the auto-learn threshold to 12. Is there anything else I can do correct the bayes analysis and get it not to tagged so much at 99%? Or is feeding ham the only way. This is hard for me to do, as another guy and myself are the only ones that really feed it. I've thought of rebuilding the databases but with a higher auto-learn threshold, but this would allow in a flood of spam, right? Thanks, Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040604/f080bdf7/attachment.html From mkipness at GENIANT.COM Fri Jun 4 15:34:00 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6EE2@dalsxc01.geniant.net> > So that means we can start answering questions like this with > a simple "search the archives" again? No problem. :-) > > There are several reasons why this horse gets beaten over and > over again: > > - For most of us it is simply wrong (not to say stupid in > most circumstances) to bounce spam. > > - Most people who are bouncing spam do not understand the > implications. Many do not even seem to know that senders are > faked or that this is actively used as a joe job attack. > > > Therefore everytime such a person simply writes a "how do I > bounce spam"-like question, we feel obliged to "answer" and > tell him/her all the implications. I for one understand the implications. The problem is I CANNOT allow critical messages to possibly disappear in a black hole. I'm not sure if there is a 100% accurate way of assuring no false-positives, but I'm not there yet. I guess maybe it depends on what type of business you are handling. I have a financial brokerage firm that won't tolerate it. I get many emails back from companies that state that their newsletter, etc, was requested by a particular user, and can we please white list them. I check with the user, and they say, "Yes, we want to get it", so I white list them. Thanks to some suggestions by Alan, I think. I'm now using the high scoring setting to just delete and not bounce at 20+ I'm guessing (hoping) there will be no false positives above that. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Fri Jun 4 15:40:38 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0023707AC@pascal.priv.bmrb.co.uk> Max Kipness wrote: > > I for one understand the implications. The problem is I CANNOT allow > critical messages to possibly disappear in a black hole. I'm not sure > if there is a 100% accurate way of assuring no false-positives, but > I'm not there yet. I guess maybe it depends on what type of business > you are handling. I have a financial brokerage firm that won't > tolerate it. Although we don't work in that sector we answered similar concerns from users by using the attachment action and delivering anything, its then up to users to filter in their mail client (which we give guidance about how to do). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Fri Jun 4 15:45:08 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues In-Reply-To: <399D85F2BB50BC4295F78EAE203D5C226B6EE2@dalsxc01.geniant.net> Message-ID: <200406041445.i54EjE64026164@nkpanama.com> Store them in a quarantine for a month and peruse the list once or twice a day. I've got it set up like that at some of my clients' servers. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness Sent: Friday, June 04, 2004 9:34 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam Bounce action issues > So that means we can start answering questions like this with > a simple "search the archives" again? No problem. :-) > > There are several reasons why this horse gets beaten over and > over again: > > - For most of us it is simply wrong (not to say stupid in > most circumstances) to bounce spam. > > - Most people who are bouncing spam do not understand the > implications. Many do not even seem to know that senders are > faked or that this is actively used as a joe job attack. > > > Therefore everytime such a person simply writes a "how do I > bounce spam"-like question, we feel obliged to "answer" and > tell him/her all the implications. I for one understand the implications. The problem is I CANNOT allow critical messages to possibly disappear in a black hole. I'm not sure if there is a 100% accurate way of assuring no false-positives, but I'm not there yet. I guess maybe it depends on what type of business you are handling. I have a financial brokerage firm that won't tolerate it. I get many emails back from companies that state that their newsletter, etc, was requested by a particular user, and can we please white list them. I check with the user, and they say, "Yes, we want to get it", so I white list them. Thanks to some suggestions by Alan, I think. I'm now using the high scoring setting to just delete and not bounce at 20+ I'm guessing (hoping) there will be no false positives above that. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Fri Jun 4 16:08:23 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:40 2006 Subject: Thoughts on new Bayes idea Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6EEE@dalsxc01.geniant.net> I've been pondering this idea for a while, but wanted some opinions on how feasible it would be...and the load it would cause. I currently have all users that receive spam that bypassed MailScanner, simply forward the email to spam@ourdomain.com. The email then got blacklisted and there was an option to put 'domain' in the subject header to black list the entire domain. This worked well, but the black list got up to around 1600 emails/domains and I started to get many SA time outs. This was before implementing Bayes which is working great, if not too good with false positives, but that's another story. My idea is to basically archive every email that enters the system (through MS) for a period of a day or so. I've got a script that deletes all emails older than a time specified from an mbox file. Then using my script from above, have users forward the email to spam@ourdomain.com, have a new script fetch that email out of the archive and feed it to Bayes. Any thoughts on this? Is it ridiculous? Most of my users are on various Exchange servers, and there really is no easy way to get the email fed into bayes. I know you can do a public folder, but then you have to train each user how to get it there, and they have to open the public folder tree, etc. Using IMAP is even more administration. I've found that simply forwarding the email somewhere is very easy for them. Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040604/026daef0/attachment.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 16:06:38 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:40 2006 Subject: IPBlock question In-Reply-To: <40C08291.7090709@wheres.co.uk> References: <40C08291.7090709@wheres.co.uk> Message-ID: <6.1.1.1.2.20040604160611.05f85568@imap.ecs.soton.ac.uk> Strings is not a reliable way to read the contents of a DB file. At 15:09 04/06/2004, you wrote: >Hi All, > > I have set up the module so entries are being added to the access.db. >This works fine. However the Cronjob perl script copied off the end of >CustomConfig.pm which runs hourly does not seem to remove old entries >properly. > >What happens is that if I run strings /etc/mail/access.db I get the >entries for hostnames and IPs added. Then if I run the IPBlock cleaner >and run the strings command again it will sometimes not remove the entry >from the access.db and sometimes remove part of the string. E.g. will >remove the last segment up to the last '.' of an IP or hostname. It does >however seem to remove them from the IPBlock.db file and log that lines >were removed from the access file. > >Obvious things I have tried are: > 1. Making sure the $Refusal line matches in the CustomConfig.pm > and the >cron script. > 2. I have reduced the $OneHour to 1 so it should in theory remove >entries one second old (just for testing but I have waited an hour and >tested too). > 3. I have rewritten the $Refusal so there are no special chars (:// in >a URL was taken out). > 4. Ran a separate file to the main access.db for testing. > >I'm running: > Fedora Core 1 > MailScanner 4.31.6-1 rpm > sendmail-8.12.11 (built from src not rpm) > perl 5.8.3-16 rpm > >Incidentally it was doing this in 4.29-7 before I upgraded earlier today. > >Thanks in advance. > >Matt >-- > >[root@mail-gw mail]# strings IPBaccess.db >"550 Site blocked by MailScanner due to excessive email see >www.sovision.com" >194.105.69.87 >"550 Site blocked by MailScanner due to excessive email see >www.sovision.com" >barney.gwork.org >[root@mail-gw mail]# /usr/local/sbin/IPB >IPBedit.pl IPBlock-clean.pl >[root@mail-gw mail]# /usr/local/sbin/IPBlock-clean.pl >[root@mail-gw mail]# Jun 4 14:41:29 mail-gw IPBlock[2551]: Deleted 2 >entries from sendmail access database > >[root@mail-gw mail]# strings IPBaccess.db >"550 Site blocked by MailScanner due to excessive email see >www.sovision.com" >194.105.69.87 >"550 Site blocked by MailScanner due to excessive email see >www.sovision.com" >barney.gwork.org > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Fri Jun 4 16:17:36 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:40 2006 Subject: IPBlock question In-Reply-To: <6.1.1.1.2.20040604160611.05f85568@imap.ecs.soton.ac.uk> References: <40C08291.7090709@wheres.co.uk> <6.1.1.1.2.20040604160611.05f85568@imap.ecs.soton.ac.uk> Message-ID: Hi, Try the attached perl script for analysis of the contents of your IPBlock list. Jeff Earickson Colby College On Fri, 4 Jun 2004, Julian Field wrote: > Date: Fri, 4 Jun 2004 16:06:38 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: IPBlock question > > Strings is not a reliable way to read the contents of a DB file. > > At 15:09 04/06/2004, you wrote: > >Hi All, > > > > I have set up the module so entries are being added to the access.db. > >This works fine. However the Cronjob perl script copied off the end of > >CustomConfig.pm which runs hourly does not seem to remove old entries > >properly. > > > >What happens is that if I run strings /etc/mail/access.db I get the > >entries for hostnames and IPs added. Then if I run the IPBlock cleaner > >and run the strings command again it will sometimes not remove the entry > >from the access.db and sometimes remove part of the string. E.g. will > >remove the last segment up to the last '.' of an IP or hostname. It does > >however seem to remove them from the IPBlock.db file and log that lines > >were removed from the access file. > > > >Obvious things I have tried are: > > 1. Making sure the $Refusal line matches in the CustomConfig.pm > > and the > >cron script. > > 2. I have reduced the $OneHour to 1 so it should in theory remove > >entries one second old (just for testing but I have waited an hour and > >tested too). > > 3. I have rewritten the $Refusal so there are no special chars (:// in > >a URL was taken out). > > 4. Ran a separate file to the main access.db for testing. > > > >I'm running: > > Fedora Core 1 > > MailScanner 4.31.6-1 rpm > > sendmail-8.12.11 (built from src not rpm) > > perl 5.8.3-16 rpm > > > >Incidentally it was doing this in 4.29-7 before I upgraded earlier today. > > > >Thanks in advance. > > > >Matt > >-- > > > >[root@mail-gw mail]# strings IPBaccess.db > >"550 Site blocked by MailScanner due to excessive email see > >www.sovision.com" > >194.105.69.87 > >"550 Site blocked by MailScanner due to excessive email see > >www.sovision.com" > >barney.gwork.org > >[root@mail-gw mail]# /usr/local/sbin/IPB > >IPBedit.pl IPBlock-clean.pl > >[root@mail-gw mail]# /usr/local/sbin/IPBlock-clean.pl > >[root@mail-gw mail]# Jun 4 14:41:29 mail-gw IPBlock[2551]: Deleted 2 > >entries from sendmail access database > > > >[root@mail-gw mail]# strings IPBaccess.db > >"550 Site blocked by MailScanner due to excessive email see > >www.sovision.com" > >194.105.69.87 > >"550 Site blocked by MailScanner due to excessive email see > >www.sovision.com" > >barney.gwork.org > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- #!/usr/bin/perl -I/usr/lib/MailScanner # # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # Jules@JulianField.net # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # United Kingdom # use Net::CIDR; use FileHandle; use Fcntl qw(:DEFAULT :flock); use Getopt::Std; BEGIN { @AnyDBM_File::ISA = qw(DB_File GDBM_File NDBM_File SDBM_File) } use AnyDBM_File; #use strict 'vars'; #use strict 'refs'; #no strict 'subs'; # Allow bare words for parameter %'s #---subroutine prototypes sub sort_criterion(); sub parseargs(); my $OneHour = 3600; # seconds my $WhitelistFile= '/etc/MailScanner/IPBlock.conf'; my $LockFile = '/var/spool/MailScanner/IPBlock.lock'; my $BlockDB = '/var/spool/MailScanner/IPBlock.db'; my $AccessDB = '/etc/mail/db/access.db'; my $Refusal = '"550 Site blocked by MailScanner due to excessive email"'; #---parse command line to get number of lines to print #---default is all lines parseargs(); #---read in the IPBlock.conf file my $LimitsH = new FileHandle; $LimitsH->open($WhitelistFile) or die; $counter = 0; while(<$LimitsH>) { chomp; s/#.*$//; s/^\s*//g; s/\s*$//g; next if /^$/; ($cidr, $limit) = split; $cidr =~ s/\s//g; $limit = 0 unless defined $limit; my @cidrlist = undef; if ($cidr =~ /-/) { # It looks like 152.78.67.0-152.78.69.255 @cidrlist = Net::CIDR::range2cidr($cidr); } elsif ($cidr =~ /\//) { # It looks like 152.78.0.0/16 or 152.78/16 or 152.78/255.255.0.0 my($network, $bits, $count); ($network, $bits) = split(/\//, $cidr); $network =~ s/\.$//; # Delete any trailing dot $count = split(/\./, $network); $network .= '.0' x (4-$count); # Fill out the CIDR for Net::CIDR # 152.78 now looks like 152.78.0.0 if ($bits =~ /\./) { # It's like 152.78.0.0/255.255.0.0 push @cidrlist, Net::CIDR::addrandmask2cidr($network, $bits); } else { # It's like 152.78.0.0/16 push @cidrlist, "$network/$bits"; } } elsif ($cidr =~ /default/i) { # It is the default value used when nothing else matches $DefaultMaxMessagesPerHour = $limit; } else { # Must just be an IP address or look like 152.78 or 152.78. $cidr =~ s/\.$//; # Delete any trailing dot my $count = split(/\./, $cidr); $cidr .= '.0' x (4-$count); push @cidrlist, "$cidr/" . ($count*8); } # Build the map from CIDR to message limit foreach (@cidrlist) { next unless $_; #print STDERR "IPBlock: adding $_\n"; $CIDRtoLimit{$_} = $limit; push @CIDRlist, $_; } $counter++; } close($LimitsH); # # Lock out everything else for the whole of this script # my $LockFileH = new FileHandle; openlock($LockFileH, ">$LockFile"); # # Find all the entries to be deleted from the BlockDB file. # #Bind to BlockDB my(%BlockDB, %AccessDB); tie %BlockDB, "AnyDBM_File", $BlockDB, O_RDWR, 0644 or BailOut("Failed to open $BlockDB, it may not exist yet, $!"); tie %AccessDB, "AnyDBM_File", $AccessDB, O_RDWR, 0644 or BailOut("Failed to open $AccessDB, have you got the path wrong? $!"); # Read and print IPBlock DB my $now = time; my(@ips, $ip, $value, $hostname, $count, $time, $donealready, $flag); my $countrec = 0; my $countdel = 0; my $countblk = 0; print "MailScanner IP Blocking Summary\n"; printf("S %15s: %s %s\n","IP Number","mesgs/limit","Hostname"); print "--------------------------------------------------------------\n"; @ips = sort { sort_criterion() } (keys %BlockDB); foreach $ip (@ips) { ($hostname, $count, $time, $donealready) = split(/,/, $BlockDB{$ip}); # Is it more than an hour old, or has time_t wrapped (happens in year 2036) #print STDERR "Examining record for $ip, $count, $time\n"; $countrec++; $flag = " "; if ($time>$now || $now>=$time+$OneHour) { $flag = "-"; $countdel++; } if ($AccessDB{$ip} eq $Refusal) { $flag = "*"; $countblk++; } #---look for CIDR and print if less than print limit if($countrec <= $opt_n) { #---find the limit per CIDR rule for this IP my($cidrkey, $foundcidr, $foundit, $limit); $foundit = 0; foreach $cidrkey (@CIDRlist) { #print STDERR "Looking for $ip in $cidrkey\n"; if (Net::CIDR::cidrlookup($ip, $cidrkey)) { #print STDERR "Found it\n"; $foundit = 1; $foundcidr = $cidrkey; last; } } # If we didn't find it, use the default value $limit = $foundit ? $CIDRtoLimit{$foundcidr} : $DefaultMaxMessagesPerHour; #print STDERR "Limit of $foundcidr is $limit\n"; $fraction = sprintf("%d/%d",$count,$limit); printf("%1s %15s: %11s %s\n",$flag,$ip,$fraction,$hostname); } } print "--------------------------------------------------------------\n"; printf("%5d DB records in IPBlock database\n",$countrec); printf("%5d DB records scheduled for deletion, next cron job (-)\n",$countdel); printf("%5d DB records listed in sendmail access db file (*)\n",$countblk); # Unlock and close the DB file untie %BlockDB; untie %AccessDB; unlockclose($LockFileH); exit 0; sub openlock { my($fh, $fn) = @_; if (open($fh, $fn)) { flock($fh, LOCK_EX) or die; } else { die "Died opening $fn, $!"; } } sub unlockclose { my($fh) = @_; flock($fh, LOCK_UN); close ($fh); } sub BailOut { warn "@_, $!"; exit 1; } sub parseargs() #---parse the command line arguments { $opt_n = 999999; getopts("n:"); if($#ARGV ne -1) { print "Usage is: $0 [-n number]\n"; print "\t-n is the number of lines to print out\n"; exit 1; } } sub sort_criterion() #---sorts according to message count, biggest to smallest { my($counta, $countb); (undef, $counta, undef, undef) = split /,/, $BlockDB{$a}; (undef, $countb, undef, undef) = split /,/, $BlockDB{$b}; return($countb <=> $counta); } From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 4 16:21:23 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:40 2006 Subject: Thoughts on new Bayes idea Message-ID: On Freitag, 4. Juni 2004 5:08 Max Kipness wrote: > My idea is to basically archive every email that enters the system > (through MS) for a period of a day or so. I've got a script that > deletes all emails older than a time specified from an mbox file. > Then using my script from above, have users forward the email to > spam@ourdomain.com , have a new script > fetch that email out of the archive and feed it to Bayes. I like it. Please share the scripts once you are ready. The only remaining problem would be that archiving mails in this manner might not be allowed by local law. But that is another story... Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 4 16:25:43 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues Message-ID: On Friday, June 04, 2004 4:34 PM Max Kipness wrote: > I for one understand the implications. The problem is I > CANNOT allow critical messages to possibly disappear in a > black hole. I'm not sure if there is a 100% accurate way of > assuring no false-positives, but I'm not there yet. I guess > maybe it depends on what type of business you are handling. I > have a financial brokerage firm that won't tolerate it. Then bouncing is not a solition for you either. Many of those newsletters etc. tend to have an invalid "Mail From" as well. Or the bounce is never read etc. The only way you can surely achieve what you want is to flag spam and deliver everything. The user could then filter spam in local folders (even seperated by low/high spam) browse through it and delete spam en block. There simply is no other way to be absolutely sure! Even though I handle it differently I completely see your point here. BUT: Your point is valid, choosing bounce to solve the problem is not since it does not solve your problem! > Thanks to some suggestions by Alan, I think. I'm now using I think it was mine but hey... Alan and most people here are using the same setup so I would call it "common sense". :-) > (hoping) there will be no false positives above that. There should not be any. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 16:22:57 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:40 2006 Subject: Thoughts on new Bayes idea In-Reply-To: References: Message-ID: <6.1.1.1.2.20040604162155.05daa1c8@imap.ecs.soton.ac.uk> At 16:21 04/06/2004, you wrote: >On Freitag, 4. Juni 2004 5:08 Max Kipness wrote: > > > My idea is to basically archive every email that enters the system > > (through MS) for a period of a day or so. I've got a script that > > deletes all emails older than a time specified from an mbox file. > > Then using my script from above, have users forward the email to > > spam@ourdomain.com , have a new script > > fetch that email out of the archive and feed it to Bayes. > >I like it. Please share the scripts once you are ready. The only >remaining problem would be that archiving mails in this manner might not >be allowed by local law. But that is another story... When Outlook forwards a message, what happens to the Message-ID? If it screws that, you may have trouble finding a unique key for the messsage, with the result that you can't find it in your archive. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 16:26:20 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues In-Reply-To: References: Message-ID: <6.1.1.1.2.20040604162449.089be358@imap.ecs.soton.ac.uk> At 16:25 04/06/2004, you wrote: >On Friday, June 04, 2004 4:34 PM Max Kipness wrote: > > > I for one understand the implications. The problem is I > > CANNOT allow critical messages to possibly disappear in a > > black hole. I'm not sure if there is a 100% accurate way of > > assuring no false-positives, but I'm not there yet. I guess > > maybe it depends on what type of business you are handling. I > > have a financial brokerage firm that won't tolerate it. > >Then bouncing is not a solition for you either. Many of those >newsletters etc. tend to have an invalid "Mail From" as well. Or the >bounce is never read etc. The only way you can surely achieve what you >want is to flag spam and deliver everything. The user could then filter >spam in local folders (even seperated by low/high spam) browse through >it and delete spam en block. There simply is no other way to be >absolutely sure! Even though I handle it differently I completely see >your point here. BUT: Your point is valid, choosing bounce to solve the >problem is not since it does not solve your problem! There is only one person that can decide with 100% certainty whether a message is spam or not: the recipient. By all means tag it, encapsulate it, whatever. But the only 100% safe solution to your situation is to deliver all of it. I would strongly advise you not to do anything else. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cconn at ABACOM.COM Fri Jun 4 16:48:25 2004 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:25:40 2006 Subject: New spam faking whitelisting In-Reply-To: References: Message-ID: <40C099C9.5050209@abacom.com> Hello, I have not found the answer to this question. What would be the format for a ruleset file for the spamscore? You obviously cannot put yes or no. For instance: To: postmaster@domain.com 100 To: someuser@domain.com 50 FromOrTo: default 10 Can this be done? I want to change the following section: # If a message achieves a SpamAssassin score higher than this value, # then the "High Scoring Spam Actions" are used. You may want to use # this to deliver moderate scores, while deleting very high scoring messsages. # This can also be the filename of a ruleset. High SpamAssassin Score = 9 to High SpamAssassin Score = some.ruleset.file Thanks, Chris -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cconn at ABACOM.COM Fri Jun 4 16:33:16 2004 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:25:40 2006 Subject: New spam faking whitelisting In-Reply-To: References: Message-ID: <40C0963C.1010704@abacom.com> Casanova, Chase wrote: > Chris, > > The Spam Action and High Scoring Spam Action will do just what you want, but only if your Required SpamAssassin Score = 10 > > Then you just do: > Spam Actions = forward postmaster@yourdomain.com > > High SpamAssassin Score = 100 > > High Scoring Spam Actions = delete > > If your Required SpamAssassin Score is not 10 and you want to store the Spam that scored below 10. Then with the standard MailScanner.conf settings you won't be able to drop the Spam with a score over 100. > > i.e. make you High SpamAssassin Score = 10 > > Spam Actions = store forward postmaster@yourdomain.com > > High SpamAssassin Score = 10 > > High Scoring Spam Actions = forward postmaster@yourdomain.com > > -Chase Hello, This solution however causes ALL spam to be sent to the postmaster, and this is not what I want. I only want mail sent to postmaster to be received by the postmaster account, even if it is spam, but not any Cc: or Bcc: recipients. The problem is, and this has been discussed many times on this list, when there are Cc: users and you use the whitelist function, everyone on the Cc: list gets the mail even though only one email address is whitelisted. The whitelist function is not therefore useable for this, and I am trying to find an alternate way. Chris -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rzewnickie at RFA.ORG Fri Jun 4 16:56:38 2004 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:25:40 2006 Subject: Thoughts on new Bayes idea In-Reply-To: <6.1.1.1.2.20040604162155.05daa1c8@imap.ecs.soton.ac.uk> References: <6.1.1.1.2.20040604162155.05daa1c8@imap.ecs.soton.ac.uk> Message-ID: <20040604155638.GB25707@rfa.org> NOTE: don't use the attached script! it has problems, I'm just sending to the list to give some ideas to the OP and hopefully get some suggestions for improvement. On Fri, Jun 04, 2004 at 04:22:57PM +0100, Julian Field wrote: > At 16:21 04/06/2004, you wrote: > >On Freitag, 4. Juni 2004 5:08 Max Kipness wrote: > > > >> My idea is to basically archive every email that enters the system > >> (through MS) for a period of a day or so. I've got a script that > >> deletes all emails older than a time specified from an mbox file. > >> Then using my script from above, have users forward the email to > >> spam@ourdomain.com , have a new script > >> fetch that email out of the archive and feed it to Bayes. > > > >I like it. Please share the scripts once you are ready. The only > >remaining problem would be that archiving mails in this manner might not > >be allowed by local law. But that is another story... > > When Outlook forwards a message, what happens to the Message-ID? If it > screws that, you may have trouble finding a unique key for the messsage, > with the result that you can't find it in your archive. I'm doing basically what Max is talking about now. I have a script that pulls the Subject line out of the forwarded mail and uses that to create a procmail recipe for each subject. Then procmail is called via formail to pull matching mails out of the archive. I'll attach it, but, I don't recommend using it as is. It has some problems that I haven't had time to fix. If a reported spam has a blank subject the procmail recipe basically matches everything, which is bad. If there happens to be a spam that has the same subject as some legitimate email the legitimate mail gets pulled out of the archive as well. Spam with the same subject sent to users other than the reporting user also gets pulled (this bit is generally beneficial). Because of those problems, I don't have the script feeding sa-learn automatically. I review the spam mbox the script generates before running sa-learn on it. The script does the same for reported false-positives. Outlook screws up all the headers that it includes in a forwarded message. From: and To: are rewritten with a different syntax. Date: can't be trusted because a lot of spam has a date in the future or the past. Even the Subject: has to be sanitized because Outlook collapses multiple whitespaces to a single space character. Anyway, for what it's worth, here's what I have so far. Hope it's helpful. -Eric Rz. