From mailscanner at BARENDSE.TO Sat May 1 07:16:04 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:24:56 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <6.1.0.6.0.20040430110903.05225ff8@mail.1bigthink.com> Message-ID: Hehehe, I need not comment on that, some huge M$ fan has already flamed about the added X-Ref header to all my mails (only visible in outlook though or in full header mode in other clients) Too bad they are not porting Ximian Evolution to the Windows desktop, even though it costs the same as ol if you need the Exchange connector i'd still prefer it. On Fri, 30 Apr 2004, DNSAdmin wrote: > At 09:40 PM 4/29/2004, you wrote: > > > -----Original Message----- > > SNIP > > >Being that Outlook is here to stay, I think that this is a reasonable bug > >request. > > BOOOOOOOOOOOOOOOOOOOOOOOOOOOOO! > > Outlook is the most horrendously designed UI EVER! > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sat May 1 12:11:08 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:56 2006 Subject: Help with queue backup In-Reply-To: <1083409016.31076.26.camel@bach.kevinspicer.co.uk> References: <8BD06A60242B4341B8919A4AC958C1D0181BC8@busted.dandd.com> <40937015.1070704@ucgbook.com> <1083405514.31086.11.camel@bach.kevinspicer.co.uk> <40937EB8.1090908@ucgbook.com> <1083409016.31076.26.camel@bach.kevinspicer.co.uk> Message-ID: <409385CC.3030007@ucgbook.com> Kevin Spicer wrote: > Another idea (although more involved to do, as it involves some > shuffling) is to create a striped metadevice accross two partitions on > different disks (and ideally different controllers), and use that for > the /var/spool partition. That would give the benefit of spreading the > load, without the extra IO from MailScanner caused by splitting the > spool directory. He could easily use these two for a striped /var/spool: /dev/dsk/c0t1d0s7 8.7G 11K 8.6G 1% /var/spool/clientmqueue /dev/dsk/c0t0d0s7 8.7G 439M 8.2G 5% /var/spool/mqueue There's lot's of other disk variations he could try but I wanted to start with things that are easily reversible so maybe we should let Rob have a say in this too. :-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From andrews at stusoft.com Sat May 1 12:11:57 2004 From: andrews at stusoft.com (Andrew Stubbs) Date: Thu Jan 12 21:24:56 2006 Subject: Detected HTML-specific exploits Message-ID: I am getting the following virus warning: Sender: xxxx@returns.groups.yahoo.com IP Address: xxx.xx.xxx.xxx Recipient: xxxx Subject: Re: xxxxxx MessageID: i41AvJf4029007 Report: MailScanner: Found a script in HTML message I have the following setup: Allow IFrame Tags = yes Allow Form Tags = yes Allow Object Codebase Tags = yes Which AFAIK should stop the scanning of HTML mail. The trigger is this, I think. It is inside a YAHOO advert from a yahoo groups email I have also whitelisted the yahoo groups emails as well. I would have thought the whitelisting should pre-empt everything. I do not want to alter filename.rules.conf to allow .js - as this would be suicidal. What have I done wrong ? Andrew -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sat May 1 00:03:13 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:57 2006 Subject: Quarantined attachments In-Reply-To: References: Message-ID: <4092DB31.8060707@ucgbook.com> InvictaWiz Customer Support wrote: > How do others deliver dodgi attachments out of quarantine? There's a couple of ways to get them through if you want them to go through MS again but why don't you just drop them in the outgoing queue instead? I don't know what MTA you have but I have Sendmail and I quarantine messages as queue files. Then I can just drop it in the outgoing queue and it will be delivered. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ka at PACIFIC.NET Sat May 1 00:02:19 2004 From: ka at PACIFIC.NET (Ken Anderson (Pacific Internet)) Date: Thu Jan 12 21:24:57 2006 Subject: Quarantined attachments In-Reply-To: References: Message-ID: <4092DAFB.8050608@pacific.net> If you are using sendmail, just store them as queue files (see MailScanner.conf) and then to 'release', just cp them into the outgoing mail queue. They will bypass mailscanner. Ken InvictaWiz Customer Support wrote: > Hi > > I wrote a script to deliver quarantined attachments. > Easy I thought..... > > MS re-stripped the attachment - Bother! > > I whitelisted my From: address - quarantine@blahblah - Surely that will fix it... > No! > What seems to happen is that MS doesn't strip the attachment on the way in because > quarantine@blahblah is whitelisted. However, what seems to happen is the message gets re-scanned on > it's way to the destination address - also on this server of course. MS then thinks "Ah Ha, I must > strip this dodgi attachment" > > Have I made a fundamental mistake? > How do others deliver dodgi attachments out of quarantine? > > > > Martyn Routley > > > > ----------------------------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by the http://www.anti84787.com > MailScanner, and is believed to be clean. > ----------------------------------------------------------------------------- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Sat