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: shpam-learn.sh Type: application/x-sh Size: 4657 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040604/85e91675/shpam-learn.sh From rzewnickie at RFA.ORG Fri Jun 4 17:01:59 2004 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:25:40 2006 Subject: Thoughts on new Bayes idea In-Reply-To: <20040604155638.GB25707@rfa.org> References: <6.1.1.1.2.20040604162155.05daa1c8@imap.ecs.soton.ac.uk> <20040604155638.GB25707@rfa.org> Message-ID: <20040604160159.GC25707@rfa.org> attached is another script I use for managing the archive. Possibly simpler than expiring from an mbox. Then again, maybe not. This one works, though. -Eric Rz. On Fri, Jun 04, 2004 at 11:56:38AM -0400, Eric Dantan Rzewnicki wrote: > NOTE: don't use the attached script! it has problems, I'm just sending > to the list to give some ideas to the OP and hopefully get some > suggestions for improvement. > > On Fri, Jun 04, 2004 at 04:22:57PM +0100, Julian Field wrote: > > At 16:21 04/06/2004, you wrote: > > >On Freitag, 4. Juni 2004 5:08 Max Kipness wrote: > > > > > >> My idea is to basically archive every email that enters the system > > >> (through MS) for a period of a day or so. I've got a script that > > >> deletes all emails older than a time specified from an mbox file. > > >> Then using my script from above, have users forward the email to > > >> spam@ourdomain.com , have a new script > > >> fetch that email out of the archive and feed it to Bayes. > > > > > >I like it. Please share the scripts once you are ready. The only > > >remaining problem would be that archiving mails in this manner might not > > >be allowed by local law. But that is another story... > > > > When Outlook forwards a message, what happens to the Message-ID? If it > > screws that, you may have trouble finding a unique key for the messsage, > > with the result that you can't find it in your archive. > > I'm doing basically what Max is talking about now. I have a script that > pulls the Subject line out of the forwarded mail and uses that to create > a procmail recipe for each subject. Then procmail is called via formail > to pull matching mails out of the archive. > > I'll attach it, but, I don't recommend using it as is. It has some > problems that I haven't had time to fix. If a reported spam has a blank > subject the procmail recipe basically matches everything, which is bad. > If there happens to be a spam that has the same subject as some > legitimate email the legitimate mail gets pulled out of the archive as > well. Spam with the same subject sent to users other than the > reporting user also gets pulled (this bit is generally beneficial). -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: arch-quar-clean.sh Type: application/x-sh Size: 636 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040604/dda2611a/arch-quar-clean.sh From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 4 16:40:35 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:40 2006 Subject: Spam Bounce action issues Message-ID: On Friday, June 04, 2004 5:26 PM Julian Field wrote: > There is only one person that can decide with 100% certainty > whether a message is spam or not: the recipient. > By all means tag it, encapsulate it, whatever. But the only > 100% safe solution to your situation is to deliver all of it. > I would strongly advise you not to do anything else. My point exactly. Could not have put it in better words obviously. Not delivering and bouncing is just as bad as not delivering at all. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From evertjan at VANRAMSELAAR.NL Fri Jun 4 16:33:25 2004 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:25:40 2006 Subject: Fwd: [Clamav-announce] announcing ClamAV 0.72 Message-ID: <40731.10.10.0.101.1086363205.squirrel@10.10.0.101> ---------------------------- Original Message ---------------------------- Subject: [Clamav-announce] announcing ClamAV 0.72 From: "Luca Gibelli" Date: Thu, June 3, 2004 21:00 To: clamav-announce@lists.sourceforge.net -------------------------------------------------------------------------- Dear ClamAV users, ClamAV 0.72 is available for download. Major bugfixes in this release include crashes with corrupted BinHex messages and some Excel documents. Protection against archive bombs (not fully functional since 0.70) was improved and a number of other improvements were made. The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca@clamav.net) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg PS: I hope you are still alive -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 17:01:57 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:40 2006 Subject: New spam faking whitelisting In-Reply-To: <40C099C9.5050209@abacom.com> References: <40C099C9.5050209@abacom.com> Message-ID: <6.1.1.1.2.20040604170136.03c7c758@imap.ecs.soton.ac.uk> At 16:48 04/06/2004, you wrote: >Hello, > >I have not found the answer to this question. What would be the format >for a ruleset file for the spamscore? You obviously cannot put yes or no. > >For instance: > >To: postmaster@domain.com 100 >To: someuser@domain.com 50 >FromOrTo: default 10 > >Can this be done? I want to change the following section: > ># If a message achieves a SpamAssassin score higher than this value, ># then the "High Scoring Spam Actions" are used. You may want to use ># this to deliver moderate scores, while deleting very high scoring >messsages. ># This can also be the filename of a ruleset. >High SpamAssassin Score = 9 > >to > >High SpamAssassin Score = some.ruleset.file That's exactly right. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bayardo.rivas at puntos.org.ni Fri Jun 4 17:16:17 2004 From: bayardo.rivas at puntos.org.ni (Bayardo Rivas) Date: Thu Jan 12 21:25:41 2006 Subject: telnet to smtp port is refused In-Reply-To: <00cb01c449c3$fc368ba0$6300a8c0@SSILVA2K> Message-ID: <003501c44a4f$4817d610$0300a8c0@BAR> I have one "sendmail.cf" and one file named "sendmail.cf.SuSEconfig" Bayardo -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Scott Silva Enviado el: Jueves, 03 de Junio de 2004 05:39 p.m. Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: telnet to smtp port is refused Try this command ls -alR /etc |grep sendmail.cf you should see only one sendmail.cf listed ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Thursday, June 03, 2004 4:00 PM Subject: Re: telnet to smtp port is refused Bayardo Rivas wrote: > You asked me about the quantity of sendmail.cf files i am using, I > supposed to be using only one sendmail.cf > > > And the results for netstat -lnp | grep 25 when Mailscanner is on: > > # netstat -lnp | grep 25 > > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1555/sendmail: acce > And the results for netstat -lnp | grep 25 when ONLY SENDMAIL is on: > > # netstat -lnp | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN 1846/sendmail: acce There is obviously a problem with your config. When running with MailScanner, sendmail only listens on your loopback address 127.0.0.1, while it listens to all interfaces when started as standalone. I don't know exactly where to look, but your sendmail gets an option at MailScanner startup that is different from what you've got as standalone. Maybe examine /etc/init.d/MailScanner and search for "OAddr=" I never worked on suse, so this is really the best I can do. Hope this helps. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Fri Jun 4 17:09:11 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:41 2006 Subject: Thoughts on new Bayes idea In-Reply-To: <399D85F2BB50BC4295F78EAE203D5C226B6EEE@dalsxc01.geniant.net> References: <399D85F2BB50BC4295F78EAE203D5C226B6EEE@dalsxc01.geniant.net> Message-ID: <840872DA-B641-11D8-9439-003065F939FE@ucsc.edu> On Jun 4, 2004, at 8:08 AM, Max Kipness wrote: > I've been pondering this idea for a while, but wanted some opinions on > how feasible it would be...and the load it would cause. > ? > I currently have all users that receive spam that bypassed > MailScanner, simply forward the email to spam@ourdomain.com. The email > then got blacklisted and there was an option to put 'domain' in the > subject header to black list the entire domain. This worked well, but > the black list got up to around 1600 emails/domains and I started to > get many SA time outs. This was before implementing Bayes which is > working great, if not too good with false positives, but that's > another story. > ? > My idea is to basically archive every email that enters the system > (through MS) for a period of a day or so. I've got a script that > deletes all emails older than a time specified from an mbox file. Then > using my script from above, have users forward the email to > spam@ourdomain.com, have a new script fetch that email out of the > archive and feed it to Bayes. > ? > Any thoughts on this? Is it ridiculous? > ? > Most of my users are on various Exchange servers, and there really is > no easy way to get the email fed into bayes. I know you can do a > public folder, but then you have to train each user how to get it > there, and they have to open the public folder tree, etc.?Using IMAP > is even more administration.?I've found that simply forwarding the > email somewhere is very easy for them. > My main concern about these sorts of schemes is that: one man's trash is another man's treasure. As the size of your user base increases, it is inevitable that you will have users who have different opinions about where to draw the line between spam and ham (or even users who are fanatical about even identifying organization wide announcements as spam, or who are fanatical about preventing censorship and thus not wanting ANY message to be marked as spam). As a result, I tend to avoid any mechanism in which the user directly contributes to a site-wide configuration (side wide black lists, site wide bayes DB, etc.). Indirect contributions by submitting messages for human review is fine (though, that gets into problems of spending all of some sysadmin's time reviewing spam), but the user should never directly say "learn this as spam/ham" for the site-wide database. What I do at home (and I haven't yet gotten around to making something that works on a larger scale) is this: 1) if you're splitting messages out to individual recipients before MailScanner sees it, then you can set things up so that each recipient has their own Bayes Database, so that each message is checked against a user specific bayes db. (but this isn't what I actually do, I use spam assassin via procmail instead of via mailscanner ... I plan to go back to using mailscanner at some point, but haven't had time to do it yet ... I just need to make sure that I set up my MTA to do expansion before MS instead of after MS, and the main reason I'm putting this off is that I'm actually planning to switch MTA's at home, soon) 2) I have a series of folders: Spam, Spam/Blacklist, Spam/Learn, Spam/Learned, Spam/Unlearn, Spam/Whitelist, Spam/Unlearned 3) messages that are marked as spam are delivered (via procmail) into Spam/Blacklist. Any time I receive a false-negative, I put it in Spam/Learn. If I find a false-positive, I put it in Spam/Unlearn. If I get something whose wording is spammy, but from a sender that I want to get through always, I can put them into the Spam/Whitelist folder. I haven't actually directly used the Blacklist folder yet, though. 4) at midnight, my procmail log is grepped for entries that went to Spam/Blacklist, telling me their score, sender, and subject. If I can't tell from that that it was a valid sender, I'm willing to lose the message (so far, only Mailer-Daemon messages have been false-positives, and that's ok). This means that I don't have to actually check the Spam/Blacklist folder (which, remember, is where my delivered spam goes), I just check the report to see if I need to fish any messages out of the folder before it gets processed in step 5b. On bad days, it takes me a few minutes to page through the message, but then I'm done. On good days, it takes a few seconds and I delete the report (actually, since I started using the SMTP Greet Delay, at 35 seconds, and SBL/XBL at the MTA level, I have fewer than 3 spam messages per week, so most days my report is empty ... before I started using this whole system, I was at 150-250 per day). 5) at 5am, the following things happen in this order: a) all messages in Spam/Learn are submitted to razor and bayes as spam and then deposited in Spam/Blacklist b) all messages in Spam/Blacklist are added to my AWL for "blacklisting", and then deposited in Spam/Learned (which actually exists outside of my IMAP space, but I included it here for completeness) c) all messages in Spam/Unlearn are submitted to bayes as ham, and then deposited in Spam/Unlearned d) all messages in Spam/Whitelist are added to my AWL for "whitelisting", and then deposited in Spam/Unlearned (you'll notice that Learn feeds into Blacklist, but Unlearn doesn't feed into Whitelist, because I can envision times where I do not want whitelisting and ham to be linked, but I generally do want a spam sender to be blacklisted (I get more spam from repeated addresses than from 1-shot addresses, but that's because most of my spam has historically been from unconfirmed lists for commercial things than from forged senders)) (you should also notice that razor is only done via the Spam/Learn folder, because only human reviewed messages get put into Spam/Learn ... which fits the razor model of not submitting messages that haven't been reviewed and confirmed to be spam) So, I have my own personal bayes database, which is automatically fed from my own folders instead of being hand-fed. Plus, anyone else who uses my home mail server can do the same thing, without our spam/ham tastes affecting each other. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkipness at GENIANT.COM Fri Jun 4 17:11:24 2004 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:25:41 2006 Subject: Thoughts on new Bayes idea Message-ID: <399D85F2BB50BC4295F78EAE203D5C226B6F08@dalsxc01.geniant.net> > > > > My idea is to basically archive every email that enters > the system > > > (through MS) for a period of a day or so. I've got a script that > > > deletes all emails older than a time specified from an mbox file. > > > Then using my script from above, have users forward the email to > > > spam@ourdomain.com , have a > new script > > > fetch that email out of the archive and feed it to Bayes. > > > >I like it. Please share the scripts once you are ready. The only > >remaining problem would be that archiving mails in this manner might > >not be allowed by local law. But that is another story... > > When Outlook forwards a message, what happens to the > Message-ID? If it screws that, you may have trouble finding a > unique key for the messsage, with the result that you can't > find it in your archive. I believe it just adds 'id' to the front of it, but I will double check. Max -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 17:50:40 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:41 2006 Subject: Thoughts on new Bayes idea In-Reply-To: <840872DA-B641-11D8-9439-003065F939FE@ucsc.edu> References: <399D85F2BB50BC4295F78EAE203D5C226B6EEE@dalsxc01.geniant.net> <840872DA-B641-11D8-9439-003065F939FE@ucsc.edu> Message-ID: <6.1.1.1.2.20040604174613.028d8500@imap.ecs.soton.ac.uk> At 17:09 04/06/2004, you wrote: >On Jun 4, 2004, at 8:08 AM, Max Kipness wrote: > >>I've been pondering this idea for a while, but wanted some opinions on >>how feasible it would be...and the load it would cause. >> >>I currently have all users that receive spam that bypassed MailScanner, >>simply forward the email to spam@ourdomain.com. The email then got >>blacklisted and there was an option to put 'domain' in the subject header >>to black list the entire domain. This worked well, but the black list got >>up to around 1600 emails/domains and I started to get many SA time outs. >>This was before implementing Bayes which is working great, if not too >>good with false positives, but that's another story. >> >>My idea is to basically archive every email that enters the system >>(through MS) for a period of a day or so. I've got a script that deletes >>all emails older than a time specified from an mbox file. Then using my >>script from above, have users forward the email to spam@ourdomain.com, >>have a new script fetch that email out of the archive and feed it to Bayes. >> >>Any thoughts on this? Is it ridiculous? >> >>Most of my users are on various Exchange servers, and there really is no >>easy way to get the email fed into bayes. I know you can do a public >>folder, but then you have to train each user how to get it there, and >>they have to open the public folder tree, etc. Using IMAP is even more >>administration. I've found that simply forwarding the email somewhere is >>very easy for them. > >My main concern about these sorts of schemes is that: one man's trash is >another man's treasure. As the size of your user base increases, it is >inevitable that you will have users who have different opinions about >where to draw the line between spam and ham (or even users who are >fanatical about even identifying organization wide announcements as spam, >or who are fanatical about preventing censorship and thus not wanting ANY >message to be marked as spam). > >As a result, I tend to avoid any mechanism in which the user directly >contributes to a site-wide configuration (side wide black lists, site wide >bayes DB, etc.). Indirect contributions by submitting messages for human >review is fine (though, that gets into problems of spending all of some >sysadmin's time reviewing spam), but the user should never directly say >"learn this as spam/ham" for the site-wide database. I agree that it is not an ideal solution for all organisations. But it would be very useful for many people. Whether to adopt a scheme like this is a management policy decision, not a technical one. Organisation-wide announcements are easily handled by whitelisting them. In my own setup (which is obviously not ideal for everyone) I stop announcements being marked as spam, but I do impose a very strict size limit on them. This keeps most of my users happy most of the time. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkettler at EVI-INC.COM Fri Jun 4 18:37:15 2004 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:25:41 2006 Subject: Spam Corpus size and false positives? In-Reply-To: <399D85F2BB50BC4295F78EAE203D5C226B6EDA@dalsxc01.geniant.ne t> References: <399D85F2BB50BC4295F78EAE203D5C226B6EDA@dalsxc01.geniant.net> Message-ID: <6.0.0.22.0.20040604132311.02794930@192.168.50.2> At 10:11 AM 6/4/2004, Max Kipness wrote: >Here is the size of my spam/ham corpuses: > >bayes corpus size: nspam = 15538, nham = 9517 > >I had my bayes threshold seeting to 7, which may have been a bit low, and >I'm seeing some false positives. I've now raised the auto-learn threshold >to 12. Good idea, it's generally not a good idea to drop the auto-learn threshold so low. (For that matter, I also run with my ham autolearn threshold set closer to 0 than the default 1.0) > >Is there anything else I can do correct the bayes analysis and get it not >to tagged so much at 99%? Or is feeding ham the only way. This is hard for >me to do, as another guy and myself are the only ones that really feed it. There's not a whole lot you can do to "correct" bayes, however the following approaches are things you can do: 1) delete and start from scratch, this is kind of brute-force, but it is effective. 2) step up your ham training. I suggest setting up a "hamtrap" account. Have all mail to this account auto-fed to bayes as ham learning and subscribe it to a few legitimate sources (news updates, product announcement mailing lists, industry newsletters, etc) 3) use crafted emails as ham training to try to counterbalance some words. run sa-learn --dump and then grep the output for stuff that's 0.9 or higher. Look around in here for words which are obviously mis-classified. Create an email containing some of these words, send it to yourself, and ham train it. Cautions about method 3: -Use this method sparingly. -don't try to micromanage your bayes database contents. -Tinkering with the bayes tokens using faked emails isn't a generally good idea, but it is useful if you've got problems and don't want to wipe the bayes DB. -do NOT try this method for spam training > >I've thought of rebuilding the databases but with a higher auto-learn >threshold, but this would allow in a flood of spam, right? Hmm, depends what you mean by "rebuilding". If you're going to delete them, and retrain with a large enough corpus of spam, it won't matter. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikea at MIKEA.ATH.CX Fri Jun 4 20:09:06 2004 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:25:41 2006 Subject: (Fwd) subject not modified (sometimes) In-Reply-To: <40910BB7.19985.425F0F27@localhost>; from mailscanner@LISTS.COM.AR on Thu, Apr 29, 2004 at 02:05:43PM -0300 References: <40910BB7.19985.425F0F27@localhost> Message-ID: <20040604140906.A14245@mikea.ath.cx> On Thu, Apr 29, 2004 at 02:05:43PM -0300, Mariano Absatz wrote: > Hi... it seems the list ate my message... it seems it was too long (or too > spamish) with all the spam message attached. > > Now I uploaded everything to http://baby.com.ar/MailScanner/msg-20040429/ so > you can see it and the message is lighter. > > Please, read on. > > ------- Forwarded message follows ------- > From: Mariano Absatz > To: MailScanner mailing list > Subject: subject not modified (sometimes) > Date: Thu, 29 Apr 2004 11:38:27 -0300 > > Hi, > > I'm using MailScanner 4.29.7 + SpamAssassin 2.63 + ZMailer 2.99.56 with > linux (redhat 6.1). > > It is working nicely, but sometimes, and only sometimes, it refuses to > modify the subject. > > That is, the message is correctly identified as spam by SpamAssassin, the > X-*-MailScanner*: headers are added, but the subject is NOT prepended with > the {spam} string. > > The settings _DO_ set this string for all messages, no rulesets here. > > This happens in a very small percentage of messages, but I don't know why. > > I suspected of strange MIME encodings in the subject: > =?windows-1252?Q?Ten=E9s_DVD?_Entonces_arm=E1_tu_propia_colecci=F3n!!!?= > > but it's not only that, 'cause I saw this happening in messages whose > subject is not MIME encoded... > > An example of this is at > http://baby.com.ar/MailScanner/msg-20040429/message1.msg > and the corresponding log is > http://baby.com.ar/MailScanner/msg-20040429/message1.log > > The other 4 messages (I don't have the corresponding logs) are hi-scoring > spam that didn't get their subject modified. > > They're not MIME encoded BUT I just noticed all of them have To: (and > eventually Cc:) header(s) that don't have actual addresses in them. > > To: MAIL3 > > To: unlisted-recipients:; (no To-header on input) > Cc: 113 > > To: unlisted-recipients:; (no To-header on input) > Cc: \ok112.OK, \ok113.OK, \ok114.OK, \ok115.OK, \ok116.OK, \ok117.OK, > \ok118.OK, \ok119.OK, \ok120.OK, \ok121.OK, \ok122.OK, \ok123.OK > > Might this be two different problems? I find that I'm having just about exactly the same problem(s), dating from just about the same time: On a FreeBSD 4.7system running MailScanner-4.25-13 and SpamAssassin version 2.50 (yes, I know, seriously old), a small fraction of the mail winds up with a SpamAssassin score at or over the threshold, but MailScanner doesn't prepend the {Probable-Spam} pr {Possible-Spam} markers I use. Except for that small fraction, everything else seems to be caught properly -- I _think_. I do have users reporting the occasional virus or worm getting into their mailboxes, and I don't have a good explanation for that yet. It _was_ working just fine for the longest time. Running a batch of mail through MS with debug turned on for MS and SA both doesn't show anything obviously wrong with the processing for the mail that isn't handled right. I'll post examples, config files, and anything else requested, on my website if anyone wants anything more than Mariano has on his. His description matches my problem awfully closely. I'm planning to upgrade the weekend of 12 June; would have done this weekend, but have to drive to a wedding 600 miles away this weekend. "Life is what happens to you while you're busy making other plans." -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From info at AG-IT.DE Fri Jun 4 20:57:52 2004 From: info at AG-IT.DE (Andrei Gologan) Date: Thu Jan 12 21:25:41 2006 Subject: Mailscanner + postfix References: <40910BB7.19985.425F0F27@localhost> <20040604140906.A14245@mikea.ath.cx> Message-ID: <029801c44a6e$409ceaa0$6b00a8c0@tuck> Hi, I see the use of postfix with Mailscanner was changed. before it used to have 2 instances of postfix running, now it uses only one. Does anybody know how to change it from the 2 running postfixes to one ? especially the redhat startupscript is good, any replacement ? thanks andrei www.ag-it.net -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssilva at SGVWATER.COM Fri Jun 4 21:07:44 2004 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:25:41 2006 Subject: telnet to smtp port is refused References: <000201c44a6e$a9d6c860$0300a8c0@BAR> Message-ID: <007801c44a6f$9cc332c0$1401a8c0@SCOTT2K> This also has me stumped. I will have to do some looking into suse sendmail settings. There has to be something calling sendmail with two different config files depending on how it is started. Look at the sendmail init script script, and I will try to dig some more. Worst case is I will do a quick and dirty suse install into vmware and see what it has. ----- Original Message ----- From: "Bayardo Rivas" To: "'Scott Silva'" Sent: Friday, June 04, 2004 1:01 PM Subject: RE: telnet to smtp port is refused Ok... Scott. mailserver:~ # cat /etc/sendmail.cf|grep DaemonPortOptions O DaemonPortOptions=Name=MTA -----Mensaje original----- De: Scott Silva [mailto:ssilva@sgvwater.com] Enviado el: Viernes, 04 de Junio de 2004 12:08 p.m. Para: bayardo.rivas@puntos.org.ni Asunto: Re: telnet to smtp port is refused now send back the output of cat /etc/mail/sendmail.cf|grep DaemonPortOptions ----- Original Message ----- From: "Bayardo Rivas" To: Sent: Friday, June 04, 2004 9:16 AM Subject: Re: telnet to smtp port is refused I have one "sendmail.cf" and one file named "sendmail.cf.SuSEconfig" Bayardo -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Scott Silva Enviado el: Jueves, 03 de Junio de 2004 05:39 p.m. Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: telnet to smtp port is refused Try this command ls -alR /etc |grep sendmail.cf you should see only one sendmail.cf listed ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Thursday, June 03, 2004 4:00 PM Subject: Re: telnet to smtp port is refused Bayardo Rivas wrote: > You asked me about the quantity of sendmail.cf files i am using, I > supposed to be using only one sendmail.cf > > > And the results for netstat -lnp | grep 25 when Mailscanner is on: > > # netstat -lnp | grep 25 > > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1555/sendmail: acce > And the results for netstat -lnp | grep 25 when ONLY SENDMAIL is on: > > # netstat -lnp | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN 1846/sendmail: acce There is obviously a problem with your config. When running with MailScanner, sendmail only listens on your loopback address 127.0.0.1, while it listens to all interfaces when started as standalone. I don't know exactly where to look, but your sendmail gets an option at MailScanner startup that is different from what you've got as standalone. Maybe examine /etc/init.d/MailScanner and search for "OAddr=" I never worked on suse, so this is really the best I can do. Hope this helps. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 21:22:06 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:41 2006 Subject: Mailscanner + postfix In-Reply-To: <029801c44a6e$409ceaa0$6b00a8c0@tuck> References: <40910BB7.19985.425F0F27@localhost> <20040604140906.A14245@mikea.ath.cx> <029801c44a6e$409ceaa0$6b00a8c0@tuck> Message-ID: <6.1.1.1.2.20040604212106.02a1fba8@imap.ecs.soton.ac.uk> At 20:57 04/06/2004, you wrote: >Hi, > >I see the use of postfix with Mailscanner was changed. before it used to >have 2 instances of postfix running, now it uses only one. Does anybody know >how to change it from the 2 running postfixes to one ? Just change you header_checks and /etc/postfix files to match the new setup. >especially the redhat startupscript is good, any replacement ? The startup script will work with either, just remove your /etc/postfix.in setup completely, and it won't try to use it. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From basement_mobile2004 at YAHOO.COM Fri Jun 4 22:03:08 2004 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:25:41 2006 Subject: Quarantine access Message-ID: <20040604210308.66947.qmail@web60007.mail.yahoo.com> Hi folks, How does MailScanner get thru a rule file with 20K+ entries? I'm thinking about wiriting a tool for that but I'm afraid about the CPU cicles and load usages. I have plenty users here and I really need a method to separate their incoming virus quarantine directories in usernames lists, i.e.: /var/spool/MailScanner/quarantine/$user/$date/$msg-id Does anyone have already made something doing that? Any interface through web browsers for users to access their home incoming virus dirs? Thanks in advance. -- Herr Schwarzkopf basement_mobile2004 at yahoo dot com __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bayardo.rivas at puntos.org.ni Fri Jun 4 22:30:30 2004 From: bayardo.rivas at puntos.org.ni (Bayardo Rivas) Date: Thu Jan 12 21:25:41 2006 Subject: telnet to smtp port is refused In-Reply-To: <007801c44a6f$9cc332c0$1401a8c0@SCOTT2K> Message-ID: <000e01c44a7b$2c773820$0300a8c0@BAR> OK, thanks a lot.... I'm working on it. Bayardo -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Scott Silva Enviado el: Viernes, 04 de Junio de 2004 02:08 p.m. Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: telnet to smtp port is refused This also has me stumped. I will have to do some looking into suse sendmail settings. There has to be something calling sendmail with two different config files depending on how it is started. Look at the sendmail init script script, and I will try to dig some more. Worst case is I will do a quick and dirty suse install into vmware and see what it has. ----- Original Message ----- From: "Bayardo Rivas" To: "'Scott Silva'" Sent: Friday, June 04, 2004 1:01 PM Subject: RE: telnet to smtp port is refused Ok... Scott. mailserver:~ # cat /etc/sendmail.cf|grep DaemonPortOptions O DaemonPortOptions=Name=MTA -----Mensaje original----- De: Scott Silva [mailto:ssilva@sgvwater.com] Enviado el: Viernes, 04 de Junio de 2004 12:08 p.m. Para: bayardo.rivas@puntos.org.ni Asunto: Re: telnet to smtp port is refused now send back the output of cat /etc/mail/sendmail.cf|grep DaemonPortOptions ----- Original Message ----- From: "Bayardo Rivas" To: Sent: Friday, June 04, 2004 9:16 AM Subject: Re: telnet to smtp port is refused I have one "sendmail.cf" and one file named "sendmail.cf.SuSEconfig" Bayardo -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Scott Silva Enviado el: Jueves, 03 de Junio de 2004 05:39 p.m. Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: telnet to smtp port is refused Try this command ls -alR /etc |grep sendmail.cf you should see only one sendmail.cf listed ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Thursday, June 03, 2004 4:00 PM Subject: Re: telnet to smtp port is refused Bayardo Rivas wrote: > You asked me about the quantity of sendmail.cf files i am using, I > supposed to be using only one sendmail.cf > > > And the results for netstat -lnp | grep 25 when Mailscanner is on: > > # netstat -lnp | grep 25 > > tcp 0 0 127.0.0.1:25 0.0.0.0:* > LISTEN 1555/sendmail: acce > And the results for netstat -lnp | grep 25 when ONLY SENDMAIL is on: > > # netstat -lnp | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN 1846/sendmail: acce There is obviously a problem with your config. When running with MailScanner, sendmail only listens on your loopback address 127.0.0.1, while it listens to all interfaces when started as standalone. I don't know exactly where to look, but your sendmail gets an option at MailScanner startup that is different from what you've got as standalone. Maybe examine /etc/init.d/MailScanner and search for "OAddr=" I never worked on suse, so this is really the best I can do. Hope this helps. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri Jun 4 23:01:50 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:25:41 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200406042201.i54M1oQi014950@seer.ecs.soton.ac.uk> New Guestbook-Entry from J. Richardson I have looked at a number of commercial and free softwares along with a lot of methods of combatting spam, and I must say that \"MailScanner\" is a superb program. From mailscanner at LISTS.COM.AR Fri Jun 4 23:32:57 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:25:41 2006 Subject: tiny, low priority patch for ZMailer In-Reply-To: <6.1.1.1.2.20040603085754.03af5b60@imap.ecs.soton.ac.uk> References: <40BE127D.29808.47A23F85@localhost> Message-ID: <40C0CE69.4924.5250783A@localhost> Allright, here it comes... Everything I've done and sent you in the last few months is at http://baby.com.ar/MailScanner/MS-new/ (you've got a .tgz archive AND the same files open in case you want to browse them). Since some of the things I did affect other files, they are included. If you don't like the rest of the stuff, just use the ZMailer.pm and ZMDiskStore.pm files and that's it. Besides zmailer bug fixing, I did the following (I note the affected files for every feature) in order of importance (that is I think the first one is the one more people would like/want/use). 'Run In Foreground': new option to enable MailScanner to run normally in foreground mode and thus open the possibility to be monitored with HA tools or simple daemon managers like DJB's supervise ( http://cr.yp.to/daemontools.html ) Affected files: bin/MailScanner etc/MailScanner.conf lib/MailScanner/ConfigDefs.pl 'MailScanner-Id': option to add a new 'X-MailScanner-Id:' header with a unique identifier. The identifier may be used in logging custom functions, accessed like $message->{md5msid} e.g. to be able to have unique message identifiers, even with multiple servers running in paralell. (**) Requirements: Digest::MD5 must be installed (so the installer should be modified to install this also). Affected files: etc/MailScanner.conf lib/MailScanner/ConfigDefs.pl lib/MailScanner/Message.pm 'Authbounce': option to identify the authenticated user and bounce the message to him instead of using the 'mail from'. It also allows you to match the authenticated user in rulesets using 'Auth' or 'FromOrAuth' or 'AuthAndTo' or 'FromOrAuthAndTo' :-) (***) Affected files: etc/MailScanner.conf lib/MailScanner/Config.pm lib/MailScanner/ConfigDefs.pl lib/MailScanner/Message.pm If you want to wait for the other MTAs, you can simply erase the 'Domain Auth' and 'Always Auth Bounce' options, and its associated comments from MailScanner.conf and leave it hidden. NOTES: (**) if you want, I can also send you a module for lib/CustomFunctions that does some fancy logging to files (it was originally adapted from the first part of SQLLogging). (***) developer notes: currently, this only works for zmailer, but can be added to the other MTAs... what needs to be done is, within MailScanner::Sendmail::ReadQf(), generate the '$message->{authenticateduser}' attribute with the user that authenticated via SMTP AUTH (if any). If the user authenticated doesn't have a '@domain' part AND MailScanner::Config::Value('domainauth') is set to anything different to 'no', then you must add '@' . MailScanner::Config::Value('domainauth') to the authenticated username. If there is an authenticated user but 'Domain Auth' is set to 'no', you can still use the authenticated user name in rulesets. PLEASE, if you want me to modify any of these in some way, in order to include them, please tell me so (I won't be able to answer until Monday, though). Have a nice weekend. El 3 Jun 2004 a las 8:58, Julian Field escribi?: > Can you take the latest published ZMailer code from the main distribution, > apply all your changes and mail me the new files for the next distribution > please? > > At 21:46 02/06/2004, you wrote: > >Hi Julian, > > > >I just noticed a small bug (mostly invisible to everyone) that slipped thru > >in the very first version of ZMailer support for MailScanner. > > > >It's a 'print STDERR' that should be commented out and is not. > > > >--- ZMDiskStore.pm.ORI Wed Jun 2 17:39:46 2004 > >+++ ZMDiskStore.pm Wed Jun 2 17:40:05 2004 > >@@ -219,7 +219,7 @@ > > my $b= Body->new( $this->{hdpath} ); > > $b->Start(); > > my $line; > >- print STDERR "originalBody\n"; > >+ #print STDERR "originalBody\n"; > > while( $line= $b->Next() ) { > > $Tf->print($line); > > #print STDERR "BODY: $line"; > > > > > >See if you can add it so next version is OK... > > > >BTW, I noticed this after implementing what I posted in > >http://tinyurl.com/2hpgn and logging MailScanner's STDOUT and STDERR... > >suddenly, my logs got full of > >'originalBody' > >lines :-) > > > >Were you able to take a look at the patches I posted there? > > > >Do you think it has a chance of getting in the main trunk? > > > >FWIW, I have it working very smoothly on two production environments (one of > >them is a 12-server border farm for a large ISP... I'll be reporting about > >this next week) > > -- Mariano Absatz El Baby ---------------------------------------------------------- I am not afraid of death, I just don't want to be there when it happens. -- Woody Allen -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cconn at ABACOM.COM Fri Jun 4 22:53:04 2004 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:25:41 2006 Subject: New spam faking whitelisting In-Reply-To: <6.1.1.1.2.20040604170136.03c7c758@imap.ecs.soton.ac.uk> References: <40C099C9.5050209@abacom.com> <6.1.1.1.2.20040604170136.03c7c758@imap.ecs.soton.ac.uk> Message-ID: <40C0EF40.8010800@abacom.com> Julian Field wrote: > At 16:48 04/06/2004, you wrote: > >> Hello, >> For instance: >> >> To: postmaster@domain.com 100 >> To: someuser@domain.com 50 >> FromOrTo: default 10 >> >> Can this be done? I want to change the following section: > That's exactly right. > -- Hello, I tried using the "High SpamAssassin Score" with the above ruleset and I have the same results as the Whitelist ruleset, which is the email gets delivered to all of the To: and Cc: or Bcc: recipients. If you whitelist the postmaster and that email address is listed in the recipients, all recipients get the email. So both methods do not suit my needs. However, the "High Scoring Spam Actions" can be used to acheive the wanted effect, which is deliver all mail to the postmaster but not the other recipients with the below ruleset: To: postmaster@domain forward postmaster@domain FromOrTo: default delete I changed "High Scoring Spam Actions = delete" to "High Scoring Spam Actions = /path/to/my/ruleset.rules" So the above will acheive the goal of having a whitelisted postmaster without the cost of having to deliver mail to all other poor recipients if they exist and it is spam. Thanks for your help, Chris -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sat Jun 5 02:28:34 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:41 2006 Subject: (Fwd) subject not modified (sometimes) In-Reply-To: <20040604140906.A14245@mikea.ath.cx> References: <40910BB7.19985.425F0F27@localhost> <20040604140906.A14245@mikea.ath.cx> Message-ID: <40C121C2.5050505@ucgbook.com> mikea wrote: > On Thu, Apr 29, 2004 at 02:05:43PM -0300, Mariano Absatz wrote: >>It is working nicely, but sometimes, and only sometimes, it refuses to >>modify the subject. > MailScanner doesn't prepend the {Probable-Spam} pr {Possible-Spam} > markers I use. Except for that small fraction, everything else seems Have you checked the headers for double Subject lines? I have seen some spam with double Subject headers and only one is changed but Outlook shows the other one which is not modified, depends on which one comes first I guess. I posted about this a while ago but no one answered. Julian? -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From vlad at MAZEK.COM Sat Jun 5 20:40:39 2004 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:25:41 2006 Subject: Quarantine access In-Reply-To: <20040604210308.66947.qmail@web60007.mail.yahoo.com> References: <20040604210308.66947.qmail@web60007.mail.yahoo.com> Message-ID: <40C221B7.6070306@mazek.com> We do it through a web interface thats tied in with the notification system. In the attachment warning message that gets sent with the virus notice to the user we include a url (instead of "Note to help desk look in /var/spool/blah/blah/blah" we modify the stored.virus.message.txt to "To retrieve this file go to http://www.ownwebnow.com/getmessage=?date=x&id=x") and the user can go to the web site and grab the file. The system quickly scans the file, copies it to users directory and then streams it down to the user. -Vlad Vladimir Mazek Own Web Now Corp Anakin SkyWalker wrote: >Hi folks, > > How does MailScanner get thru a rule file with 20K+ >entries? I'm thinking about wiriting a tool for that >but I'm afraid about the CPU cicles and load usages. I >have plenty users here and I really need a method to >separate their incoming virus quarantine directories >in usernames lists, i.e.: > >/var/spool/MailScanner/quarantine/$user/$date/$msg-id > > Does anyone have already made something doing that? >Any interface through web browsers for users to access >their home incoming virus dirs? > > >Thanks in advance. > >-- >Herr Schwarzkopf >basement_mobile2004 at yahoo dot com > > > > >__________________________________ >Do you Yahoo!? >Friends. Fun. Try the all-new Yahoo! Messenger. >http://messenger.yahoo.com/ > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clicknow at SWIFTDSL.COM.AU Sun Jun 6 01:42:09 2004 From: clicknow at SWIFTDSL.COM.AU (Brian Parish) Date: Thu Jan 12 21:25:41 2006 Subject: Mailscanner + postfix In-Reply-To: <6.1.1.1.2.20040604212106.02a1fba8@imap.ecs.soton.ac.uk> References: <40910BB7.19985.425F0F27@localhost> <20040604140906.A14245@mikea.ath.cx> <029801c44a6e$409ceaa0$6b00a8c0@tuck> <6.1.1.1.2.20040604212106.02a1fba8@imap.ecs.soton.ac.uk> Message-ID: <1086482529.9916.368.camel@daw.clicknowconsulting.com.au> On Sat, 2004-06-05 at 06:22, Julian Field wrote: > At 20:57 04/06/2004, you wrote: > >Hi, > > > >I see the use of postfix with Mailscanner was changed. before it used to > >have 2 instances of postfix running, now it uses only one. Does anybody know > >how to change it from the 2 running postfixes to one ? > > Just change you header_checks and /etc/postfix files to match the new setup. > > >especially the redhat startupscript is good, any replacement ? > > The startup script will work with either, just remove your /etc/postfix.in > setup completely, and it won't try to use it. > -- > Julian Field Hmmm. I had it running nicely with the two instances. I've now gone through the steps described. Everything seems to start normally and service MailScanner status says all is OK, but fetchmail says: SMTP connect to localhost failed What have I missed? TIA Brian -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Sun Jun 6 04:58:17 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:41 2006 Subject: Quarantine access In-Reply-To: <40C221B7.6070306@mazek.com> Message-ID: <200406060358.i563wU64025110@nkpanama.com> Can you share this with the list, if possible? The scripts, I mean. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Vlad Mazek Sent: Saturday, June 05, 2004 2:41 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Quarantine access We do it through a web interface thats tied in with the notification system. In the attachment warning message that gets sent with the virus notice to the user we include a url (instead of "Note to help desk look in /var/spool/blah/blah/blah" we modify the stored.virus.message.txt to "To retrieve this file go to http://www.ownwebnow.com/getmessage=?date=x&id=x") and the user can go to the web site and grab the file. The system quickly scans the file, copies it to users directory and then streams it down to the user. -Vlad Vladimir Mazek Own Web Now Corp Anakin SkyWalker wrote: >Hi folks, > > How does MailScanner get thru a rule file with 20K+ >entries? I'm thinking about wiriting a tool for that >but I'm afraid about the CPU cicles and load usages. I >have plenty users here and I really need a method to >separate their incoming virus quarantine directories >in usernames lists, i.e.: > >/var/spool/MailScanner/quarantine/$user/$date/$msg-id > > Does anyone have already made something doing that? >Any interface through web browsers for users to access >their home incoming virus dirs? > > >Thanks in advance. > >-- >Herr Schwarzkopf >basement_mobile2004 at yahoo dot com > > > > >__________________________________ >Do you Yahoo!? >Friends. Fun. Try the all-new Yahoo! Messenger. >http://messenger.yahoo.com/ > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clicknow at SWIFTDSL.COM.AU Sun Jun 6 06:49:51 2004 From: clicknow at SWIFTDSL.COM.AU (Brian Parish) Date: Thu Jan 12 21:25:41 2006 Subject: Mailscanner + postfix In-Reply-To: <1086482529.9916.368.camel@daw.clicknowconsulting.com.au> References: <40910BB7.19985.425F0F27@localhost> <20040604140906.A14245@mikea.ath.cx> <029801c44a6e$409ceaa0$6b00a8c0@tuck> <6.1.1.1.2.20040604212106.02a1fba8@imap.ecs.soton.ac.uk> <1086482529.9916.368.camel@daw.clicknowconsulting.com.au> Message-ID: <1086500990.9916.377.camel@daw.clicknowconsulting.com.au> On Sun, 2004-06-06 at 10:42, Brian Parish wrote: > On Sat, 2004-06-05 at 06:22, Julian Field wrote: > > At 20:57 04/06/2004, you wrote: > > >Hi, > > > > > >I see the use of postfix with Mailscanner was changed. before it used to > > >have 2 instances of postfix running, now it uses only one. Does anybody know > > >how to change it from the 2 running postfixes to one ? > > > > Just change you header_checks and /etc/postfix files to match the new setup. > > > > >especially the redhat startupscript is good, any replacement ? > > > > The startup script will work with either, just remove your /etc/postfix.in > > setup completely, and it won't try to use it. > > -- > > Julian Field > Hmmm. I had it running nicely with the two instances. I've now gone > through the steps described. Everything seems to start normally and > > service MailScanner status > > says all is OK, but fetchmail says: SMTP connect to localhost failed > > What have I missed? > > TIA > Brian > Well I needed to get this going, so: rpm -e postfix urpmi postfix and all is well. thanks anyway Brian -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sun Jun 6 11:53:31 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:41 2006 Subject: Mailscanner + postfix In-Reply-To: <1086482529.9916.368.camel@daw.clicknowconsulting.com.au> References: <40910BB7.19985.425F0F27@localhost> <20040604140906.A14245@mikea.ath.cx> <029801c44a6e$409ceaa0$6b00a8c0@tuck> <6.1.1.1.2.20040604212106.02a1fba8@imap.ecs.soton.ac.uk> <1086482529.9916.368.camel@daw.clicknowconsulting.com.au> Message-ID: <6.1.1.1.2.20040606115255.0462bec8@imap.ecs.soton.ac.uk> At 01:42 06/06/2004, you wrote: >On Sat, 2004-06-05 at 06:22, Julian Field wrote: > > At 20:57 04/06/2004, you wrote: > > >Hi, > > > > > >I see the use of postfix with Mailscanner was changed. before it used to > > >have 2 instances of postfix running, now it uses only one. Does > anybody know > > >how to change it from the 2 running postfixes to one ? > > > > Just change you header_checks and /etc/postfix files to match the new > setup. > > > > >especially the redhat startupscript is good, any replacement ? > > > > The startup script will work with either, just remove your /etc/postfix.in > > setup completely, and it won't try to use it. > > -- > > Julian Field >Hmmm. I had it running nicely with the two instances. I've now gone >through the steps described. Everything seems to start normally and > >service MailScanner status > >says all is OK, but fetchmail says: SMTP connect to localhost failed > >What have I missed? You have probably forgotten to re-enable the SMTP service in master.cf, which you will have disabled in /etc/postfix when it handled outgoing mail only. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 01:14:07 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:25:41 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200406070014.i570E7U7015408@seer.ecs.soton.ac.uk> New Guestbook-Entry from Donald Winston MailScanner is the most obtrusive program I have ever seen. It prevents professionals from communicating From rt_mena at YAHOO.COM Mon Jun 7 02:32:29 2004 From: rt_mena at YAHOO.COM (Robert Mena) Date: Thu Jan 12 21:25:41 2006 Subject: MailScanner+dspam ? Message-ID: <20040607013229.36198.qmail@web50401.mail.yahoo.com> Hi, I am considering the use of DSPAM instead of SpamAssassin with my MailScanner setup. I was wondering if anyone has done that or has tips regarding this. - rt __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dh at UPTIME.AT Mon Jun 7 06:48:09 2004 From: dh at UPTIME.AT (=?ISO-8859-1?Q?David_H=F6hn?=) Date: Thu Jan 12 21:25:41 2006 Subject: MailScanner+dspam ? In-Reply-To: <20040607013229.36198.qmail@web50401.mail.yahoo.com> References: <20040607013229.36198.qmail@web50401.mail.yahoo.com> Message-ID: <40C40199.5060105@uptime.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Robert Mena wrote: | Hi, | | I am considering the use of DSPAM instead of | SpamAssassin with my MailScanner setup. | I have no experience doing this, but since I was looking at DSPAM the other night, any reason why you favour it over Spamassassin? - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAxAGZPMoaMn4kKR4RA2uwAJ9NcyZhG6o1SOAB33TFsGCC2U+XuwCfar/a 24vMT09rFvCBuDc8622aDxE= =LBFH -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcel at PLUSINE.COM Mon Jun 7 09:23:36 2004 From: marcel at PLUSINE.COM (Marcel Burggraeve) Date: Thu Jan 12 21:25:41 2006 Subject: Can spammer 'force' a timeout ? Message-ID: <001b01c44c68$ba8059a0$6402a8c0@freak> Since a couple of weeks a lot of spam keeps getting through and when I examine them most of them have the following in the headers : X-Plusine-MailScanner-SpamCheck: not spam, SpamAssassin (timed out) I'm not using RBL checklists, our mailscanner is not really busy and lots of them come in during the night when the system is almost doing nothing. We're running HP-UX 11.i, the latest mailscanner, latest spamassassin and I'm using big evil and a medicine rule from the rulesemporium. Could there be some kind of trick to force spamassassin into a timed out situation ? Best regards, Marcel Burggraeve Plusine The Netherlands -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Mon Jun 7 09:30:58 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:42 2006 Subject: Can spammer 'force' a timeout ? In-Reply-To: <001b01c44c68$ba8059a0$6402a8c0@freak> References: <001b01c44c68$ba8059a0$6402a8c0@freak> Message-ID: <40C427C2.2090908@solid-state-logic.com> Marcal the bigevil rule set is really nasty on CPU. I'd change it to use the www.surbl.org varient instead (see web site for how-to). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Marcel Burggraeve wrote: > Since a couple of weeks a lot of spam keeps getting through and when I > examine them most of them have the following in the headers : > X-Plusine-MailScanner-SpamCheck: not spam, SpamAssassin (timed out) > > I'm not using RBL checklists, our mailscanner is not really busy and lots of > them come in during the night when the system is almost doing nothing. > We're running HP-UX 11.i, the latest mailscanner, latest spamassassin and > I'm using big evil and a medicine rule from the rulesemporium. > > Could there be some kind of trick to force spamassassin into a timed out > situation ? > > Best regards, > > Marcel Burggraeve > Plusine > The Netherlands > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Peter.Bates at LSHTM.AC.UK Mon Jun 7 09:55:08 2004 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:25:42 2006 Subject: Sophos:SAVI 'main body of virus data is out of date' Message-ID: Hello all... I know this is partly my fault, failing to update my Sophos in a timely fashion, but just before the weekend, the logs started filling with a lot of: Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main body of virus data is out of date (542):: ./68C7315613C/msg-26029-3.txt Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main body of virus data is out of date (542):: ./68C7315613C/msg-26029-4.html Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main body of virus data is out of date (542):: ./68C7315613C/msg-26029-5.txt Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main body of virus data is out of date (542):: ./68C7315613C/msg-26029-6.html Jun 7 03:39:51 postbox MailScanner[26029]: Virus Scanning: SophosSAVI found 4 infections Just in the interests of damage limitation, is MailScanner rejecting the message (and contents) as a result of this error, or is it just informational? Naturally I updated first thing this morning, and will have to get a bit more disciplined about updating regularly or using the 'majorsophos' script in the future... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rt_mena at yahoo.com Mon Jun 7 13:48:07 2004 From: rt_mena at yahoo.com (Robert Mena) Date: Thu Jan 12 21:25:42 2006 Subject: MailScanner+dspam ? In-Reply-To: <40C40199.5060105@uptime.at> Message-ID: <20040607124807.32410.qmail@web50402.mail.yahoo.com> Well, Seems to me that the approach and features of DSPAM - compiled for speed - support for bayesian (with global and individual chained databases) - support for mysql - admin tools with reports builtin - web support for retrieving quarentine files - easy way to let users train the spam/ham Are more focused in a mixed enviroment such as ISPs. SpamAssassin appears to have incorporated some of those features and others are supported as hacks but does not feel like it is something integrated. Anyway, I haven't actually used dspam but the integration with mailscanner is something desirable since the actual solution use it with clamav and spamassassin --- David_Höhn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > | > I have no experience doing this, but since I was > looking at DSPAM the > other night, any reason why you favour it over > Spamassassin? > > - -d > > - -- > nee anata wo mitsukete soshite nidoto wasurezu > ~ donna ni munega itakutemo soba ni iru no > ~ zutto...zutto...zutto > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (Darwin) > Comment: Using GnuPG with Thunderbird - > http://enigmail.mozdev.org > > iD8DBQFAxAGZPMoaMn4kKR4RA2uwAJ9NcyZhG6o1SOAB33TFsGCC2U+XuwCfar/a > 24vMT09rFvCBuDc8622aDxE= > =LBFH > -----END PGP SIGNATURE----- > > -------------------------- MailScanner list > ---------------------- > To leave, send leave mailscanner to > jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions > at > http://www.mailscanner.biz/maq/ and the archives > at > http://www.jiscmail.ac.uk/lists/mailscanner.html __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jase at SENSIS.COM Mon Jun 7 14:21:53 2004 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:25:42 2006 Subject: Can spammer 'force' a timeout ? Message-ID: I don't have any answers, but wanted to let you know that I've been seeing the same sort of thing. Jase Marcel Burggraeve wrote: > Since a couple of weeks a lot of spam keeps getting through and when I > examine them most of them have the following in the headers : > X-Plusine-MailScanner-SpamCheck: not spam, SpamAssassin (timed out) > > I'm not using RBL checklists, our mailscanner is not really busy and > lots of them come in during the night when the system is almost doing > nothing. We're running HP-UX 11.i, the latest mailscanner, latest > spamassassin and I'm using big evil and a medicine rule from the > rulesemporium. > > Could there be some kind of trick to force spamassassin into a timed > out situation ? > > Best regards, > > Marcel Burggraeve > Plusine > The Netherlands > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 11:38:33 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:42 2006 Subject: Sophos:SAVI 'main body of virus data is out of date' In-Reply-To: References: Message-ID: <6.1.1.1.2.20040607113813.03c3f0a0@imap.ecs.soton.ac.uk> At 09:55 07/06/2004, you wrote: >Hello all... > >I know this is partly my fault, failing to update my Sophos in a timely >fashion, but just before the weekend, the logs started filling with a >lot of: > >Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main >body of virus data is out of date (542):: ./68C7315613C/msg-26029-3.txt >Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main >body of virus data is out of date (542):: ./68C7315613C/msg-26029-4.html >Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main >body of virus data is out of date (542):: ./68C7315613C/msg-26029-5.txt >Jun 7 03:39:51 postbox MailScanner[26029]: SophosSAVI::ERROR:: The main >body of virus data is out of date (542):: ./68C7315613C/msg-26029-6.html >Jun 7 03:39:51 postbox MailScanner[26029]: Virus Scanning: SophosSAVI >found 4 infections > >Just in the interests of damage limitation, is MailScanner rejecting the >message (and contents) as a result of this error, or is it just >informational? It shouldn't be rejecting the messages just squealing about the warning. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From patrick at EON.COM.SG Mon Jun 7 15:24:26 2004 From: patrick at EON.COM.SG (Patrick) Date: Thu Jan 12 21:25:42 2006 Subject: Latest Mailscanner CPanel References: <6.1.1.1.2.20040607113813.03c3f0a0@imap.ecs.soton.ac.uk> Message-ID: <00f501c44c9b$23726d40$0300a8c0@bear> Hi everyone, I am trying to install the latest stable version of Mailscanner onto my server that is running CPanel.. I managed to find this site http://www.cpanelplus.com/home/content/view/3// and was wondering if the information presented within is still updated and can be used with the latest stable version for installation. Is there any where I can find a good how-to to install ClamAV? Lastly, is Sophos AV free like ClamAV? Any help would be appreciated. Thanks Patrick -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Mon Jun 7 15:42:22 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:42 2006 Subject: Latest Mailscanner CPanel In-Reply-To: <00f501c44c9b$23726d40$0300a8c0@bear> References: <6.1.1.1.2.20040607113813.03c3f0a0@imap.ecs.soton.ac.uk> <00f501c44c9b$23726d40$0300a8c0@bear> Message-ID: <40C47ECE.6080606@solid-state-logic.com> Partick Install clamAV is easy download the tar ball. uncompress/untar it then cd in to dir it creates.. ./configure make makeinstall done. Sophos is not free - contact a local distributor for prices in Singapore.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Patrick wrote: > Hi everyone, > > I am trying to install the latest stable version of Mailscanner onto my > server that is running CPanel.. > > I managed to find this site http://www.cpanelplus.com/home/content/view/3// > and was wondering if the information presented within is still updated and > can be used with the latest stable version for installation. > > Is there any where I can find a good how-to to install ClamAV? > > Lastly, is Sophos AV free like ClamAV? > > Any help would be appreciated. > > Thanks > > Patrick > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brian at GENERATIONZ.COM Mon Jun 7 14:18:48 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing Message-ID: My understanding is that with sendmail, outgoing messages are scanned, although the logs don't reflect any outbound scanning activity. How can outbound scanning be confirmed? Thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 7 17:50:22 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing In-Reply-To: Message-ID: <200406071650.i57GoKCI020492@monitor.blacknight.ie> What have you set the logging to in the MailScanner.conf? Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 1 Euro hosting offer - See: http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Dowling > Sent: 07 June 2004 14:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Scanning outgoing > > My understanding is that with sendmail, outgoing messages are > scanned, although the logs don't reflect any outbound > scanning activity. How can outbound scanning be confirmed? > > Thanks > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Email scanned by Blacknight for viruses and dangerous content. > Visit http://www.blacknight.ie for more information -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 17:55:01 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing In-Reply-To: References: Message-ID: <6.1.1.1.2.20040607175323.02aa4a68@imap.ecs.soton.ac.uk> At 14:18 07/06/2004, you wrote: >My understanding is that with sendmail, outgoing messages are scanned, >although the logs don't reflect any outbound scanning activity. How can >outbound scanning be confirmed? Are you using a sendmail recent enough to have a clientmqueue directory? If so, all outbound mail should be scanned. If not, then you will have to reconfigure your mail software so that it sends mail by talking SMTP to localhost and does not invoke the sendmail binary directly. You can find out by sending yourself mail including the eicar test file, available from www.eicar.org. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brian at GENERATIONZ.COM Mon Jun 7 15:05:26 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:42 2006 Subject: Outbound scanning Message-ID: My understanding is when using sendmail, outbound emails are scanned. Logs do not reflect this, is htere a way to verify it? Thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon Jun 7 17:53:51 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing In-Reply-To: References: Message-ID: Brian Dowling wrote: > My understanding is that with sendmail, outgoing messages are scanned, > although the logs don't reflect any outbound scanning activity. How can > outbound scanning be confirmed? The logs is the place... What is your setup? Do you have an Exchange server that delivers directly to the recipient? If so, you must tell this server to use your MailScanner to deliver. > > Thanks > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From admin at WEBGUSTO.COM Mon Jun 7 18:36:43 2004 From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto) Date: Thu Jan 12 21:25:42 2006 Subject: Outbound scanning In-Reply-To: Message-ID: I tested it my sending a message containing the Eicar test string. It worked as I would have expected. -----Original Message----- From: Brian Dowling [mailto:brian@GENERATIONZ.COM] Sent: Monday, June 07, 2004 9:05 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Outbound scanning My understanding is when using sendmail, outbound emails are scanned. Logs do not reflect this, is htere a way to verify it? Thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From basement_mobile2004 at YAHOO.COM Mon Jun 7 20:02:05 2004 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:25:42 2006 Subject: Quarantine access In-Reply-To: <40C221B7.6070306@mazek.com> Message-ID: <20040607190205.67530.qmail@web60002.mail.yahoo.com> It's a working model for sure. But I'm afraid it's not very healthy. Since users may try to brute force dates and MTA's IDs to get access over other users resources. Am I missing something here? --- Vlad Mazek wrote: > We do it through a web interface thats tied in with > the notification > system. In the attachment warning message that gets > sent with the virus > notice to the user we include a url (instead of > "Note to help desk look > in /var/spool/blah/blah/blah" we modify the > stored.virus.message.txt to > "To retrieve this file go to > http://www.ownwebnow.com/getmessage=?date=x&id=x") > and the user can go > to the web site and grab the file. > > The system quickly scans the file, copies it to > users directory and then > streams it down to the user. > > -Vlad > > Vladimir Mazek > Own Web Now Corp > -- Herr Schwarzkopf __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Mon Jun 7 19:58:05 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem Message-ID: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> Hello, I am having problem that MailScanner is not using "spam.assassin.prefs.conf" for some reason.. I have "SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf" in MailScanner.conf yes, it is pointed to the correct dir. in spam.assassin.prefs.conf I have: required_hits 2.0 subject_tag [Possible Spam?] report_safe 1 and so on... For some reason when I recieve spam mail, at the header say: X-ZoneWave.NET-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.566, required 6, FROM_ENDS_IN_NUMS 0.87, HTML_MESSAGE 0.00, SUB_HELLO 2.70) required 6? it should be 2 In MailScanner.conf I have: Use SpamAssassin = yes Max SpamAssassin Size = 30000 #Required SpamAssassin Score = 6 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = no SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf Do you have any idea why this happen? MailScanner is NOT using spam.assassin.prefs.conf for some reason.. Thanks Shahid -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040607/1d5d2756/attachment.html From peter at UCGBOOK.COM Mon Jun 7 20:24:58 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> Message-ID: <40C4C10A.9090906@ucgbook.com> Shahid Hussain wrote: > yes, it is pointed to the correct dir. > > in spam.assassin.prefs.conf I have: > required_hits 2.0 > subject_tag [Possible Spam?] > report_safe 1 > and so on... > > For some reason when I recieve spam mail, at the header say: > X-ZoneWave.NET-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.566, > required 6, FROM_ENDS_IN_NUMS 0.87, HTML_MESSAGE 0.00, > SUB_HELLO 2.70) > > required 6? > it should be 2 > > > In MailScanner.conf I have: > Use SpamAssassin = yes > Max SpamAssassin Size = 30000 > #Required SpamAssassin Score = 6 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = no > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf You're not supposed to use spam.assassin.prefs.conf for options that MailScanner.conf covers. If you want the score to be 2, then set it to that in MailScanner.conf. Same goes for the tagging, that's handled by MS too. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 20:29:30 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> Message-ID: <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> All of the settings you are referring to are set in MailScanner.conf. That way they can be different values for different users/domains, using rulesets. At 19:58 07/06/2004, you wrote: >Hello, > >I am having problem that MailScanner is not using >"spam.assassin.prefs.conf" for some reason.. >I have "SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf" in >MailScanner.conf > >yes, it is pointed to the correct dir. > >in spam.assassin.prefs.conf I have: >required_hits 2.0 >subject_tag [Possible Spam?] >report_safe 1 >and so on... > >For some reason when I recieve spam mail, at the header say: >X-ZoneWave.NET-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.566, > required 6, FROM_ENDS_IN_NUMS 0.87, HTML_MESSAGE 0.00, > SUB_HELLO 2.70) > >required 6? >it should be 2 > > >In MailScanner.conf I have: >Use SpamAssassin = yes >Max SpamAssassin Size = 30000 >#Required SpamAssassin Score = 6 >High SpamAssassin Score = 10 >SpamAssassin Auto Whitelist = no >SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > > >Do you have any idea why this happen? MailScanner is NOT using >spam.assassin.prefs.conf for some reason.. > > >Thanks > >Shahid > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to >jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the >archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Mon Jun 7 20:37:15 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <40C4C10A.9090906@ucgbook.com> Message-ID: <011301c44cc6$d6abb7b0$0200a8c0@pluto> > Shahid Hussain wrote: > > yes, it is pointed to the correct dir. > > > > in spam.assassin.prefs.conf I have: > > required_hits 2.0 > > subject_tag [Possible Spam?] > > report_safe 1 > > and so on... > > > > For some reason when I recieve spam mail, at the header say: > > X-ZoneWave.NET-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.566, > > required 6, FROM_ENDS_IN_NUMS 0.87, HTML_MESSAGE 0.00, > > SUB_HELLO 2.70) > > > > required 6? > > it should be 2 > > > > > > In MailScanner.conf I have: > > Use SpamAssassin = yes > > Max SpamAssassin Size = 30000 > > #Required SpamAssassin Score = 6 > > High SpamAssassin Score = 10 > > SpamAssassin Auto Whitelist = no > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > You're not supposed to use spam.assassin.prefs.conf for options that > MailScanner.conf covers. If you want the score to be 2, then set it to > that in MailScanner.conf. Same goes for the tagging, that's handled by > MS too. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 > Thanks for reply, If I understand you correctly.. you saying I should use MailScanner.conf and replace #Required SpamAssassin Score = 6 to 2? So what the point of "SpamAssassin Prefs File" for? - what is it used for... is it only used that MailScanner does not cover? Shahid -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Mon Jun 7 20:43:01 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> Message-ID: <011e01c44cc7$a4fc7d70$0200a8c0@pluto> Whats "SpamAssassin Prefs File =" used for then? I have set it to "required_hits 2.0" in spam.assassin.prefs.conf and then it should ignore "#Required SpamAssassin Score = 6" in MailScanner.conf Using rulesets? can you point me right direction please, thanks :) Shahid > All of the settings you are referring to are set in MailScanner.conf. That > way they can be different values for different users/domains, using rulesets. > > At 19:58 07/06/2004, you wrote: > >Hello, > > > >I am having problem that MailScanner is not using > >"spam.assassin.prefs.conf" for some reason.. > >I have "SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf" in > >MailScanner.conf > > > >yes, it is pointed to the correct dir. > > > >in spam.assassin.prefs.conf I have: > >required_hits 2.0 > >subject_tag [Possible Spam?] > >report_safe 1 > >and so on... > > > >For some reason when I recieve spam mail, at the header say: > >X-ZoneWave.NET-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.566, > > required 6, FROM_ENDS_IN_NUMS 0.87, HTML_MESSAGE 0.00, > > SUB_HELLO 2.70) > > > >required 6? > >it should be 2 > > > > > >In MailScanner.conf I have: > >Use SpamAssassin = yes > >Max SpamAssassin Size = 30000 > >#Required SpamAssassin Score = 6 > >High SpamAssassin Score = 10 > >SpamAssassin Auto Whitelist = no > >SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > > > > > > >Do you have any idea why this happen? MailScanner is NOT using > >spam.assassin.prefs.conf for some reason.. > > > > > >Thanks > > > >Shahid > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to > >jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the > >archives at > >http://www.jiscmail.ac.uk /lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 20:56:25 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <011e01c44cc7$a4fc7d70$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> <011e01c44cc7$a4fc7d70$0200a8c0@pluto> Message-ID: <6.1.1.1.2.20040607205318.04b9ed50@imap.ecs.soton.ac.uk> At 20:43 07/06/2004, you wrote: >Whats "SpamAssassin Prefs File =" used for then? For holding custom SpamAssassin rules for starters. There are also other settings in there which MailScanner does not control itself, such as all the controls for Razor, Pyzor, DCC and Bayes. Read man Mail::SpamAssassin::Conf for info on all the other things that can go in there. >I have set it to "required_hits 2.0" in spam.assassin.prefs.conf >and then it should ignore "#Required SpamAssassin Score = 6" in >MailScanner.conf > >Using rulesets? can you point me right direction please, thanks :) Please read the MAQ. The location of that is at the bottom of every list posting. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscribe at KRINGSTAD.NET Mon Jun 7 20:57:24 2004 From: subscribe at KRINGSTAD.NET (subscribe) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin X-Spam-Checker-Version Message-ID: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8224@kirk.kringstad.net> Hi, is there anyway to add this to the mail header in Mailscanner? add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ Im kinda new to MailScanner and SpamAssassin. --- Trond -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 21:00:09 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin X-Spam-Checker-Version In-Reply-To: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8224@kirk.kringstad.net> References: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8224@kirk.kringstad.net> Message-ID: <6.1.1.1.2.20040607205906.04bd7c20@imap.ecs.soton.ac.uk> No. I don't think it is a good idea to give away precise setup configuration to any hacker who happens to see mail from you. It gives them a very good stepping stone. I just wish other software wouldn't do it either. At 20:57 07/06/2004, you wrote: >Hi, >is there anyway to add this to the mail header in Mailscanner? >add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on >_HOSTNAME_ > >Im kinda new to MailScanner and SpamAssassin. > >--- >Trond > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscribe at KRINGSTAD.NET Mon Jun 7 21:04:34 2004 From: subscribe at KRINGSTAD.NET (subscribe) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin X-Spam-Checker-Version Message-ID: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8225@kirk.kringstad.net> It was ment as a debug option ... Is there any other way to see which spamassassin version Im running, and if it runs ok. >--- >Trond -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 7. juni 2004 22:00 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin X-Spam-Checker-Version No. I don't think it is a good idea to give away precise setup configuration to any hacker who happens to see mail from you. It gives them a very good stepping stone. I just wish other software wouldn't do it either. At 20:57 07/06/2004, you wrote: >Hi, >is there anyway to add this to the mail header in Mailscanner? >add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on >_HOSTNAME_ > >Im kinda new to MailScanner and SpamAssassin. > >--- >Trond > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 21:09:27 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin X-Spam-Checker-Version In-Reply-To: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8225@kirk.kringstad.net> References: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8225@kirk.kringstad.net> Message-ID: <6.1.1.1.2.20040607210854.04b88da0@imap.ecs.soton.ac.uk> At 21:04 07/06/2004, you wrote: >It was ment as a debug option ... Is there any other way to see >which spamassassin version Im running, and if it runs ok. perl -MMail::SpamAssassin -e 'print $Mail::SpamAssassin::VERSION' > >--- > >Trond > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: 7. juni 2004 22:00 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SpamAssassin X-Spam-Checker-Version > >No. >I don't think it is a good idea to give away precise setup configuration >to any hacker who happens to see mail from you. It gives them a very >good stepping stone. I just wish other software wouldn't do it either. > >At 20:57 07/06/2004, you wrote: > >Hi, > >is there anyway to add this to the mail header in Mailscanner? > >add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on > > >_HOSTNAME_ > > > >Im kinda new to MailScanner and SpamAssassin. > > > >--- > >Trond > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz MailScanner thanks >transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD >E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscribe at KRINGSTAD.NET Mon Jun 7 21:12:13 2004 From: subscribe at KRINGSTAD.NET (subscribe) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin X-Spam-Checker-Version Message-ID: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8227@kirk.kringstad.net> thx >--- >Trond -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 7. juni 2004 22:09 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin X-Spam-Checker-Version At 21:04 07/06/2004, you wrote: >It was ment as a debug option ... Is there any other way to see which >spamassassin version Im running, and if it runs ok. perl -MMail::SpamAssassin -e 'print $Mail::SpamAssassin::VERSION' > >--- > >Trond > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: 7. juni 2004 22:00 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SpamAssassin X-Spam-Checker-Version > >No. >I don't think it is a good idea to give away precise setup >configuration to any hacker who happens to see mail from you. It gives >them a very good stepping stone. I just wish other software wouldn't do it either. > >At 20:57 07/06/2004, you wrote: > >Hi, > >is there anyway to add this to the mail header in Mailscanner? > >add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) > >on > > >_HOSTNAME_ > > > >Im kinda new to MailScanner and SpamAssassin. > > > >--- > >Trond > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz MailScanner thanks >transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD >E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Mon Jun 7 21:21:15 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> <011e01c44cc7$a4fc7d70$0200a8c0@pluto> <6.1.1.1.2.20040607205318.04b9ed50@imap.ecs.soton.ac.uk> Message-ID: <002f01c44ccc$fc394eb0$0200a8c0@pluto> > At 20:43 07/06/2004, you wrote: > >Whats "SpamAssassin Prefs File =" used for then? > > For holding custom SpamAssassin rules for starters. There are also other > settings in there which MailScanner does not control itself, such as all > the controls for Razor, Pyzor, DCC and Bayes. Read > man Mail::SpamAssassin::Conf > for info on all the other things that can go in there. > > >I have set it to "required_hits 2.0" in spam.assassin.prefs.conf > >and then it should ignore "#Required SpamAssassin Score = 6" in > >MailScanner.conf > > > >Using rulesets? can you point me right direction please, thanks :) > > Please read the MAQ. The location of that is at the bottom of every list > posting. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > bash-2.05b# man Mail::SpamAssassin::Conf No manual entry for Mail::SpamAssassin::Conf so I went to google and I found this: http://www.io.com/~jbrak/html/man_assassin_conf.html but it is similar what I have in spam.assassin.prefs.conf required_hits 2.0 rewrite_subject 1 subject_tag [Possible Spam?] report_safe 1 use_terse_report 1 use_bayes 1 auto_learn 1 skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 ok_languages all ok_locales all ^^^ is correct?, im doing it right? spamd -d is running at the background as well.. Yes I did took a look at http://www.mailscanner.biz/maq/ before this morning, what did I miss? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon Jun 7 21:13:03 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin X-Spam-Checker-Version In-Reply-To: <6.1.1.1.2.20040607210854.04b88da0@imap.ecs.soton.ac.uk> References: <5B46BA5FBB3DD54E9FE712BDCE8B0F841D8225@kirk.kringstad.net> <6.1.1.1.2.20040607210854.04b88da0@imap.ecs.soton.ac.uk> Message-ID: Julian Field wrote: > At 21:04 07/06/2004, you wrote: > >> It was ment as a debug option ... Is there any other way to see >> which spamassassin version Im running, and if it runs ok. > > > perl -MMail::SpamAssassin -e 'print $Mail::SpamAssassin::VERSION' > or, like many *nix programs, spamassassin supports the -V flag, so you can do [root@lubik mail]# spamassassin -V SpamAssassin version 2.63 To see if it runs ok, see the MAQ page, you've got all you need there. Ugo > > >> >--- >> >Trond >> -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon Jun 7 21:27:54 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <002f01c44ccc$fc394eb0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> <011e01c44cc7$a4fc7d70$0200a8c0@pluto> <6.1.1.1.2.20040607205318.04b9ed50@imap.ecs.soton.ac.uk> <002f01c44ccc$fc394eb0$0200a8c0@pluto> Message-ID: <6.1.1.1.2.20040607212708.02be3028@imap.ecs.soton.ac.uk> At 21:21 07/06/2004, you wrote: >spamd -d is running at the background as well.. No point, MailScanner doesn't use it. It uses a faster and more efficient method than the spamc/spamd pair. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ELKNET.NET Mon Jun 7 21:53:54 2004 From: mailscanner at ELKNET.NET (Alan) Date: Thu Jan 12 21:25:42 2006 Subject: Razor discover reload question Message-ID: Bump... On Thu, 3 Jun 2004 17:00:39 +0100, Alan wrote: >I have a cron job that does a Razor discover every two hours. On occasion >though, I see MS throughput drop WAY down and my queue of mail waiting to be >scanned grows very large. > >When this happens, I have verified that RAZOR is no longer functioning (no >RAZOR entries in the logged spam), and SA is taking a long time to finish a >batch scan due to RAZOR having to time out. > >When this happens, my assumption is that the Razor server is not responding. >If I stop and then restart MS, it takes right off emptying the queue, and >many RAZOR entries are seen in the log. This would indicate that the Razor >server is functioning just fine now. All I did was stop and restart MS. > >So, my question is this. When the Razor discover job runs in cron and >updates the Razor server list, do I need to reload MS so that it reads the >updated server list? I know that if I change any .cf rule file I have to >reload MS so that it sees the changes, is this true for the Razor server >list also? > >Thanks! >-Alan > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Mon Jun 7 21:31:41 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> <011e01c44cc7$a4fc7d70$0200a8c0@pluto> <6.1.1.1.2.20040607205318.04b9ed50@imap.ecs.soton.ac.uk> <002f01c44ccc$fc394eb0$0200a8c0@pluto> <6.1.1.1.2.20040607212708.02be3028@imap.ecs.soton.ac.uk> Message-ID: <008101c44cce$71974710$0200a8c0@pluto> bash-2.05b# man Mail::SpamAssassin::Conf No manual entry for Mail::SpamAssassin::Conf so I went to google and I found this: http://www.io.com/~jbrak/html/man_assassin_conf.html but it is similar what I have in spam.assassin.prefs.conf required_hits 2.0 rewrite_subject 1 subject_tag [Possible Spam?] report_safe 1 use_terse_report 1 use_bayes 1 auto_learn 1 skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 ok_languages all ok_locales all ^^^ is correct?, im doing it right? ----- Original Message ----- From: "Julian Field" To: Sent: Monday, June 07, 2004 9:27 PM Subject: Re: SpamAssassin Prefs File problem > At 21:21 07/06/2004, you wrote: > >spamd -d is running at the background as well.. > > No point, MailScanner doesn't use it. It uses a faster and more efficient > method than the spamc/spamd pair. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon Jun 7 21:36:33 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <008101c44cce$71974710$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> <011e01c44cc7$a4fc7d70$0200a8c0@pluto> <6.1.1.1.2.20040607205318.04b9ed50@imap.ecs.soton.ac.uk> <002f01c44ccc$fc394eb0$0200a8c0@pluto> <6.1.1.1.2.20040607212708.02be3028@imap.ecs.soton.ac.uk> <008101c44cce$71974710$0200a8c0@pluto> Message-ID: <40C4D1D1.1000102@ucgbook.com> Shahid Hussain wrote: > ^^^ is correct?, im doing it right? Start with just *changing* things in MailScanner.conf and spam.assassin.prefs.conf, don't add until you know what you're doing. The system will work just fine with what's already there. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon Jun 7 21:31:33 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <002f01c44ccc$fc394eb0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> <011e01c44cc7$a4fc7d70$0200a8c0@pluto> <6.1.1.1.2.20040607205318.04b9ed50@imap.ecs.soton.ac.uk> <002f01c44ccc$fc394eb0$0200a8c0@pluto> Message-ID: Shahid Hussain wrote: >>At 20:43 07/06/2004, you wrote: >> >>>Whats "SpamAssassin Prefs File =" used for then? >> >>For holding custom SpamAssassin rules for starters. There are also other >>settings in there which MailScanner does not control itself, such as all >>the controls for Razor, Pyzor, DCC and Bayes. Read >> man Mail::SpamAssassin::Conf >>for info on all the other things that can go in there. >> >> >>>I have set it to "required_hits 2.0" in > > spam.assassin.prefs.conf > >>>and then it should ignore "#Required SpamAssassin Score = 6" in >>>MailScanner.conf >>> >>>Using rulesets? can you point me right direction please, thanks :) >> >>Please read the MAQ. The location of that is at the bottom of every list >>posting. >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> > > > bash-2.05b# man Mail::SpamAssassin::Conf > No manual entry for Mail::SpamAssassin::Conf > > > so I went to google and I found this: > http://www.io.com/~jbrak/html/man_assassin_conf.html > but it is similar what I have in spam.assassin.prefs.conf > required_hits 2.0 > rewrite_subject 1 > subject_tag [Possible Spam?] > report_safe 1 > use_terse_report 1 > > use_bayes 1 > auto_learn 1 > skip_rbl_checks 0 > use_razor2 1 > use_dcc 1 > use_pyzor 1 > ok_languages all > ok_locales all > > ^^^ is correct?, im doing it right? > > spamd -d is running at the background as well.. Not needed... > > Yes I did took a look at http://www.mailscanner.biz/maq/ before this > morning, what did I miss? The part on Spamassassin? You have to _read_ the page. You have all you need there. You only have to spend something like 30 minutes to read through it completely and you have 90% of the info you need to understand MailScanner as much as one could understand without opening the code. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Mon Jun 7 21:45:36 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <6.1.1.1.2.20040607202853.02cb8c20@imap.ecs.soton.ac.uk> <011e01c44cc7$a4fc7d70$0200a8c0@pluto> <6.1.1.1.2.20040607205318.04b9ed50@imap.ecs.soton.ac.uk> <002f01c44ccc$fc394eb0$0200a8c0@pluto> <6.1.1.1.2.20040607212708.02be3028@imap.ecs.soton.ac.uk> <008101c44cce$71974710$0200a8c0@pluto> <40C4D1D1.1000102@ucgbook.com> Message-ID: <009901c44cd0$6366da50$0200a8c0@pluto> > Shahid Hussain wrote: > > ^^^ is correct?, im doing it right? > > Start with just *changing* things in MailScanner.conf and > spam.assassin.prefs.conf, don't add until you know what you're doing. > The system will work just fine with what's already there. > Well I am be able to receive email and MailScanner working correctly :) It detected spam and virus which is good... I am using Exim + MailScanner + ClamAV + SpamAassassin Just cant get MailScanner to use spam.assassin.prefs.conf damn thing =/ I also checked maillog log and everything seem fine :) Yes I did take a look at http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/102.html - isnt that I just done? Shahid -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brian at GENERATIONZ.COM Mon Jun 7 22:19:42 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing Message-ID: On Mon, 7 Jun 2004 17:50:22 +0100, Michele Neylon :: Blacknight Solutions wrote: >What have you set the logging to in the MailScanner.conf? > > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >http://www.blacknight.ie/ >Tel. +353 59 9137101 >1 Euro hosting offer - See: >http://www.boards.ie/vbulletin/showthread.php?s=&postid=1665247#post1665247 > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Dowling >> Sent: 07 June 2004 14:19 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: [MAILSCANNER] Scanning outgoing >> >> My understanding is that with sendmail, outgoing messages are >> scanned, although the logs don't reflect any outbound >> scanning activity. How can outbound scanning be confirmed? >> >> Thanks >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> -- >> Email scanned by Blacknight for viruses and dangerous content. >> Visit http://www.blacknight.ie for more information > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html Don't see any relevant virus logging options in mailscanner.conf (v4.28.6) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sobral at TECGRAF.PUC-RIO.BR Mon Jun 7 22:16:15 2004 From: sobral at TECGRAF.PUC-RIO.BR (Fabio Alberto Sobral) Date: Thu Jan 12 21:25:42 2006 Subject: Problems with MailScanner Message-ID: <40C4DB1F.4030803@tecgraf.puc-rio.br> Hi everybody, I use in my mail server: Postfix-2.0.18-5 MailScanner-4.31.6-1 BitDefender-Console-Antivirus-7.0.1-3 I did everything that all the documentation of MailScanner with Postfix said. And when I sent mails to the server, all of then (good and bad e-mails) returned to the sender with this mail message: >Our virus detector failed to completely analyse a message you sent:- >To: teste@ticiano.tecgraf.puc-rio.br >Subject: Teste >Date: Mon Jun 7 16:43:14 2004 > Any parts of the message that could not be analysed will not have been delivered. If you are using Microsoft >Outlook, we strongly recommend you change your outgoing message format from "Rich Text" to "HTML" >or "Plain Text". > 1) Click on the "Tools" menu and choose "Options..." > 2) Got to the "Mail Format" tab > 3) For message format, select "HTML" or "Plain text" > 4) Click OK The virus detector said this about the message: > Report: MailScanner: Could not analyze message Anybody can help me please! Regards, Fabio Sobral. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brian at GENERATIONZ.COM Mon Jun 7 22:36:34 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing Message-ID: On Mon, 7 Jun 2004 17:55:01 +0100, Julian Field wrote: >At 14:18 07/06/2004, you wrote: >>My understanding is that with sendmail, outgoing messages are scanned, >>although the logs don't reflect any outbound scanning activity. How can >>outbound scanning be confirmed? > >Are you using a sendmail recent enough to have a clientmqueue directory? If >so, all outbound mail should be scanned. If not, then you will have to >reconfigure your mail software so that it sends mail by talking SMTP to >localhost and does not invoke the sendmail binary directly. > >You can find out by sending yourself mail including the eicar test file, >available from www.eicar.org. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html Aparrently the version of sendmail is not recent enough. Don't understand your comment "If not, then you will have to reconfigure your mail software so that it sends mail by talking SMTP to localhost and does not invoke the sendmail binary directly." Here's what I have... Sendamail 8.11.6 mailscanner.conf - Outgoing Queue Dir = /var/spool/mqueue /etc/init.d/MailScanner - StartOutSendmail - seems only to set QTime and PID Directories I have... /var/spool/mailscanner/incoming /var/spool/mailscanner/quarantine /var/spool/mqueue /var/spool/mqueue.in Perhaps the mqueue dir is a leftover after an upgrade of something. Would sure like some verbose virus logging as I do with spamd using the -D option. Thanks! Brian -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brian at GENERATIONZ.COM Mon Jun 7 22:44:00 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing Message-ID: On Mon, 7 Jun 2004 12:53:51 -0400, Ugo Bellavance wrote: >Brian Dowling wrote: > >> My understanding is that with sendmail, outgoing messages are scanned, >> although the logs don't reflect any outbound scanning activity. How can >> outbound scanning be confirmed? > >The logs is the place... > >What is your setup? Do you have an Exchange server that delivers >directly to the recipient? If so, you must tell this server to use your >MailScanner to deliver. > >> >> Thanks >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html No exchange server. Sendmail 8.11 on a RH box using pop3 and imap (Squirrelmail as the client). Spamassassin does all the spam tagging. Logs say (for example) on incoming mail... Jun 7 15:04:37 ns1 MailScanner[2268]: New Batch: Scanning 1 messages, 4638 bytes Jun 7 15:04:37 ns1 MailScanner[2268]: MCP Checks completed at 4638 bytes per second Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks: Starting Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks completed at 4638 bytes per second Jun 7 15:04:37 ns1 MailScanner[2268]: Virus and Content Scanning: Starting Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Scanning completed at 4638 bytes per second Jun 7 15:04:38 ns1 MailScanner[2268]: Uninfected: Delivered 1 messages Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Processing completed at 4638 bytes per second Jun 7 15:04:38 ns1 MailScanner[2268]: Disinfection completed at 4638 bytes per second Jun 7 15:04:38 ns1 MailScanner[2268]: Batch completed at 4638 bytes per second (4638 / 1) Nothing on outgoing mail. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lists at PEEMA.ORG Mon Jun 7 22:38:48 2004 From: lists at PEEMA.ORG (Paul Mc Auley) Date: Thu Jan 12 21:25:42 2006 Subject: Too many children Message-ID: <200406072138.i57LcmAX020463@felix.peema.org> Hi, Using Debian Unstable, mailscanner 4.30.3, SpamAssassin 2.63 and Exim 4.32 with Max Children = 1, orphaned MailScanner processes seem to multiply until the system runs out of memory, and in some cases harmless messages are quarantined after this error: MailScanner[7344]: Cannot parse /var/spool/MailScanner/incoming/7268/1BUMKO-0001wc-Pr.header and , write-open /var/spool/MailScanner/incoming/7268/1BUMKO-0001wc-Pr/msg-7344-11.txt: No such file or directory at /usr/share/perl5/MIME/Body.pm line 414, <_GEN_11> line 72. If I run MailScanner with Debug=yes, it manages fine, and that's how I've worked around the problem. Any thoughts as to what I might be doing wrong? I am also using clamav, but disabling that did no good. The general daily volume would be around 10k messages/day. Paul -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon Jun 7 23:02:31 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing In-Reply-To: References: Message-ID: Brian Dowling wrote: > On Mon, 7 Jun 2004 12:53:51 -0400, Ugo Bellavance wrote: > > >>Brian Dowling wrote: >> >> >>>My understanding is that with sendmail, outgoing messages are scanned, >>>although the logs don't reflect any outbound scanning activity. How can >>>outbound scanning be confirmed? >> >>The logs is the place... >> >>What is your setup? Do you have an Exchange server that delivers >>directly to the recipient? If so, you must tell this server to use your >>MailScanner to deliver. >> >> >>>Thanks >>> >>>-------------------------- MailScanner list ---------------------- > No exchange server. Sendmail 8.11 on a RH box using pop3 and imap > (Squirrelmail as the client). Spamassassin does all the spam tagging. > > Logs say (for example) on incoming mail... > > Jun 7 15:04:37 ns1 MailScanner[2268]: New Batch: Scanning 1 messages, 4638 > bytes > Jun 7 15:04:37 ns1 MailScanner[2268]: MCP Checks completed at 4638 bytes > per second > Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks: Starting > Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks completed at 4638 bytes > per second > Jun 7 15:04:37 ns1 MailScanner[2268]: Virus and Content Scanning: Starting > Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Scanning completed at 4638 > bytes per second > Jun 7 15:04:38 ns1 MailScanner[2268]: Uninfected: Delivered 1 messages > Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Processing completed at 4638 > bytes per second > Jun 7 15:04:38 ns1 MailScanner[2268]: Disinfection completed at 4638 bytes > per second > Jun 7 15:04:38 ns1 MailScanner[2268]: Batch completed at 4638 bytes per > second (4638 / 1) > > Nothing on outgoing mail. Did you try sending the eicar test virus through? > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From patrick at EON.COM.SG Mon Jun 7 23:28:14 2004 From: patrick at EON.COM.SG (Patrick) Date: Thu Jan 12 21:25:42 2006 Subject: Latest Mailscanner CPanel References: <6.1.1.1.2.20040607113813.03c3f0a0@imap.ecs.soton.ac.uk> <00f501c44c9b$23726d40$0300a8c0@bear> <40C47ECE.6080606@solid-state-logic.com> Message-ID: <003b01c44cde$b925a800$0300a8c0@bear> Thanks Martin ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, June 07, 2004 10:42 PM Subject: Re: Latest Mailscanner CPanel > Partick > > Install clamAV is easy > > download the tar ball. uncompress/untar it then cd in to dir it creates.. > > ./configure > make > makeinstall > > > done. > > Sophos is not free - contact a local distributor for prices in Singapore.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Patrick wrote: > > Hi everyone, > > > > I am trying to install the latest stable version of Mailscanner onto my > > server that is running CPanel.. > > > > I managed to find this site http://www.cpanelplus.com/home/content/view/3// > > and was wondering if the information presented within is still updated and > > can be used with the latest stable version for installation. > > > > Is there any where I can find a good how-to to install ClamAV? > > > > Lastly, is Sophos AV free like ClamAV? > > > > Any help would be appreciated. > > > > Thanks > > > > Patrick > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Mon Jun 7 23:51:42 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin timed out and was killed, failure n of 20 Message-ID: <005001c44ce2$0103c280$0200a8c0@pluto> Hello, When I went to http://www.gfi.com/emailsecuritytest/ to test my email system.. then I checked maillog (tail -f /var/log/maillog) - it flooded with "SpamAssassin timed out and was killed, failure n of 20" what the best way to solve this, scan each email once at time or something. It just would not complete to scan all the email and it take forever, I just cleared all the email queue. This is what I get below.. Jun 7 22:54:45 matrix MailScanner[33862]: New Batch: Found 16 messages waiting Jun 7 22:54:45 matrix MailScanner[33862]: New Batch: Scanning 4 messages, 4740 bytes Jun 7 22:54:46 matrix MailScanner[33987]: New Batch: Found 16 messages waiting Jun 7 22:54:46 matrix MailScanner[33987]: New Batch: Scanning 2 messages, 8419 bytes Jun 7 22:55:39 matrix MailScanner[33862]: SpamAssassin timed out and was killed, failure 2 of 20 Jun 7 22:55:40 matrix MailScanner[33987]: SpamAssassin timed out and was killed, failure 1 of 20 Jun 7 22:55:41 matrix MailScanner[33603]: SpamAssassin timed out and was killed, failure 9 of 20 Jun 7 22:55:52 matrix MailScanner[33603]: Disabled RBL SBL+XBL as reached 7/10 timeouts Jun 7 22:55:54 matrix MailScanner[33412]: Virus and Content Scanning: Starting Jun 7 22:56:30 matrix MailScanner[33412]: Filename Checks: Windows/DOS Executable (1BXRm0-0008bQ-Qy eicar.com) Jun 7 22:56:30 matrix MailScanner[33412]: Other Checks: Found 1 problems Jun 7 22:56:31 matrix MailScanner[33412]: Content Checks: Detected and rejected fragmented message section in 1BXRm0-0008b Jun 7 22:56:33 matrix MailScanner[33862]: SpamAssassin timed out and was killed, failure 3 of 20 Jun 7 22:56:33 matrix MailScanner[33412]: Content Checks: Found 1 problems Jun 7 22:56:33 matrix MailScanner[34046]: MailScanner E-Mail Virus Scanner version 4.31.6 starting... Jun 7 22:56:34 matrix MailScanner[33603]: SpamAssassin timed out and was killed, failure 10 of 20 Shahid -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040607/148c765b/attachment.html From brian at GENERATIONZ.COM Mon Jun 7 23:51:58 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:42 2006 Subject: Scanning outgoing Message-ID: On Mon, 7 Jun 2004 18:02:31 -0400, Ugo Bellavance wrote: >Brian Dowling wrote: > >> On Mon, 7 Jun 2004 12:53:51 -0400, Ugo Bellavance wrote: >> >> >>>Brian Dowling wrote: >>> >>> >>>>My understanding is that with sendmail, outgoing messages are scanned, >>>>although the logs don't reflect any outbound scanning activity. How can >>>>outbound scanning be confirmed? >>> >>>The logs is the place... >>> >>>What is your setup? Do you have an Exchange server that delivers >>>directly to the recipient? If so, you must tell this server to use your >>>MailScanner to deliver. >>> >>> >>>>Thanks >>>> >>>>-------------------------- MailScanner list ---------------------- > >> No exchange server. Sendmail 8.11 on a RH box using pop3 and imap >> (Squirrelmail as the client). Spamassassin does all the spam tagging. >> >> Logs say (for example) on incoming mail... >> >> Jun 7 15:04:37 ns1 MailScanner[2268]: New Batch: Scanning 1 messages, 4638 >> bytes >> Jun 7 15:04:37 ns1 MailScanner[2268]: MCP Checks completed at 4638 bytes >> per second >> Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks: Starting >> Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks completed at 4638 bytes >> per second >> Jun 7 15:04:37 ns1 MailScanner[2268]: Virus and Content Scanning: Starting >> Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Scanning completed at 4638 >> bytes per second >> Jun 7 15:04:38 ns1 MailScanner[2268]: Uninfected: Delivered 1 messages >> Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Processing completed at 4638 >> bytes per second >> Jun 7 15:04:38 ns1 MailScanner[2268]: Disinfection completed at 4638 bytes >> per second >> Jun 7 15:04:38 ns1 MailScanner[2268]: Batch completed at 4638 bytes per >> second (4638 / 1) >> >> Nothing on outgoing mail. > >Did you try sending the eicar test virus through? > Sent attachments caught in quarantine and sent eicar.com. That's why I'm wanting to do some log analysis. >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james_gray at OCS.COM Mon Jun 7 22:39:12 2004 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> Message-ID: <40C4E080.8040206@ocs.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Shahid Hussain wrote: | Hello, | | I am having problem that MailScanner is not using | "spam.assassin.prefs.conf" for some reason.. | I have "SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf" in | MailScanner.conf | | yes, it is pointed to the correct dir. | | in spam.assassin.prefs.conf I have: | required_hits 2.0 | subject_tag [Possible Spam?] | report_safe 1 | and so on... | | For some reason when I recieve spam mail, at the header say: | X-ZoneWave.NET-MailScanner-SpamCheck: On a side-note, there are some broken virus/filtering packages that will reject mail from MailScanner if there is a dot "." in your org-name. I notice you have "ZoneWave.NET" - DONT use the dot, it's only there for humans really, replace it with a hyphen maybe or just leave the ".net" bit off. Check the archives for this list - this issue has been covered many times :) Cheers, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAxOB+SLAlnJbTVOsRAp4oAKCJXQ43Ciz7hMx/hcB8sSKNaj5FbgCglmJ2 KznjGkKoqWcqvbhJ13Ynql8= =rrwj -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james_gray at OCS.COM Tue Jun 8 01:15:29 2004 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <002001c44ce9$03c8f8d0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <40C4E080.8040206@ocs.com> <002001c44ce9$03c8f8d0$0200a8c0@pluto> Message-ID: <40C50521.9000106@ocs.com> Shahid Hussain wrote: >>Shahid Hussain wrote: >>| >>| For some reason when I recieve spam mail, at the header say: >>| X-ZoneWave.NET-MailScanner-SpamCheck: >> >>On a side-note, there are some broken virus/filtering packages that will >>reject mail from MailScanner if there is a dot "." in your org-name. I >>notice you have "ZoneWave.NET" - DONT use the dot, it's only there for >>humans really, replace it with a hyphen maybe or just leave the ".net" >>bit off. >> >>Check the archives for this list - this issue has been covered many times > > :) > >>Cheers, >> >>James > > > ahh thanks for letting me know :) other thing i want to tell you something.. > > When I visited to http://www.gfi.com/emailsecuritytest/ to test my email > system.. then I checked maillog (tail -f /var/log/maillog) - it flooded with > "SpamAssassin timed out and was killed, failure n of 20" > > what the best way to solve this, scan each email once at time or something. > > > It just would not complete to scan all the email and it take forever, I just > cleared all the email queue. Try increasing your Spamassassin time-out (Look for a line like "SpamAssassin Timeout = ??" in MailScanner.conf). Our gateway has a Xeon 1.2GHz and 1Gb RAM with a 200Mbps Internet connection and our time-out is set to 80 seconds. We'd rather have the occasional slow message than not have it scanned. What hardware is your MailScanner system running on? How much mail do you process? Are you using any remote black-lists? If so, which ones? What sort of Internet do you have? Are you using Bayes? There are a number of reasons why Spamassassin will time-out; most commonly it is due to RBL's being slow, which in turn may be a problem with the speed of your Internet connection. The other common problem is simply that the hardware you're running isn't keeping up with your mail volume. We've found RAM to be the biggest performance killer, or more correctly, the lack of it. Each of our MailScanner children is about 40Mbytes and we run 5 children = 200MB + 19MB for the parent. If your server is running out of RAM and using swap, your system will go to it's knees - even if you have VERY fast hard drives. Our system has 76Gb of U320 SCSI in a hardware RAID5 with 128MB of cache on the RAID controller (SmartArray 5i for the curious), and it was swamped when it was paging; upgraded 512MB -> 1GB RAM and we easily churn through 40,000+ messages a day :) Cheers, James -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Tue Jun 8 02:04:56 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <40C4E080.8040206@ocs.com> <002001c44ce9$03c8f8d0$0200a8c0@pluto> <40C50521.9000106@ocs.com> Message-ID: <001a01c44cf4$9da47af0$0200a8c0@pluto> > Shahid Hussain wrote: > > When I visited to http://www.gfi.com/emailsecuritytest/ to test my email > > system.. then I checked maillog (tail -f /var/log/maillog) - it flooded with > > "SpamAssassin timed out and was killed, failure n of 20" > > > > what the best way to solve this, scan each email once at time or something. > > > > > > It just would not complete to scan all the email and it take forever, I just > > cleared all the email queue. > > Try increasing your Spamassassin time-out (Look for a line like > "SpamAssassin Timeout = ??" in MailScanner.conf). Our gateway has a > Xeon 1.2GHz and 1Gb RAM with a 200Mbps Internet connection and our > time-out is set to 80 seconds. We'd rather have the occasional slow > message than not have it scanned. > > What hardware is your MailScanner system running on? How much mail do > you process? Are you using any remote black-lists? If so, which ones? > What sort of Internet do you have? Are you using Bayes? > > There are a number of reasons why Spamassassin will time-out; most > commonly it is due to RBL's being slow, which in turn may be a problem > with the speed of your Internet connection. > > The other common problem is simply that the hardware you're running > isn't keeping up with your mail volume. We've found RAM to be the > biggest performance killer, or more correctly, the lack of it. Each of > our MailScanner children is about 40Mbytes and we run 5 children = 200MB > + 19MB for the parent. If your server is running out of RAM and using > swap, your system will go to it's knees - even if you have VERY fast > hard drives. Our system has 76Gb of U320 SCSI in a hardware RAID5 with > 128MB of cache on the RAID controller (SmartArray 5i for the curious), > and it was swamped when it was paging; upgraded 512MB -> 1GB RAM and we > easily churn through 40,000+ messages a day :) > > Cheers, > > James > Thank you for taking your time for kind explanation, you have really nice server machine ;) Our MailScanner system running on: 128MB ram, 6GB Hard-Drive, Intel Pentium III (498.34-MHz 686-class CPU) and 100Mbit connection. And time-out is set to 50 seconds (SpamAssassin Timeout = 50). MailScanner will process any emails when its received. I am not too sure if it using remote black-lists but I don't have dcc, razor, pyzor plugin installed (nor /usr/local/etc/MailScanner/spam.assassin.prefs.conf is NOT used). How do I check if it using any remote black-lists? Bayes is disabled in MainScanner.conf (Rebuild Bayes Every = 0) I only receive about 10/20 emails every 30-60 minutes and MailScanner is doing the job well. But if I receive an email like 10/20 at the same time then MainScanner will acting crazy when I tested with http://www.gfi.com/emailsecuritytest/ MainScanner also use ClamAV to check the mail viruses. Can you please take a look at MainScanner.conf - http://www.zonewave.net/MailScanner.conf to see how how performance can be improved? is RBL being used? Thanks :) Shahid -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue Jun 8 02:57:34 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <001a01c44cf4$9da47af0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <40C4E080.8040206@ocs.com> <002001c44ce9$03c8f8d0$0200a8c0@pluto> <40C50521.9000106@ocs.com> <001a01c44cf4$9da47af0$0200a8c0@pluto> Message-ID: Shahid Hussain wrote: >>Shahid Hussain wrote: >> >>>When I visited to http://www.gfi.com/emailsecuritytest/ to test my email >>>system.. then I checked maillog (tail -f /var/log/maillog) - it flooded > > with > >>>"SpamAssassin timed out and was killed, failure n of 20" >>> >>>what the best way to solve this, scan each email once at time or > > something. > >>> >>>It just would not complete to scan all the email and it take forever, I > > just > >>>cleared all the email queue. >> >>Try increasing your Spamassassin time-out (Look for a line like >>"SpamAssassin Timeout = ??" in MailScanner.conf). Our gateway has a >>Xeon 1.2GHz and 1Gb RAM with a 200Mbps Internet connection and our >>time-out is set to 80 seconds. We'd rather have the occasional slow >>message than not have it scanned. >> >>What hardware is your MailScanner system running on? How much mail do >>you process? Are you using any remote black-lists? If so, which ones? >> What sort of Internet do you have? Are you using Bayes? >> >>There are a number of reasons why Spamassassin will time-out; most >>commonly it is due to RBL's being slow, which in turn may be a problem >>with the speed of your Internet connection. >> >>The other common problem is simply that the hardware you're running >>isn't keeping up with your mail volume. We've found RAM to be the >>biggest performance killer, or more correctly, the lack of it. Each of >>our MailScanner children is about 40Mbytes and we run 5 children = 200MB >>+ 19MB for the parent. If your server is running out of RAM and using >>swap, your system will go to it's knees - even if you have VERY fast >>hard drives. Our system has 76Gb of U320 SCSI in a hardware RAID5 with >>128MB of cache on the RAID controller (SmartArray 5i for the curious), >>and it was swamped when it was paging; upgraded 512MB -> 1GB RAM and we >>easily churn through 40,000+ messages a day :) >> >>Cheers, >> >>James >> > > > Thank you for taking your time for kind explanation, you have really nice > server machine ;) > > Our MailScanner system running on: > 128MB ram, 6GB Hard-Drive, Intel Pentium III (498.34-MHz 686-class CPU) and > 100Mbit connection. And time-out is set to 50 seconds (SpamAssassin Timeout > = 50). > > MailScanner will process any emails when its received. I am not too sure if > it using remote black-lists but I don't have dcc, razor, pyzor plugin > installed (nor /usr/local/etc/MailScanner/spam.assassin.prefs.conf is NOT > used). How do I check if it using any remote black-lists? > > Bayes is disabled in MainScanner.conf (Rebuild Bayes Every = 0) > > I only receive about 10/20 emails every 30-60 minutes and MailScanner is > doing the job well. But if I receive an email like 10/20 at the same time > then MainScanner will acting crazy when I tested with > http://www.gfi.com/emailsecuritytest/ > > MainScanner also use ClamAV to check the mail viruses. > > Can you please take a look at MainScanner.conf - > http://www.zonewave.net/MailScanner.conf to see how how performance can be > improved? is RBL being used? 128 MB is probably not enough. You should upgrade to 256, or, even better, 512. Your server is probably swapping terribly, especially if you didn't disable unneeded services. Could you please read the section of the MAQ about optimizing your setup before asking your question? 1- change your %org-name% setting if you don't want to have trouble... see the comments in MailScanner.conf 2- You Max Children could be optimized. 3- You might want to add (free) BitDefender anti-virus. 4- It probably uses RBLs in SpamAssassin, and it uses two lists in MailScanner. 5- http://www.mailscanner.biz/maq/#rulespost > > Thanks :) No prob > > Shahid Ugo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james_gray at OCS.COM Tue Jun 8 03:43:01 2004 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem In-Reply-To: <001a01c44cf4$9da47af0$0200a8c0@pluto> References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <40C4E080.8040206@ocs.com> <002001c44ce9$03c8f8d0$0200a8c0@pluto> <40C50521.9000106@ocs.com> <001a01c44cf4$9da47af0$0200a8c0@pluto> Message-ID: <40C527B5.6000002@ocs.com> Shahid Hussain wrote: > Thank you for taking your time for kind explanation, you have really nice > server machine ;) No problem. > Our MailScanner system running on: > 128MB ram, 6GB Hard-Drive, Intel Pentium III (498.34-MHz 686-class CPU) and > 100Mbit connection. And time-out is set to 50 seconds (SpamAssassin Timeout > = 50). Ouch - 128MB is really not enough, even for a dedicated mail gateway that does nothing other than e-mail. With the cost of RAM being so low these days, try upgrading to 512MB - 256 would be "OK" as long as you tune your setup and disable anything else that's not needed on the server (DNS/databases/DHCP....anything not needed to process mail). > MailScanner will process any emails when its received. I am not too sure if > it using remote black-lists but I don't have dcc, razor, pyzor plugin > installed (nor /usr/local/etc/MailScanner/spam.assassin.prefs.conf is NOT > used). How do I check if it using any remote black-lists? Turn on the logging. If you haven't installed Pyzor/Razor, they wont be used, but SORBS, RFCI etc, may still be in use - set the scores for the RBL's to zero and that will prevent spamassassin from using them. Custom scores go in "spam.assassin.prefs.conf" or a customised ".cf" file in the SpamAssassin site rules directory - the site rules directory is set in MailScanner.conf. Read the SpamAssassin::Conf documentation on how to score rules and/or create your own :) > Bayes is disabled in MainScanner.conf (Rebuild Bayes Every = 0) That just prevents the Bayesian database from being rebuilt. If you want to disable Bayes you need to add the following line to spam.assassin.prefs.conf: use_bayes 0 > I only receive about 10/20 emails every 30-60 minutes and MailScanner is > doing the job well. But if I receive an email like 10/20 at the same time > then MainScanner will acting crazy when I tested with > http://www.gfi.com/emailsecuritytest/ OK - reduce the number of messages in a single batch and/or the size of a batch (bytes). Also with that sort of volume, you could get away with as little as one child - no need to run 5 (default). You can also reduce the amount of data that is fed to spamassassin regardless of the message size: ie, only feed it the first 10kB of a message, this wont affect the score dramatically, but will reduce the load on your server noticeably and speed up scanning. All this has been covered a number of times in the archives and the MAQ: Archives: http://www.jiscmail.ac.uk/lists/mailscanner.html MAQ: http://www.mailscanner.biz/maq/ (specifically section 9.0) Please research your problems with those two sources :) Saves your time waiting for replies and saves bandwidth coz we don't have to say the same stuff over and over....no offence to you. Cheers, James -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Tue Jun 8 04:00:59 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:42 2006 Subject: SpamAssassin Prefs File problem References: <00ea01c44cc1$5e558ac0$0200a8c0@pluto> <40C4E080.8040206@ocs.com> <002001c44ce9$03c8f8d0$0200a8c0@pluto> <40C50521.9000106@ocs.com> <001a01c44cf4$9da47af0$0200a8c0@pluto> <40C527B5.6000002@ocs.com> Message-ID: <014301c44d04$d3c88bc0$0200a8c0@pluto> > Shahid Hussain wrote: > > Thank you for taking your time for kind explanation, you have really nice > > server machine ;) > > No problem. > > > Our MailScanner system running on: > > 128MB ram, 6GB Hard-Drive, Intel Pentium III (498.34-MHz 686-class CPU) and > > 100Mbit connection. And time-out is set to 50 seconds (SpamAssassin Timeout > > = 50). > > Ouch - 128MB is really not enough, even for a dedicated mail gateway > that does nothing other than e-mail. With the cost of RAM being so low > these days, try upgrading to 512MB - 256 would be "OK" as long as you > tune your setup and disable anything else that's not needed on the > server (DNS/databases/DHCP....anything not needed to process mail). > > > MailScanner will process any emails when its received. I am not too sure if > > it using remote black-lists but I don't have dcc, razor, pyzor plugin > > installed (nor /usr/local/etc/MailScanner/spam.assassin.prefs.conf is NOT > > used). How do I check if it using any remote black-lists? > > Turn on the logging. If you haven't installed Pyzor/Razor, they wont be > used, but SORBS, RFCI etc, may still be in use - set the scores for the > RBL's to zero and that will prevent spamassassin from using them. > Custom scores go in "spam.assassin.prefs.conf" or a customised ".cf" > file in the SpamAssassin site rules directory - the site rules directory > is set in MailScanner.conf. Read the SpamAssassin::Conf documentation > on how to score rules and/or create your own :) > > > Bayes is disabled in MainScanner.conf (Rebuild Bayes Every = 0) > > That just prevents the Bayesian database from being rebuilt. If you > want to disable Bayes you need to add the following line to > spam.assassin.prefs.conf: > > use_bayes 0 > > > I only receive about 10/20 emails every 30-60 minutes and MailScanner is > > doing the job well. But if I receive an email like 10/20 at the same time > > then MainScanner will acting crazy when I tested with > > http://www.gfi.com/emailsecuritytest/ > > OK - reduce the number of messages in a single batch and/or the size of > a batch (bytes). Also with that sort of volume, you could get away with > as little as one child - no need to run 5 (default). You can also > reduce the amount of data that is fed to spamassassin regardless of the > message size: ie, only feed it the first 10kB of a message, this wont > affect the score dramatically, but will reduce the load on your server > noticeably and speed up scanning. All this has been covered a number of > times in the archives and the MAQ: > Archives: http://www.jiscmail.ac.uk/lists/mailscanner.html > MAQ: http://www.mailscanner.biz/maq/ (specifically section 9.0) > > Please research your problems with those two sources :) Saves your time > waiting for replies and saves bandwidth coz we don't have to say the > same stuff over and over....no offence to you. > > Cheers, > > James > Thanks for big help, that's helped me a lot ;) I agree with you, I do need big memory ram - I will have to ask the data center to upgrade it. Oh by the way I just used "top" while mailscanner is processing - it does eat up a lot of memory: Mem: 58M Active, 19M Inact, 22M Wired, 6664K Cache, 22M Buf, 14M Free Swap: 238M Total, 116M Used, 122M Free, 48% Inuse PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 36633 mail -6 0 31316K 14116K piperd 0:07 1.83% 1.76% perl ------------------ Mem: 80M Active, 15M Inact, 24M Wired, 528K Cache, 22M Buf, 488K Free Swap: 238M Total, 106M Used, 133M Free, 44% Inuse, 1840K Out PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 37949 mail 28 0 16428K 15760K RUN 0:01 5.42% 2.29% clamscan bad eh? :) Thanks again James, nice to meet ya by the way! Shahid -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jun 8 09:00:53 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:42 2006 Subject: Full quotes / curtesy Message-ID: Hi guys/girls, I am most probably making an ass of myself with this mail. If so: Ignore it. I am seeing more and more full quotes here. Even some of the most valuable contributors of the list (like our king Julian I. himself *g*) have the tendency to simply hit reply to an awfully long message, write one or two sentences and hit send. I know this is simple and I know many people do not care. However I find it very difficult to follow some threads and gather the important information if I have to open the entire message, analyse it to finally find the actual two lines of information that is buried in the middle of an 100 line quote. Is it to much to ask for nice and polite quoting? If so and everybody starts killing me now I will never bring this topic up again... :-) Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 8 09:18:38 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:42 2006 Subject: Full quotes / curtesy In-Reply-To: Message-ID: <200406080818.i588IZFU028971@monitor.blacknight.ie> Use gmail to read your mailing lists - end of problem :) Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike.norton at JOBSITE.CO.UK Tue Jun 8 10:38:14 2004 From: mike.norton at JOBSITE.CO.UK (Mike Norton) Date: Thu Jan 12 21:25:43 2006 Subject: Quarantine Release Message-ID: <49301F35FCFD3844B7091986F6584DDABD7B47@sesma6pc.jobsite.co.uk> I have just released a file from the Quarantine however the message file contained several parts how do I view these separate parts when I release the file I can only view certain parts of it's contents Thanks Mike ____________________________________________ Mike Norton Unix System Adminstrator / Web Statistician Jobsite www.jobsite.co.uk www.cityjobs.co.uk www.conkers.net T: +44 (0)870 7748500 F: +44 (0)870 7748501 E: mike.norton@jobsite.co.uk ___________________________________________ Legally privileged/Confidential Information may be contained in this message. If you are not the addressee(s) legally indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify us immediately. If you or your employer does not consent to Internet e-mail messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in thismessage are not given or endorsed by my firm or employer unless otherwise indicated by an authorised representative independent of this message. Please note that despite using the latest virus software, neither my employer nor I accept any responsibility for viruses and it is your responsibility to scan attachments (if any). ___________________________________________ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040608/3800c6bd/attachment.html From linux at LEUTE.SERVER.DE Tue Jun 8 11:05:38 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:43 2006 Subject: ArchiveTooDeep: Changes since 4.29.7 ? Message-ID: <000b01c44d40$266c3d50$85421851@hq> Hi, today I've updated my MailScanner from 4.29.7 to 4.31.6. All works great, but I've copied language files from old version an I got this warning in my logs: Jun 8 11:55:32 pns MailScanner[8971]: Looked up unknown string archivetoodeep in language translation file /opt/MailScanner/etc/reports/de/languages.conf I've copied the new one in the directory and then all was fine. But I'm a bit afraid that something has changed since that version with handling deep archives. Some versions earlier (about 4.28?) there was a bug when you set ArchiveDepth to "0", so I set it to 1000. Is that OK for 4.31.6 or why want MailScanner give me an alert that archive depth is to deep ? Thanks .. Michael -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jun 8 11:08:53 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy Message-ID: On Tuesday, June 08, 2004 10:19 AM Michele Neylon :: Blacknight Solutions wrote: > Use gmail to read your mailing lists - end of problem :) I don't get it. Please: That ends the problem in what way? I promise I will get some coffee now... *g* Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From howard at harper-adams.ac.uk Tue Jun 8 11:49:06 2004 From: howard at harper-adams.ac.uk (Howard Robinson) Date: Thu Jan 12 21:25:43 2006 Subject: Quarantine Release In-Reply-To: <49301F35FCFD3844B7091986F6584DDABD7B47@sesma6pc.jobsite.co.uk> Message-ID: <200406081050.i58Ao1rp029285@blackhole.harper-adams.ac.uk> On 8 Jun 04, at 10:38, Mike Norton wrote: > I have just released a file from the Quarantine however the message file > contained several parts how do I view these separate parts when I release > the file I can only view certain parts of it's contents > Hi Mike I depends on how you stored the quarantined message. I set quarantine whole message =yes and Quarantine Whole message as queue file =yes. What you end up with is two ?fi files and each of the attachments as files. I have the option then of just copying the ?fi* files that contain all the attachments as well as the email to the outgoing queue for sendmail, in may case, to deal with. Alternatively I can copy the chosen attachment to 'somewhere else' where the end user can get at it. This may not help in this instance but its worth setting for the future. By the way I use Julians routine to clean the quarantine of old stuff. > Thanks > > Mike > ____________________________________________ > > Mike Norton > Unix System Adminstrator / Web Statistician > Jobsite > > www.jobsite.co.uk > www.cityjobs.co.uk > www.conkers.net > > T: +44 (0)870 7748500 > F: +44 (0)870 7748501 > E: mike.norton@jobsite.co.uk > ___________________________________________ > > Legally privileged/Confidential Information may be contained in this > message. If you are not the addressee(s) legally indicated in this message > (or responsible for delivery of the message to such person), you may not > copy or deliver this message to anyone. In such case, you should destroy > this message, and notify us immediately. If you or your employer does not > consent to Internet e-mail messages of this kind, please advise us > immediately. Opinions, conclusions and other information expressed in > thismessage are not given or endorsed by my firm or employer unless > otherwise indicated by an authorised representative independent of this > message. Please note that despite using the latest virus software, neither > my employer nor I accept any responsibility for viruses and it is your > responsibility to scan attachments (if any). > > ___________________________________________ > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike.norton at JOBSITE.CO.UK Tue Jun 8 11:50:25 2004 From: mike.norton at JOBSITE.CO.UK (Mike Norton) Date: Thu Jan 12 21:25:43 2006 Subject: Quarantine Release Message-ID: <49301F35FCFD3844B7091986F6584DDABD7B48@sesma6pc.jobsite.co.uk> I currently have it set to quarantine whole message=yes and Quarantine Whole message as queue file=no so is there anyway of reviving this file ? Thanks Mike -----Original Message----- From: Howard Robinson [mailto:howard@harper-adams.ac.uk] Sent: 08 June 2004 11:49 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Quarantine Release On 8 Jun 04, at 10:38, Mike Norton wrote: > I have just released a file from the Quarantine however the message file > contained several parts how do I view these separate parts when I release > the file I can only view certain parts of it's contents > Hi Mike I depends on how you stored the quarantined message. I set quarantine whole message =yes and Quarantine Whole message as queue file =yes. What you end up with is two ?fi files and each of the attachments as files. I have the option then of just copying the ?fi* files that contain all the attachments as well as the email to the outgoing queue for sendmail, in may case, to deal with. Alternatively I can copy the chosen attachment to 'somewhere else' where the end user can get at it. This may not help in this instance but its worth setting for the future. By the way I use Julians routine to clean the quarantine of old stuff. > Thanks > > Mike > ____________________________________________ > > Mike Norton > Unix System Adminstrator / Web Statistician > Jobsite > > www.jobsite.co.uk > www.cityjobs.co.uk > www.conkers.net > > T: +44 (0)870 7748500 > F: +44 (0)870 7748501 > E: mike.norton@jobsite.co.uk > ___________________________________________ > > Legally privileged/Confidential Information may be contained in this > message. If you are not the addressee(s) legally indicated in this message > (or responsible for delivery of the message to such person), you may not > copy or deliver this message to anyone. In such case, you should destroy > this message, and notify us immediately. If you or your employer does not > consent to Internet e-mail messages of this kind, please advise us > immediately. Opinions, conclusions and other information expressed in > thismessage are not given or endorsed by my firm or employer unless > otherwise indicated by an authorised representative independent of this > message. Please note that despite using the latest virus software, neither > my employer nor I accept any responsibility for viruses and it is your > responsibility to scan attachments (if any). > > ___________________________________________ > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.freegard at LBSLTD.CO.UK Tue Jun 8 11:55:44 2004 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:25:43 2006 Subject: Quarantine Release Message-ID: <67D9E7698329D411936E00508B6590B904427137@neelix.lbsltd.co.uk> Hi Mike, I'm guessing that you're using MailWatch?? - you should be able to release the whole message or the individual attachments from the Message Detail screen. Kind regards, Steve. > -----Original Message----- > From: Mike Norton [mailto:mike.norton@JOBSITE.CO.UK] > Sent: 08 June 2004 11:50 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Quarantine Release > > > I currently have it set to > > quarantine whole message=yes > > and > > Quarantine Whole message as queue file=no > > so is there anyway of reviving this file ? > > Thanks > > Mike > > -----Original Message----- > From: Howard Robinson [mailto:howard@harper-adams.ac.uk] > Sent: 08 June 2004 11:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Quarantine Release > > > On 8 Jun 04, at 10:38, Mike Norton wrote: > > > I have just released a file from the Quarantine however the > message file > > contained several parts how do I view these separate parts > when I release > > the file I can only view certain parts of it's contents > > > Hi Mike > I depends on how you stored the quarantined message. > I set quarantine whole message =yes and > Quarantine Whole message as queue file =yes. > What you end up with is two ?fi files and each of the attachments > as files. > I have the option then of just copying the ?fi* files that contain all > the attachments as well as the email to the outgoing queue for > sendmail, in may case, to deal with. Alternatively I can copy the > chosen attachment to 'somewhere else' where the end user can > get at it. > This may not help in this instance but its worth setting for the > future. > By the way I use Julians routine to clean the quarantine of old stuff. > > > > > > Thanks > > > > Mike > > ____________________________________________ > > > > Mike Norton > > Unix System Adminstrator / Web Statistician > > Jobsite > > > > www.jobsite.co.uk > > www.cityjobs.co.uk > > www.conkers.net > > > > T: +44 (0)870 7748500 > > F: +44 (0)870 7748501 > > E: mike.norton@jobsite.co.uk > > ___________________________________________ > > > > Legally privileged/Confidential Information may be contained in this > > message. If you are not the addressee(s) legally indicated > in this message > > (or responsible for delivery of the message to such > person), you may not > > copy or deliver this message to anyone. In such case, you > should destroy > > this message, and notify us immediately. If you or your > employer does not > > consent to Internet e-mail messages of this kind, please advise us > > immediately. Opinions, conclusions and other information > expressed in > > thismessage are not given or endorsed by my firm or employer unless > > otherwise indicated by an authorised representative > independent of this > > message. Please note that despite using the latest virus > software, neither > > my employer nor I accept any responsibility for viruses and > it is your > > responsibility to scan attachments (if any). > > > > ___________________________________________ > > > > > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > > Regards > > Howard Robinson > (Senior Technical Development Officer) > Harper Adams University College > Edgmond > Newport > Shropshire > TF10 8NB UK > > E-mail: hrobinson@harper-adams.ac.uk > Tel. : +44(0)1952 820280 Via switchboard > : +44(0)1952 815253 Direct line > Fax. : +44(0)1952 814783 > College Web site http://www.harper-adams.ac.uk > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -- This message has been scanned for viruses and dangerous content by MailScanner. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 8 12:18:13 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy In-Reply-To: Message-ID: <200406081118.i58BIAFU015686@monitor.blacknight.ie> JP If you had a gmail account you'd understand :) Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at ZANKER.ORG Tue Jun 8 12:17:43 2004 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy In-Reply-To: References: Message-ID: On 08 June 2004 10:00 +0200 Jan-Peter Koopmann wrote: > I am most probably making an ass of myself with this mail. If so: > Ignore it. No, you are not. > Is it to much to ask for nice and polite quoting? Seconded. The worst mailing lists for lack of etiquette, IME, are those populated by mail administrators - strange but true. Mike. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Tue Jun 8 12:36:52 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy In-Reply-To: <200406081118.i58BIAFU015686@monitor.blacknight.ie> References: <200406081118.i58BIAFU015686@monitor.blacknight.ie> Message-ID: <23363217-B940-11D8-A85B-003065F939FE@ucsc.edu> On Jun 8, 2004, at 4:18 AM, Michele Neylon :: Blacknight Solutions wrote: > If you had a gmail account you'd understand :) Does gmail suddenly reach out to everyone else's computers and force them to write netiquette compliant messages? and communicate in clear and concise langauge? :-) It's not about how the message gets displayed, nor about how much you may or may not have infinite disk space for storing them (nor is "disk is cheap" the appropriate answer), it's about the right and wrong styles and attitudes in communication. I know I sometimes get lazy (due to being busy and not feeling I have the time to do a good editing job), or I decide to adopt the style of the previous sender (if they top post, sometimes I top post), but that doesn't mean it's ok. Trimming quotes down to the essentials is really the right thing to do, not for disk space reasons, but for clarity reasons. And while many of us might like to feel that "content matters more than presentation", the reality is that if you don't pay enough attention to presentation to make your message accessible, then your content will end up being lost somewhere along the line. And that's what it's really about: making your post accessible to the reader is "polite", and not making it accessible to the reader is "rude". What leaps and bounds you have to take to "make it accessible" depends up on the audience, but those dependencies have to do with things like "how much you explain terms and use english instead of equations". The hoops that are always appropriate are things like "formatting" and "trimming" (meaning "no top posting" and "getting rid of non-essential quote lines"). (and if your assertion is that gmail has a presentation format that does the formatting and trimming for you, I'd find it hard to believe that it has enough NLP to correctly choose what to trim and what not to trim ... if your assertion is instead "disk is cheap, gmail gives you 1 gig for free, so stop worrying about trimming", then you've completely missed the entire concept of netiquette and probably ought to go review basic concepts in courtesy and communication, not to mention that it's entirely rude to decide how someone else's storage space should or shouldn't be used (such as by cluttering it with lots of redundant quotes)) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcin.rozek at IOS.EDU.PL Tue Jun 8 12:41:24 2004 From: marcin.rozek at IOS.EDU.PL (Marcin Rozek) Date: Thu Jan 12 21:25:43 2006 Subject: ArchiveTooDeep: Changes since 4.29.7 ? In-Reply-To: <000b01c44d40$266c3d50$85421851@hq> References: <000b01c44d40$266c3d50$85421851@hq> Message-ID: <40C5A5E4.5060905@ios.edu.pl> Muenz, Michael wrote: > Hi, > > today I've updated my MailScanner from 4.29.7 to 4.31.6. > All works great, but I've copied language files from old version > an I got this warning in my logs: > Jun 8 11:55:32 pns MailScanner[8971]: Looked up unknown > string archivetoodeep in language translation file > /opt/MailScanner/etc/reports/de/languages.conf Just add to /opt/MailScanner/etc/reports/de/languages.conf a line: ArchiveTooDeep = -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clive at SERENDIPITA.COM Tue Jun 8 12:48:12 2004 From: clive at SERENDIPITA.COM (Clive Eisen) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy In-Reply-To: References: Message-ID: <40C5A77C.6030209@serendipita.com> Mike Zanker wrote: > > Seconded. The worst mailing lists for lack of etiquette, IME, are those > populated by mail administrators - strange but true. :-) 'cos we are the busiest people in the world? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Tue Jun 8 12:46:11 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0023707C8@pascal.priv.bmrb.co.uk> Jan-Peter Koopmann wrote: > I am seeing more and more full quotes here. Outlook quotefix (google for it) is quite handy for those that use Outlook (it strips sigs too which helps) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jun 8 12:58:27 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy Message-ID: On Tuesday, June 08, 2004 1:46 PM Spicer, Kevin wrote: > Outlook quotefix (google for it) is quite handy for those > that use Outlook (it strips sigs too which helps) Guess what I am using... :-) Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dot at DOTAT.AT Tue Jun 8 14:35:13 2004 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:25:43 2006 Subject: Using process priority to throttle inbound SMTP In-Reply-To: Message-ID: I use a different technique on my servers, because the load from scanning email is pretty much constant. Deciding not to accept email based on load is not very effective. What I do instead is count the number of messages in the incoming queue, and defer email if this number is too large (i.e. the machine is backlogged). This is very easy to do with Exim. In my RCPT ACL I have: defer message = Sorry, too busy. Try again later. condition = ${run {/opt/exim/bin/exim -bpc -DSPOOL=/spool/exim.in} \ {${if >{$value}{300} {yes} {no} }} {no} } Tony. -- f.a.n.finch http://dotat.at/ ST DAVIDS HEAD TO COLWYN BAY, INCLUDING ST GEORGES CHANNEL: EAST TO SOUTHEAST 3 OR 4, GRADUALLY VEERING SOUTHWEST. MAINLY FAIR. MODERATE WITH FOG PATCHES. SLIGHT. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shahid at ZONEWAVE.NET Tue Jun 8 14:54:48 2004 From: shahid at ZONEWAVE.NET (Shahid Hussain) Date: Thu Jan 12 21:25:43 2006 Subject: maillog Message-ID: <00f901c44d60$2a0b0160$0200a8c0@pluto> Hi when I checked in mailog (/var/log/maillog), it give me one error: Jun 8 12:43:17 pluto MailScanner[98992]: MailScanner E-Mail Virus Scanner version 4.31.6 starting... Jun 8 12:43:17 pluto MailScanner[98992]: User's home directory /var/mail/mail does not exist Jun 8 12:43:17 pluto MailScanner[98992]: Using locktype = posix Jun 8 12:43:17 pluto MailScanner[98992]: Creating hardcoded struct_flock subroutine for freebsd (BSD-type) What is "MailScanner[98992]: User's home directory /var/mail/mail does not exist" used for ? I could not create dir in /var/mail/mail bash-2.05b# ls -la /var/mail/ -rw------- 1 ftp ftp 0 Apr 19 01:27 ftp -rw------- 1 mail mail 0 Apr 19 01:27 mail -rw------- 1 majordomo daemon 0 Apr 19 01:27 majordomo bash-2.05b# mkdir /var/mail/mail/ mkdir: /var/mail: Not a directory any clue? cheers Shahid -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040608/6b879a2e/attachment.html From kodak at FRONTIERHOMEMORTGAGE.COM Tue Jun 8 16:22:47 2004 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:25:43 2006 Subject: maillog In-Reply-To: <00f901c44d60$2a0b0160$0200a8c0@pluto> Message-ID: <007301c44d6c$74650240$0501a8c0@darkside> >bash-2.05b# ls -la /var/mail/ >-rw------- 1 ftp ftp 0 Apr 19 01:27 ftp >-rw------- 1 mail mail 0 Apr 19 01:27 mail >-rw------- 1 majordomo daemon 0 Apr 19 01:27 majordomo (please avoid HTML mail) >bash-2.05b# mkdir /var/mail/mail/ >mkdir: /var/mail: Not a directory >any clue? Yes, /var/mail on your system is a 0 byte file, not a directory. HTH, --J(K) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 8 16:36:01 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy In-Reply-To: Message-ID: <200406081535.i58FZvFU030086@monitor.blacknight.ie> MailScanner mailing list wrote: > On Tuesday, June 08, 2004 1:46 PM Spicer, Kevin wrote: > >> Outlook quotefix (google for it) is quite handy for those that use >> Outlook (it strips sigs too which helps) I like :) Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From andre at FIREBOX.CO.ZA Tue Jun 8 12:05:50 2004 From: andre at FIREBOX.CO.ZA (Andre van der Veen) Date: Thu Jan 12 21:25:43 2006 Subject: MailScanner restarting every 10 seconds? Message-ID: I'm running sendmail 8.12.6 on a SuSE 8.1 Pro server using the sendmail MTA for mail delivery. Before installing MailScanner, mail was delivering fine. I followed the FAQ, MAQ & documentation instructions on how to install MailScanner (using MailScanner-4.30.3-2.suse.tar.gz file), SpamAssassin 2.63 (not using RPM's but binaries as suggested) & ClamAV 0.70. After installation, everything seems to be fine, but all mails get stuck in /var/spool/mqueue.in I can clear the queue using 'sendmail -oQ/var/spool/mqueue.in -q' but it seems as if MailScanner either doesn't touch the mails or sendmail has some issue with picking it up from here, not sure. Extract from my sendmail file in /etc/init.d, which I edited according to the documentation: >>if test -z "$SENDMAIL_ARGS" ; then >>(1st line) SENDMAIL_ARGS="-L sendmail -bd -0PrivacyOptions=noetrn - ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in" (this is all on one line) >>(2nd line) SENDMAIL_ARGS="-L sendmail -q15m" I'm pretty new to linux/sendmail, so I'm not 100% sure if I edited the correct file here? I know I'm not supposed to post sendmail related queries here, but I'm really lost & did read up as much as I can... Spam checking & virus checking is enabled, altho I've tried using it with the RBL's disabled (thinking it might be DNS related, as per a post in the mailing list) but that also doesn't help. If I revert everything back to the way it was before MailScanner install, mail flows fine again...any ideas or suggestions will be greatly appreciated, and apologies if I did miss the same type of post in the lists, but I've spent the last 4 days searching the archives for my issue and a resolution...alot of posts discuss mail stuck in /var/spool/mqueue.in, but non of them seems to point me in the right direction, as I've tried many of the suggestions in the archives. I also checked my /var/logs/mail file and this is what shows up every 10 seconds: Jun 8 12:02:44 omega MailScanner[20166]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... Jun 8 12:02:54 omega MailScanner[20167]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... Jun 8 12:03:04 omega MailScanner[20168]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... Jun 8 12:03:14 omega MailScanner[20169]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... etc etc etc Any ideas why it's doing this? It seems it's trying to start/restart MailScanner every 10 seconds, altho when I do a 'ps -ax | grep -i mail' it shows up with the following: 21089 ? S 0:00 sendmail: accepting connections 21092 ? S 0:00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue 21096 ? S 0:00 sendmail: Queue runner@00:30:00 for /var/spool/mqueue 21115 ? S 0:00 /usr/bin/perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.con f 21116 ? Z 0:05 [MailScanner ] 21117 ? Z 0:05 [MailScanner ] 21118 ? Z 0:05 [MailScanner ] 21119 ? Z 0:05 [MailScanner ] 21277 ? Z 0:05 [MailScanner ] 21283 ? S 0:00 sh -c (ps -ax | grep -i mail) 2>&1 21284 ? S 0:00 sh -c (ps -ax | grep -i mail) 2>&1 21286 ? S 0:00 grep -i mail When I run 'check_MailScanner', it also shows as running, with a specific PID Apologies if this post was very long, but I'd rather give all the info I've got than to mail back and forth. Kind regards, Andr? van der Veen -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From newcomer at dickinson.edu Tue Jun 8 16:48:27 2004 From: newcomer at dickinson.edu (Don Newcomer) Date: Thu Jan 12 21:25:43 2006 Subject: Individual whitelists In-Reply-To: <6.1.1.1.2.20040526155846.0ec887f8@imap.ecs.soton.ac.uk> References: <200404081604921.SM00916@Dan> <6.0.1.1.2.20040408225451.043d8350@imap.ecs.soton.ac.uk> <6.1.1.1.2.20040525222018.02bce060@imap.ecs.soton.ac.uk> <6.1.1.1.2.20040526155846.0ec887f8@imap.ecs.soton.ac.uk> Message-ID: Julian, how picky is the custom code for by-domain and by-user whitelisting as far as case is concerned? I've had some messages get marked as spam while they had entries in my personal whitelist file. It appears that the case of the entry might be the problem but I'd like to know for sure. Thanks. Don Newcomer Senior Manager, Systems Infrastructure Systems Department Library and Information Services Dickinson College P.O. Box 1773 Carlisle, PA 17013 717-245-1256 (Voice) 717-245-1690 (FAX) newcomer@dickinson.edu On Wed, 26 May 2004, Julian Field wrote: > It just matches the From. > > At 14:04 26/05/2004, you wrote: > >I've been running individual whitelists since yesterday afternoon and it's > >working great! Now, there are just domain names or addresses. In the > >original whitelist entries we had the choice of "From", "To", or > >"FromorTo". Does the custom code work only for "From" or is it a > >combination of the three? > > > >Don Newcomer > >Senior Manager, Systems > >Infrastructure Systems Department > >Library and Information Services > >Dickinson College > >P.O. Box 1773 > >Carlisle, PA 17013 > >717-245-1256 (Voice) > >717-245-1690 (FAX) > >newcomer@dickinson.edu > > > >On Tue, 25 May 2004, Julian Field wrote: > > > > > The code in CustomConfig.pm will work very fast for large numbers of > > > different white/black lists. > > > It reads the whole of the lists into memory at the start (and every few > > > hours after that), and then reads them straight from memory as it goes > > along. > > > If the individual lists get large, you may want to combine it with the > > > high-speed ruleset processing code in there too. You can use this if you > > > know what every entry in each white/black list is going to be an exact > > > email address or a domain name. If that is the case then a fast lookup can > > > be done for each message, rather than having to process the whole list one > > > entry at a time, which is what you have to do in the general case. > > > > > > One of these days I will try to write an optimiser for the configuration > > > compiler, but it's not easy. > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > From newcomer at DICKINSON.EDU Tue Jun 8 16:48:27 2004 From: newcomer at DICKINSON.EDU (Don Newcomer) Date: Thu Jan 12 21:25:43 2006 Subject: Individual whitelists In-Reply-To: <6.1.1.1.2.20040526155846.0ec887f8@imap.ecs.soton.ac.uk> References: <200404081604921.SM00916@Dan> <6.0.1.1.2.20040408225451.043d8350@imap.ecs.soton.ac.uk> <6.1.1.1.2.20040525222018.02bce060@imap.ecs.soton.ac.uk> <6.1.1.1.2.20040526155846.0ec887f8@imap.ecs.soton.ac.uk> Message-ID: Julian, how picky is the custom code for by-domain and by-user whitelisting as far as case is concerned? I've had some messages get marked as spam while they had entries in my personal whitelist file. It appears that the case of the entry might be the problem but I'd like to know for sure. Thanks. Don Newcomer Senior Manager, Systems Infrastructure Systems Department Library and Information Services Dickinson College P.O. Box 1773 Carlisle, PA 17013 717-245-1256 (Voice) 717-245-1690 (FAX) newcomer@dickinson.edu On Wed, 26 May 2004, Julian Field wrote: > It just matches the From. > > At 14:04 26/05/2004, you wrote: > >I've been running individual whitelists since yesterday afternoon and it's > >working great! Now, there are just domain names or addresses. In the > >original whitelist entries we had the choice of "From", "To", or > >"FromorTo". Does the custom code work only for "From" or is it a > >combination of the three? > > > >Don Newcomer > >Senior Manager, Systems > >Infrastructure Systems Department > >Library and Information Services > >Dickinson College > >P.O. Box 1773 > >Carlisle, PA 17013 > >717-245-1256 (Voice) > >717-245-1690 (FAX) > >newcomer@dickinson.edu > > > >On Tue, 25 May 2004, Julian Field wrote: > > > > > The code in CustomConfig.pm will work very fast for large numbers of > > > different white/black lists. > > > It reads the whole of the lists into memory at the start (and every few > > > hours after that), and then reads them straight from memory as it goes > > along. > > > If the individual lists get large, you may want to combine it with the > > > high-speed ruleset processing code in there too. You can use this if you > > > know what every entry in each white/black list is going to be an exact > > > email address or a domain name. If that is the case then a fast lookup can > > > be done for each message, rather than having to process the whole list one > > > entry at a time, which is what you have to do in the general case. > > > > > > One of these days I will try to write an optimiser for the configuration > > > compiler, but it's not easy. > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ihuff at MAILGATE.PETERLI.COM Tue Jun 8 16:49:40 2004 From: ihuff at MAILGATE.PETERLI.COM (Mailgate IHuff) Date: Thu Jan 12 21:25:43 2006 Subject: filename vs. filetype in blocking executables Message-ID: <40C5E014.8080208@mailgate.peterli.com> I'm trying to allow a certain type of executable file (.sea, macintosh self-extracting archive) through the MailScanner, while blocking all other types of executables. I have "allow \.sea$' in filename.rules.conf and "deny executable" in filetype.rules.conf. It appears that the files are being denied because they are executable, even though I've specifically allowed that extension. Is there a way to do this? Thanks, Isaac Huff -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Tue Jun 8 16:52:58 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:43 2006 Subject: MailScanner restarting every 10 seconds? In-Reply-To: References: Message-ID: <40C5E0DA.2070109@solid-state-logic.com> Andre turn on debugging in the MailScanner.conf file and run check_MailScanner. This might give you some clues as to why email isn't flowing.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Andre van der Veen wrote: > I'm running sendmail 8.12.6 on a SuSE 8.1 Pro server using the sendmail MTA > for mail delivery. Before installing MailScanner, mail was delivering fine. > I followed the FAQ, MAQ & documentation instructions on how to install > MailScanner (using MailScanner-4.30.3-2.suse.tar.gz file), SpamAssassin > 2.63 > (not using RPM's but binaries as suggested) & ClamAV 0.70. > > After installation, everything seems to be fine, but all mails get stuck in > /var/spool/mqueue.in > I can clear the queue using 'sendmail -oQ/var/spool/mqueue.in -q' but it > seems as if MailScanner either doesn't touch the mails or sendmail has some > issue with picking it up from here, not sure. > > Extract from my sendmail file in /etc/init.d, which I edited according to > the documentation: > > >>>if test -z "$SENDMAIL_ARGS" ; then >>>(1st line) SENDMAIL_ARGS="-L sendmail -bd -0PrivacyOptions=noetrn - > > ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in" (this is all > on one line) > >>>(2nd line) SENDMAIL_ARGS="-L sendmail -q15m" > > > I'm pretty new to linux/sendmail, so I'm not 100% sure if I edited the > correct file here? I know I'm not supposed to post sendmail related queries > here, but I'm really lost & did read up as much as I can... > > Spam checking & virus checking is enabled, altho I've tried using it with > the RBL's disabled (thinking it might be DNS related, as per a post in the > mailing list) but that also doesn't help. > > If I revert everything back to the way it was before MailScanner install, > mail flows fine again...any ideas or suggestions will be greatly > appreciated, and apologies if I did miss the same type of post in the > lists, > but I've spent the last 4 days searching the archives for my issue and a > resolution...alot of posts discuss mail stuck in /var/spool/mqueue.in, but > non of them seems to point me in the right direction, as I've tried many of > the suggestions in the archives. > > I also checked my /var/logs/mail file and this is what shows up every 10 > seconds: > > Jun 8 12:02:44 omega MailScanner[20166]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > Jun 8 12:02:54 omega MailScanner[20167]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > Jun 8 12:03:04 omega MailScanner[20168]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > Jun 8 12:03:14 omega MailScanner[20169]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... etc etc etc > > Any ideas why it's doing this? It seems it's trying to start/restart > MailScanner every 10 seconds, altho when I do a 'ps -ax | grep -i mail' it > shows up with the following: > 21089 ? S 0:00 sendmail: accepting > connections > > 21092 ? S 0:00 sendmail: Queue runner@00:30:00 > for /var/spool/clientmqueue > 21096 ? S 0:00 sendmail: Queue runner@00:30:00 > for /var/spool/mqueue > 21115 ? S 0:00 /usr/bin/perl - > I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.con > f > 21116 ? Z 0:05 [MailScanner ] > 21117 ? Z 0:05 [MailScanner ] > 21118 ? Z 0:05 [MailScanner ] > 21119 ? Z 0:05 [MailScanner ] > 21277 ? Z 0:05 [MailScanner ] > 21283 ? S 0:00 sh -c (ps -ax | grep -i mail) 2>&1 > 21284 ? S 0:00 sh -c (ps -ax | grep -i mail) 2>&1 > 21286 ? S 0:00 grep -i mail > > > When I run 'check_MailScanner', it also shows as running, with a specific > PID > > Apologies if this post was very long, but I'd rather give all the info I've > got than to mail back and forth. > > Kind regards, > Andr? van der Veen > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martinh at SOLID-STATE-LOGIC.COM Tue Jun 8 17:03:35 2004 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:25:43 2006 Subject: filename vs. filetype in blocking executables In-Reply-To: <40C5E014.8080208@mailgate.peterli.com> References: <40C5E014.8080208@mailgate.peterli.com> Message-ID: <40C5E357.7060307@solid-state-logic.com> Isaac shouldn't the rule be.. allow /\.sea$/ in ??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mailgate IHuff wrote: > I'm trying to allow a certain type of executable file (.sea, macintosh > self-extracting archive) through the MailScanner, while blocking all > other types of executables. I have "allow \.sea$' in > filename.rules.conf and "deny executable" in filetype.rules.conf. It > appears that the files are being denied because they are executable, > even though I've specifically allowed that extension. Is there a way to > do this? > > Thanks, > Isaac Huff > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikea at MIKEA.ATH.CX Tue Jun 8 17:10:51 2004 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:25:43 2006 Subject: (Fwd) subject not modified (sometimes) In-Reply-To: <40C121C2.5050505@ucgbook.com>; from peter@UCGBOOK.COM on Sat, Jun 05, 2004 at 03:28:34AM +0200 References: <40910BB7.19985.425F0F27@localhost> <20040604140906.A14245@mikea.ath.cx> <40C121C2.5050505@ucgbook.com> Message-ID: <20040608111051.A5960@mikea.ath.cx> On Sat, Jun 05, 2004 at 03:28:34AM +0200, Peter Bonivart wrote: > mikea wrote: > > On Thu, Apr 29, 2004 at 02:05:43PM -0300, Mariano Absatz wrote: > >>It is working nicely, but sometimes, and only sometimes, it refuses to > >>modify the subject. > > MailScanner doesn't prepend the {Probable-Spam} pr {Possible-Spam} > > markers I use. Except for that small fraction, everything else seems > > Have you checked the headers for double Subject lines? I have seen some > spam with double Subject headers and only one is changed but Outlook > shows the other one which is not modified, depends on which one comes > first I guess. I posted about this a while ago but no one answered. > > Julian? No doubled "Subject:" headers. Everything looks just fine, as a matter of unpleasant fact. I'd be happier if it didn't. At least I _finally_ convinced the Powers That Be that the MailScanner box belongs _outside_ the firewall, in the DMZ, where it gets to see the other end of the SMTP connection directly. I'm still checking the rest of the parms for oddities, mistakes, and just plain screwups. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cparker at SWATGEAR.COM Tue Jun 8 17:17:59 2004 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE65DDE5@ati-ex-01.ati.local> Jan-Peter Koopmann on Tuesday, June 08, 2004 1:01 AM said: > I am seeing more and more full quotes here. Even some of the most > valuable contributors of the list (like our king Julian I. himself > *g*) have the tendency to simply hit reply to an awfully long > message, write one or two sentences and hit send. I know this is > simple and I know many people do not care. i'm with you pal! that's something that's confused and frustrated me since the first day i joined this list. :) chris. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From costa at TECGRAF.PUC-RIO.BR Tue Jun 8 17:58:56 2004 From: costa at TECGRAF.PUC-RIO.BR (Andre Costa) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? Message-ID: <20040608135856.7a77a0b3.costa@tecgraf.puc-rio.br> Hi all, we're in the process of deploying a new mail server on our intranet, and we need to provide virus scanning. So far we're considering the following setup: postfix + mailscanner + bitdefender As we realized bitdefender support status is still marked as beta, we searched this mailing list for any opinions about it, and found some pretty negative ones dated 2003. So, my questions are: - has BitDefender improved in anyway since then? Anyone using it? - if not, what (free) AV solution are you guys using? What's your level of satisfaction with it? - any recommendation about what MTA to use? we've initially dumped sendmail for security reasons, but we're willing to listen to any experience you guys could share. I know I might be touching some personal preferences here, and I don't expect consensus (nor a flamewar! =)). Any opinion (good or bad) will be helpful, we'll consider them all ;) TIA Andre -- Andre Oliveira da Costa (costa@tecgraf.puc-rio.br) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Tue Jun 8 18:11:50 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? In-Reply-To: <20040608135856.7a77a0b3.costa@tecgraf.puc-rio.br> References: <20040608135856.7a77a0b3.costa@tecgraf.puc-rio.br> Message-ID: <1086714709.9704.4.camel@bach.kevinspicer.co.uk> On Tue, 2004-06-08 at 17:58, Andre Costa wrote: > - has BitDefender improved in anyway since then? Anyone using it? I've found it very good, they're also one of the quickest with updates > - if not, what (free) AV solution are you guys using? What's your level > of satisfaction with it? Use ClamAV (as well as Bitdefender) . > - any recommendation about what MTA to use? we've initially dumped > sendmail for security reasons, but we're willing to listen to any > experience you guys could share. Not from personal experience (I use sendmail) but why not use exim? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Jun 8 18:47:52 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:43 2006 Subject: Full quotes / curtesy In-Reply-To: References: Message-ID: <40C5FBC8.7080203@ucgbook.com> Jan-Peter Koopmann wrote: > Is it to much to ask for nice and polite quoting? If so and everybody > starts killing me now I will never bring this topic up again... :-) I agree 100%! Trimming the post to the relevant parts you're answering increases the chance of it being read. I know since I usually delete posts where I can't see the answer without scrolling. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From farukokcu at YAHOO.COM Tue Jun 8 15:29:30 2004 From: farukokcu at YAHOO.COM (Faruk Okcu) Date: Thu Jan 12 21:25:43 2006 Subject: email stuck in quarantine Message-ID: Hi all, My configuration: Redhat Linux 9.0, Postfix 2.0.16-4, clamav-0.71, MailScanner-4.31.6-1 In /etc/MailScanner.conf: Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Quarantine Dir = /var/spool/MailScanner/quarantine Till now everything works like a charm My problem: postdrop cannot deliver mail out of quarantine folder the error message is as follows: ************************************************* #postdrop -v /var/spool/MailScanner/quarantine/20040608/3E3172EE8B4/3E3172EE8B4 postdrop: chdir /var/spool/postfix postdrop: open maildrop/52A742F28C7 postdrop: send attr queue_id = 52A742F28C7 queue_id52A742F28C7postdrop: fatal: uid=0: unexpected record type: 67 postdrop: remove maildrop/52A742F28C7 ************************************************* i googled for record type: 67 without luck. Does anybody know what this might be? Thanks in advance. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue Jun 8 18:53:15 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? In-Reply-To: <1086714709.9704.4.camel@bach.kevinspicer.co.uk> References: <20040608135856.7a77a0b3.costa@tecgraf.puc-rio.br> <1086714709.9704.4.camel@bach.kevinspicer.co.uk> Message-ID: Kevin Spicer wrote: > On Tue, 2004-06-08 at 17:58, Andre Costa wrote: > >>- has BitDefender improved in anyway since then? Anyone using it? > > I've found it very good, they're also one of the quickest with updates > A agree. Using it at home and at work (low volume though) without problem for probably more than a month now. > >>- if not, what (free) AV solution are you guys using? What's your level >>of satisfaction with it? > > Use ClamAV (as well as Bitdefender) . Idem -- Ugo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From costa at TECGRAF.PUC-RIO.BR Tue Jun 8 18:31:25 2004 From: costa at TECGRAF.PUC-RIO.BR (Andre Costa) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? In-Reply-To: <1086714709.9704.4.camel@bach.kevinspicer.co.uk> References: <20040608135856.7a77a0b3.costa@tecgraf.puc-rio.br> <1086714709.9704.4.camel@bach.kevinspicer.co.uk> Message-ID: <20040608143125.7abb8202.costa@tecgraf.puc-rio.br> Hi Kevin, thks for the info. Comments below... On Tue, 8 Jun 2004 18:11:50 +0100 Kevin Spicer wrote: > On Tue, 2004-06-08 at 17:58, Andre Costa wrote: > > - has BitDefender improved in anyway since then? Anyone using it? > I've found it very good, they're also one of the quickest with updates Cool =) > > - if not, what (free) AV solution are you guys using? What's your > > level of satisfaction with it? > Use ClamAV (as well as Bitdefender) . Both? Any noticeable impact on performance? > > - any recommendation about what MTA to use? we've initially dumped > > sendmail for security reasons, but we're willing to listen to any > > experience you guys could share. > > Not from personal experience (I use sendmail) but why not use exim? It's definitely another heavyweight contender, we initially considered both (exim still isn't out of the game). I remember once trying to configure exim to use procmail, and it was much more complicated than I expected, so it left me with the impression it was maybe too complex to my needs back then. It was sometime ago, so things might have changed in the meantime... Best, Andre -- Andre Oliveira da Costa (costa@tecgraf.puc-rio.br) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Tue Jun 8 19:38:59 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? In-Reply-To: <20040608143125.7abb8202.costa@tecgraf.puc-rio.br> References: <20040608135856.7a77a0b3.costa@tecgraf.puc-rio.br> <1086714709.9704.4.camel@bach.kevinspicer.co.uk> <20040608143125.7abb8202.costa@tecgraf.puc-rio.br> Message-ID: <1086719938.9702.12.camel@bach.kevinspicer.co.uk> On Tue, 2004-06-08 at 18:31, Andre Costa wrote: > Hi Kevin, > > thks for the info. Comments below... > > On Tue, 8 Jun 2004 18:11:50 +0100 > Kevin Spicer wrote: > > > On Tue, 2004-06-08 at 17:58, Andre Costa wrote: > > > - has BitDefender improved in anyway since then? Anyone using it? > > I've found it very good, they're also one of the quickest with updates > > Cool =) > > > > - if not, what (free) AV solution are you guys using? What's your > > > level of satisfaction with it? > > Use ClamAV (as well as Bitdefender) . > > Both? Any noticeable impact on performance? Yes theres an impact on performance in that it raises the system load (but nothing like the impact from SpamAssassin). I actually use four scanners (Clam, Bitdefender, Symantec and Sophos) with SpamAssassin (with extra rules, Razor, Pyzor, DCC)- not to mention MailScanner-MRTG (of course) and Vispan. I happily process 8-10 k messages per day (on a P800, 1G Ram, IDE drive), the load gets fairly high and the CPU is pretty much tied up during the day but we don't get any noticible delays. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ihuff at MAILGATE.PETERLI.COM Tue Jun 8 19:41:36 2004 From: ihuff at MAILGATE.PETERLI.COM (Mailgate IHuff) Date: Thu Jan 12 21:25:43 2006 Subject: filename vs. filetype in blocking executables In-Reply-To: <40C5E357.7060307@solid-state-logic.com> References: <40C5E014.8080208@mailgate.peterli.com> <40C5E357.7060307@solid-state-logic.com> Message-ID: <40C60860.3040407@mailgate.peterli.com> I don't believe that's the case - I'm using basically the default filename rules configuration. Every line in the default is syntactically similar to the line I referred to. Maybe it works both ways? Isaac Huff Martin Hepworth wrote: > Isaac > > shouldn't the rule be.. > > allow /\.sea$/ in > > ??? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Mailgate IHuff wrote: > >> I'm trying to allow a certain type of executable file (.sea, macintosh >> self-extracting archive) through the MailScanner, while blocking all >> other types of executables. I have "allow \.sea$' in >> filename.rules.conf and "deny executable" in filetype.rules.conf. It >> appears that the files are being denied because they are executable, >> even though I've specifically allowed that extension. Is there a way to >> do this? >> >> Thanks, >> Isaac Huff >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From costa at TECGRAF.PUC-RIO.BR Tue Jun 8 20:04:34 2004 From: costa at TECGRAF.PUC-RIO.BR (Andre Costa) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? In-Reply-To: <1086719938.9702.12.camel@bach.kevinspicer.co.uk> References: <20040608135856.7a77a0b3.costa@tecgraf.puc-rio.br> <1086714709.9704.4.camel@bach.kevinspicer.co.uk> <20040608143125.7abb8202.costa@tecgraf.puc-rio.br> <1086719938.9702.12.camel@bach.kevinspicer.co.uk> Message-ID: <20040608160434.0b15f9fe.costa@tecgraf.puc-rio.br> On Tue, 8 Jun 2004 19:38:59 +0100 Kevin Spicer wrote: [snip] > > > > - if not, what (free) AV solution are you guys using? What's > > > > your level of satisfaction with it? > > > Use ClamAV (as well as Bitdefender) . > > > > Both? Any noticeable impact on performance? > > Yes theres an impact on performance in that it raises the system load > (but nothing like the impact from SpamAssassin). I actually use four > scanners (Clam, Bitdefender, Symantec and Sophos) with SpamAssassin > (with extra rules, Razor, Pyzor, DCC)- not to mention MailScanner-MRTG > (of course) and Vispan. I happily process 8-10 k messages per day > (on a P800, 1G Ram, IDE drive), the load gets fairly high and the CPU > is pretty much tied up during the day but we don't get any noticible > delays. Wow... you take the "safe is never safe enough" motto seriously =) Jokes on the side, thks a lot for the feedback (specially the numbers), it will be important as a reference for us when we come to compute statistics/benchmarks (we will be _way_ below your msg load, though). It was also interesting to have an overview of your setup. Given the feedback so far, looks like BitDefender is indeed a good choice. Any good reason why MailScanner support for it is still considered beta? Best, Andre -- Andre Oliveira da Costa (costa@tecgraf.puc-rio.br) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Jun 8 20:01:38 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:43 2006 Subject: filename vs. filetype in blocking executables In-Reply-To: <40C60860.3040407@mailgate.peterli.com> References: <40C5E014.8080208@mailgate.peterli.com> <40C5E357.7060307@solid-state-logic.com> <40C60860.3040407@mailgate.peterli.com> Message-ID: <40C60D12.7080309@ucgbook.com> Mailgate IHuff wrote: > I don't believe that's the case - I'm using basically the default > filename rules configuration. Every line in the default is > syntactically similar to the line I referred to. Maybe it works both ways? If there's a deny in either filename or filetype it wins so you have to allow executables as filetype and deny all executables but sea-files as filenames. That makes you slightly vulnerable to forging though. Another alternative is to alter your magic file that identifies file types and get rid of sea there. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brian at GENERATIONZ.COM Tue Jun 8 20:37:16 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:43 2006 Subject: Scanning outgoing Message-ID: On Mon, 7 Jun 2004 18:02:31 -0400, Ugo Bellavance wrote: >Brian Dowling wrote: > >> On Mon, 7 Jun 2004 12:53:51 -0400, Ugo Bellavance wrote: >> >> >>>Brian Dowling wrote: >>> >>> >>>>My understanding is that with sendmail, outgoing messages are scanned, >>>>although the logs don't reflect any outbound scanning activity. How can >>>>outbound scanning be confirmed? >>> >>>The logs is the place... >>> >>>What is your setup? Do you have an Exchange server that delivers >>>directly to the recipient? If so, you must tell this server to use your >>>MailScanner to deliver. >>> >>> >>>>Thanks >>>> >>>>-------------------------- MailScanner list ---------------------- > >> No exchange server. Sendmail 8.11 on a RH box using pop3 and imap >> (Squirrelmail as the client). Spamassassin does all the spam tagging. >> >> Logs say (for example) on incoming mail... >> >> Jun 7 15:04:37 ns1 MailScanner[2268]: New Batch: Scanning 1 messages, 4638 >> bytes >> Jun 7 15:04:37 ns1 MailScanner[2268]: MCP Checks completed at 4638 bytes >> per second >> Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks: Starting >> Jun 7 15:04:37 ns1 MailScanner[2268]: Spam Checks completed at 4638 bytes >> per second >> Jun 7 15:04:37 ns1 MailScanner[2268]: Virus and Content Scanning: Starting >> Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Scanning completed at 4638 >> bytes per second >> Jun 7 15:04:38 ns1 MailScanner[2268]: Uninfected: Delivered 1 messages >> Jun 7 15:04:38 ns1 MailScanner[2268]: Virus Processing completed at 4638 >> bytes per second >> Jun 7 15:04:38 ns1 MailScanner[2268]: Disinfection completed at 4638 bytes >> per second >> Jun 7 15:04:38 ns1 MailScanner[2268]: Batch completed at 4638 bytes per >> second (4638 / 1) >> >> Nothing on outgoing mail. > >Did you try sending the eicar test virus through? Yep, went through like greased lightning. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ihuff at MAILGATE.PETERLI.COM Tue Jun 8 20:48:26 2004 From: ihuff at MAILGATE.PETERLI.COM (Isaac Huff) Date: Thu Jan 12 21:25:43 2006 Subject: filename vs. filetype in blocking executables In-Reply-To: <40C60D12.7080309@ucgbook.com> References: <40C5E014.8080208@mailgate.peterli.com> <40C5E357.7060307@solid-state-logic.com> <40C60860.3040407@mailgate.peterli.com> <40C60D12.7080309@ucgbook.com> Message-ID: <40C6180A.3000402@mailgate.peterli.com> Perfect, I can alter the magic file. I didn't think of that, but it will work fine for me. Thanks for the suggestion. Isaac Huff Peter Bonivart wrote: > Mailgate IHuff wrote: > >> I don't believe that's the case - I'm using basically the default >> filename rules configuration. Every line in the default is >> syntactically similar to the line I referred to. Maybe it works both >> ways? > > > If there's a deny in either filename or filetype it wins so you have to > allow executables as filetype and deny all executables but sea-files as > filenames. That makes you slightly vulnerable to forging though. > > Another alternative is to alter your magic file that identifies file > types and get rid of sea there. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Tue Jun 8 20:52:35 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:43 2006 Subject: filename vs. filetype in blocking executables In-Reply-To: <40C60D12.7080309@ucgbook.com> References: <40C5E014.8080208@mailgate.peterli.com> <40C5E357.7060307@solid-state-logic.com> <40C60860.3040407@mailgate.peterli.com> <40C60D12.7080309@ucgbook.com> Message-ID: <1086724355.9702.17.camel@bach.kevinspicer.co.uk> On Tue, 2004-06-08 at 20:01, Peter Bonivart wrote: > Mailgate IHuff wrote: > > I don't believe that's the case - I'm using basically the default > > filename rules configuration. Every line in the default is > > syntactically similar to the line I referred to. Maybe it works both ways? > > If there's a deny in either filename or filetype it wins so you have to > allow executables as filetype and deny all executables but sea-files as > filenames. That makes you slightly vulnerable to forging though. > > Another alternative is to alter your magic file that identifies file > types and get rid of sea there. I got round this by patching MailScanner to allow me to specify exceptions in the filename rules which are applied to the filetype rules. In other words, as well as having an allow and a deny option I added an 'allowtype' option to filename rules which is interpreted as meaning "If the filename matches this pattern then allow the file even if it would be blocked by the filetype checking" BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brian at GENERATIONZ.COM Tue Jun 8 22:22:48 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:43 2006 Subject: Scanning outgoing Message-ID: On Mon, 7 Jun 2004 17:55:01 +0100, Julian Field wrote: >At 14:18 07/06/2004, you wrote: >>My understanding is that with sendmail, outgoing messages are scanned, >>although the logs don't reflect any outbound scanning activity. How can >>outbound scanning be confirmed? > >Are you using a sendmail recent enough to have a clientmqueue directory? If >so, all outbound mail should be scanned. If not, then you will have to >reconfigure your mail software so that it sends mail by talking SMTP to >localhost and does not invoke the sendmail binary directly. > >You can find out by sending yourself mail including the eicar test file, >available from www.eicar.org. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html Could you explain your comments in detail or point me to some documentation? Sure would like to get this handled. Thanks, Brian From brian at GENERATIONZ.COM Tue Jun 8 22:22:48 2004 From: brian at GENERATIONZ.COM (Brian Dowling) Date: Thu Jan 12 21:25:43 2006 Subject: Scanning outgoing Message-ID: On Mon, 7 Jun 2004 17:55:01 +0100, Julian Field wrote: >At 14:18 07/06/2004, you wrote: >>My understanding is that with sendmail, outgoing messages are scanned, >>although the logs don't reflect any outbound scanning activity. How can >>outbound scanning be confirmed? > >Are you using a sendmail recent enough to have a clientmqueue directory? If >so, all outbound mail should be scanned. If not, then you will have to >reconfigure your mail software so that it sends mail by talking SMTP to >localhost and does not invoke the sendmail binary directly. > >You can find out by sending yourself mail including the eicar test file, >available from www.eicar.org. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html Could you explain your comments in detail or point me to some documentation? Sure would like to get this handled. Thanks, Brian -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jun 8 22:35:46 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? Message-ID: On Tuesday, June 08, 2004 7:31 PM Andre Costa wrote: > Both? Any noticeable impact on performance? That heavily depends on your machine and what mailload you are expecting. At the moment I am running ClamAV, F-Secure (with all three engines), mcafee and antivir at a customer site without any problem. As soon as BitDefender releases its FreeBSD version I will add it as well. Needless to say I am running SpamAssassin with all sorts of additional rules. > It's definitely another heavyweight contender, we initially > considered both (exim still isn't out of the game). I > remember once trying to configure exim to use procmail, and > it was much more complicated than I expected, so it left me > with the impression it was maybe too complex to my needs back > then. It was sometime ago, so things might have changed in the > meantime... Exim is actually quite simple for 90% of the tasks. Try reading and understanding a complex exim config and then have a look at an equivalent sendmail.cf... Unless you are expecting houndred thousands of mails a day I would definately go for exim. The next best choice would be Postfix for me although there seem to be MailScanner issues sometimes... Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue Jun 8 23:03:25 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:43 2006 Subject: Scanning outgoing In-Reply-To: References: Message-ID: <40C637AD.80506@ucgbook.com> Brian Dowling wrote: > Could you explain your comments in detail or point me to some documentation? > Sure would like to get this handled. Try upgrading to Sendmail 8.12. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Tue Jun 8 23:39:09 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? In-Reply-To: <1086714709.9704.4.camel@bach.kevinspicer.co.uk> Message-ID: <200406082239.i58MdK66022523@nkpanama.com> ClamAV+BitDefender is a good choice. Never had a security problem with sendmail. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rt_mena at YAHOO.COM Wed Jun 9 00:12:17 2004 From: rt_mena at YAHOO.COM (Robert Mena) Date: Thu Jan 12 21:25:43 2006 Subject: Locking/bayes problem : still Message-ID: <20040608231217.57620.qmail@web50402.mail.yahoo.com> Hi, A couple of days ago I've sent one email about how slow my system started to run and how I solved by simply removing the bayes db. I saw one post about it (with a same here situation) but no actual solution. One suggested to put the bayes db in a tmpfs. I was wondering how many do use mailscanner+sa (with bayes db) and how they solved/addressed this. I don't think I affects just 2 systems (mine and the one who answered my post). A word from the developers (even a "it's a spamassassin thing!" :) ) would be great! - rt __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Wed Jun 9 01:45:33 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:43 2006 Subject: OT: How's this for "better safe than safe"? Message-ID: <200406090045.i590jf64025687@nkpanama.com> -----Original Message----- From: MailScanner [mailto:postmaster@nkpanama.com] Sent: Tuesday, June 08, 2004 7:45 PM To: postmaster@nkpanama.com Subject: Warning: E-mail viruses detected The following e-mail messages were found to have viruses in them: Sender: tester@testvirus.org IP Address: 12.5.19.157 Recipient: test@nkpanama.com Subject: Virus Scanner Test #1 MessageID: i590iD64025554 Report: ClamAV Module: eicar.com was infected: Eicar-Test-Signature AntiVir: ALERT: [Eicar-Test-Signatur virus] ./i590iD64025554/eicar.com <<< Contains code of the Eicar-Test-Signatur virus F-Prot: /var/spool/MailScanner/incoming/25477/i590iD64025554/eicar.com Infection: EICAR_Test_File SophosSAVI: eicar.com was infected by EICAR-AV-Test Bitdefender: Found virus EICAR-Test-File (not a virus) in file eicar.com DrWeb: Found virus EICAR Test File (NOT a Virus!) in file eicar.com McAfee: /i590iD64025554/eicar.com Found: EICAR test file NOT a virus. Kaspersky: /var/spool/MailScanner/incoming/25477/i590iD64025554/eicar.com INFECTED EICAR-Test-File Inoculan: [././i590iD64025554/eicar.com] was infected by virus [EICAR test file] Panda: EICAR-AV-TEST-FILE MailScanner: Executable DOS/Windows programs are dangerous in email (eicar.com) Full headers are: Return-Path: Received: from mail01.excedent.us (crc2.excedent.us [12.5.19.157]) by nkpanama.com (8.12.10/8.12.10) with ESMTP id i590iD64025554 for ; Tue, 8 Jun 2004 19:44:14 -0500 X-Originating-Ip: 201.224.101.32 Message-Id: <277886.@testvirus.org> Date: Tue, 08 Jun 2004 20:43:46 -0500 From: "TESTVIRUS.org" To: Subject: Virus Scanner Test #1 Mime-Version: 1.0 Content-Type: multipart/mixed; BounDary="=====================_307115168==_" -- MailScanner Email Virus Scanner www.mailscanner.info -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From basement_mobile2004 at YAHOO.COM Wed Jun 9 02:46:05 2004 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:25:43 2006 Subject: Locking/bayes problem : still In-Reply-To: <20040608231217.57620.qmail@web50402.mail.yahoo.com> Message-ID: <20040609014605.45109.qmail@web60008.mail.yahoo.com> Hi Robert, --- Robert Mena wrote: > Hi, > > A couple of days ago I've sent one email about how > slow my system started to run and how I solved by > simply removing the bayes db. Same problem here! My bayes keeps growing and then MScanner slows down on checking the input queue. When the db is thin everything works fine. > > I saw one post about it (with a same here situation) > but no actual solution. One suggested to put the > bayes > db in a tmpfs. > It's a good idea, but it's not right, is it? MScanner+SA *must* work with big db's, I mean, that's why they exist, to keep growing and "learning". > I was wondering how many do use mailscanner+sa (with > bayes db) and how they solved/addressed this. I > don't > think I affects just 2 systems (mine and the one who > answered my post). > Three now :) > A word from the developers (even a "it's a > spamassassin thing!" :) ) would be great! It should be good, for sure. > > - rt > > > > > -- Herr Schwarzkopf __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cklee at IOHK.COM Wed Jun 9 06:36:40 2004 From: cklee at IOHK.COM (CK Lee) Date: Thu Jan 12 21:25:43 2006 Subject: SPAM Action Message-ID: I am new to MailScanner + SpamAssassin. When it is turned on, some mails are tagged with {SPAM?} after scanning. Although the action is given as "deliver", howee, the message does not pass to the user but instead it is appended to a file called spam in the directory /var/spool/mqueue. I don't know what wrong with my setting. Any help is appreciate. CK -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shoval at SOFTOV.CO.IL Wed Jun 9 09:49:21 2004 From: shoval at SOFTOV.CO.IL (Shoval Tomer) Date: Thu Jan 12 21:25:43 2006 Subject: SPAM Action Message-ID: <4D3EACBC840810409663D2C9568AEA4E5C82@stex00.softov.co.il> Could you send your MailScanner.conf file to me off the list? > -----Original Message----- > From: CK Lee [mailto:cklee@IOHK.COM] > Sent: Wednesday, June 09, 2004 8:37 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SPAM Action > > I am new to MailScanner + SpamAssassin. When it is turned on, some mails > are tagged with {SPAM?} after scanning. Although the action is given > as "deliver", howee, the message does not pass to the user but instead it > is appended to a file called spam in the directory /var/spool/mqueue. > > I don't know what wrong with my setting. > > Any help is appreciate. > > CK > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jose at TREELOGIC.COM Wed Jun 9 09:59:04 2004 From: jose at TREELOGIC.COM (Jose Angel) Date: Thu Jan 12 21:25:43 2006 Subject: HTML Scripts References: <4D3EACBC840810409663D2C9568AEA4E5C82@stex00.softov.co.il> Message-ID: <002901c44e00$04b87320$1901a8c0@redes1> Could anybody say how to allow any HTML mail to pass MailScanner without blockink content. I am receiving in log Jun 8 16:48:20 pasarela MailScanner[30985]: Content Checks: Detected HTML-specific exploits in i58EmCli000511 and i want to evitate this. In MailScanner.conf I have "Allow partial messages" "Allow external message bodies", "Allow Iframe Tags" and "Allow Form tags" set to yes but MailScanner continues blocking the messages Any idea?? Thank you -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From prandal at HEREFORDSHIRE.GOV.UK Wed Jun 9 10:09:47 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:43 2006 Subject: MTA + AV: opinions? Message-ID: <801403078973F243A6A74322E134AF500F1FF3@mail.herefordshire.gov.uk> Alex Neuman wrote: > ClamAV+BitDefender is a good choice. > Never had a security problem with sendmail. Nor have I, yet... We're processing 10,000 messages daily (around 600MB) on a Dell 2650 single processor P4 Xeon 2.4GHz, 1GB RAM, hardware mirrored SCSI disks, running Fedora Core 1, with Bitdefender, ClamAV, McAfee uvscan, MailScanner with loads of RBLs at the spamassassin level, and running squid for 1001-odd users with a load average hovering around 1 most of the time. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LAYLINE.DE Wed Jun 9 09:47:36 2004 From: mailscanner at LAYLINE.DE (Stephan Ilaender) Date: Thu Jan 12 21:25:43 2006 Subject: Mailscanner keeps nagging about postfix queues Message-ID: <20040609104736.2570e2d9@aurora> Hi all, I'm seeing a strange problem hier - Mailscanner keeps complaining about queue files: MailScanner[2651]: Messages found but no hashed queue directories. Please enable hashed queues for incoming and deferred with a depth of 1 or 2. See the Postfix documentation for hash_queue_names and hash_queue_depth however postfix knows these queues: hash_queue_depth = 1 hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold This is a single instance setup, using debian packages postfix-2.0.16-4 and mailscanner-4.30.3-1. Everything appears to be working(!), just this message keeps appearing. As the single instance setup does not make use of the deferred queue- maybe this is a leftover? kind regards, Stephan -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From faisal at MITSUMINET.COM Wed Jun 9 11:12:50 2004 From: faisal at MITSUMINET.COM (Faisal) Date: Thu Jan 12 21:25:43 2006 Subject: HTML Scripts In-Reply-To: <002901c44e00$04b87320$1901a8c0@redes1> Message-ID: <000001c44e0a$58a20870$01436dc1@faisalxp> What about html scripts are you allowing those ones... Faisal Memon Mitsuminet (K) Ltd. T : 254-20-210342 E : faisal@mitsuminet.com Msn: faisal@mitsuminet.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jose Angel Sent: Wednesday, June 09, 2004 11:59 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: HTML Scripts Could anybody say how to allow any HTML mail to pass MailScanner without blockink content. I am receiving in log Jun 8 16:48:20 pasarela MailScanner[30985]: Content Checks: Detected HTML-specific exploits in i58EmCli000511 and i want to evitate this. In MailScanner.conf I have "Allow partial messages" "Allow external message bodies", "Allow Iframe Tags" and "Allow Form tags" set to yes but MailScanner continues blocking the messages Any idea?? Thank you -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed Jun 9 11:11:02 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:43 2006 Subject: HTML Scripts In-Reply-To: <002901c44e00$04b87320$1901a8c0@redes1> References: <4D3EACBC840810409663D2C9568AEA4E5C82@stex00.softov.co.il> <002901c44e00$04b87320$1901a8c0@redes1> Message-ID: Jose Angel wrote: > Could anybody say how to allow any HTML mail to pass MailScanner without > blockink content. > I am receiving in log > Jun 8 16:48:20 pasarela MailScanner[30985]: Content Checks: Detected > HTML-specific exploits in i58EmCli000511 > > and i want to evitate this. > In MailScanner.conf I have "Allow partial messages" "Allow external > message bodies", "Allow Iframe Tags" and "Allow Form tags" set to yes but > MailScanner continues blocking the messages > Any idea?? What version of MailScanner? Search for Allow Script Tags in MailScanner.conf > > Thank you -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed Jun 9 11:12:18 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:43 2006 Subject: SPAM Action In-Reply-To: <4D3EACBC840810409663D2C9568AEA4E5C82@stex00.softov.co.il> References: <4D3EACBC840810409663D2C9568AEA4E5C82@stex00.softov.co.il> Message-ID: Shoval Tomer wrote: > Could you send your MailScanner.conf file to me off the list? Or just send the relevant part to the list, the Spam Action and High-Scoring Spam Action settings. > > >>-----Original Message----- >>From: CK Lee [mailto:cklee@IOHK.COM] >>Sent: Wednesday, June 09, 2004 8:37 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: SPAM Action >> >>I am new to MailScanner + SpamAssassin. When it is turned on, some > > mails > >>are tagged with {SPAM?} after scanning. Although the action is given >>as "deliver", howee, the message does not pass to the user but instead > > it > >>is appended to a file called spam in the directory /var/spool/mqueue. >> >>I don't know what wrong with my setting. >> >>Any help is appreciate. >> >>CK -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jose at TREELOGIC.COM Wed Jun 9 11:33:05 2004 From: jose at TREELOGIC.COM (Jose Angel) Date: Thu Jan 12 21:25:44 2006 Subject: HTML Scripts References: <4D3EACBC840810409663D2C9568AEA4E5C82@stex00.softov.co.il> <002901c44e00$04b87320$1901a8c0@redes1> Message-ID: <004f01c44e0d$261e2e30$1901a8c0@redes1> How can I enable HTML scrpits in MailScanner.conf? My MailScanner version is 4.31.6-1 under RedHat 9.2 Thank you ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Wednesday, June 09, 2004 12:11 PM Subject: Re: HTML Scripts > Jose Angel wrote: > > Could anybody say how to allow any HTML mail to pass MailScanner without > > blockink content. > > I am receiving in log > > Jun 8 16:48:20 pasarela MailScanner[30985]: Content Checks: Detected > > HTML-specific exploits in i58EmCli000511 > > > > and i want to evitate this. > > In MailScanner.conf I have "Allow partial messages" "Allow external > > message bodies", "Allow Iframe Tags" and "Allow Form tags" set to yes but > > MailScanner continues blocking the messages > > Any idea?? > > What version of MailScanner? > > Search for > > Allow Script Tags > > in MailScanner.conf > > > > > Thank you > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed Jun 9 11:48:25 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:44 2006 Subject: HTML Scripts In-Reply-To: <004f01c44e0d$261e2e30$1901a8c0@redes1> References: <4D3EACBC840810409663D2C9568AEA4E5C82@stex00.softov.co.il> <002901c44e00$04b87320$1901a8c0@redes1> <004f01c44e0d$261e2e30$1901a8c0@redes1> Message-ID: Jose Angel wrote: > How can I enable HTML scrpits in MailScanner.conf? > My MailScanner version is 4.31.6-1 under RedHat 9.2 RedHat 9.2? does that exist? > # Do you want to allow