May 1 02:29:09 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:24:57 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <6.0.1.1.2.20040430170904.04253d00@imap.ecs.soton.ac.uk> Message-ID: <200405010129.i411TEU17034@mx1.mailsecurity.net.au> > >Can we produce a list of the MIME-types that MailScanner should not sign. > >At the moment it will sign any in-line text/* section. I can easily put > in > >a little list of exceptions to catch things like text/pdf. What are the > >MIME types used by Outlook for these messages? > > > >It would be good to get this fixed before the next release, so the next > >release will have to wait until we get this resolved. > > Or would I be better off only signing text/plain and text/html? Hmm, I like this method better than the other, /however/ I have a feeling it may result in a heap of "corrections" post initial release. Could this list of mime types be included in a ruleset? I don't really want to make yet another option in the config file if we don't have to, but perhaps this might be easiest even if it's only while this feature is in unstable mode. Regards, David Hooton Senior Partner Platform Networks www.platformnetworks.net ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Sat May 1 02:39:29 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:24:57 2006 Subject: tao Linux In-Reply-To: <002801c42edb$37499060$a301a8c0@cnpapers.net> Message-ID: <20040501013930.C947021C2DE@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephe Campbell > Sent: Friday, April 30, 2004 1:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: tao Linux > > Michele, > > Could you possibly elaborate on why you went to something other than a RH > OS. This part really is the gut of the situation. > > Most of my servers are RH 7.3, which seems really stable. If I am to trust > our future to the Open Source community, why shouldn't I trust them to > keep > RH 7.3, or any other RH version, up to date and safe? I do realize that > old > is not always best, but can you truthfully use this example to justify > things like RH 8.0 versus RH 7.3? 1. Well the performance of RH 3.0 definitely beats 7.x 2. It's supported for security upgrades/updates :) either by up2date (RH) or yum 3. RH 3.0 is about 4.5 years from end-of life for support > BTW, WhiteBox, as I recall, had some issues with their installation > package Not really even the pre-final-release worked fine for us. > (was there even an X interface?) Absolutely there was was/is X-interface > How would you rate the installation > process? A friend of mine at one of the US government laboratories here > has > highly recommended WB, but they rolled their own installation scripts for > convenience., tailoring it more to their needs. They have more hands there > than we do here, though. What your friend was probably referring to is an automated install. We've created a CD that we pop into a box and simply boot the system, have a coffee and come back to an installed system ready to rumble. > > Thank you very much for your time and thoughts. Glad to help and if you need more pointers on automated install please drop me a line off list. Steve Stephen Swaney President Fortress Systems Ltd. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Sat May 1 02:42:00 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:24:57 2006 Subject: tao Linux In-Reply-To: <40928591.9060101@gmx.de> Message-ID: <20040501014201.97FBF21C2DE@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of shrek-m@gmx.de > Sent: Friday, April 30, 2004 12:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: tao Linux > > Stephe Campbell wrote: > > >I had looked at White Box and Tao once. I wasn't really sure how mature > they > >were. Can anyone offer an opinion of how complete both of these are > compared > >to what RHEL ES presently represents, please? > > > > http://www.redhat.com/archives/taroon-list/2004-March/msg00240.html > > http://www.redhat.com/archives/taroon-list/2004-March/msg00243.html > > http://updates.redhat.com/enterprise/ > > -- > shrek-m > Exceptionally cogent and informative answer - Thanks, Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sat May 1 10:38:29 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:57 2006 Subject: Help with queue backup In-Reply-To: <8BD06A60242B4341B8919A4AC958C1D0181BC8@busted.dandd.com> References: <8BD06A60242B4341B8919A4AC958C1D0181BC8@busted.dandd.com> Message-ID: <40937015.1070704@ucgbook.com> Vicchiullo, Rob wrote: > # metadb > # metastat Thanks for posting that Rob. I have looked into it more now and it seems that c0t0d0 is the real problem. Your mirroring of four mount points doesn't stress the second drive (c0t1d0) that much so that leaves /var/spool/mqueue as the mount point that adds too much load to one drive. Some things to do, from easy to medium: 1. Mount /var/mail, /var/spool/clientmqueue and /var/spool/mqueue with noatime to save some disk writes. See an example from my vfstab (the last column is the interesting one): /dev/md/dsk/d30 /dev/md/rdsk/d30 /queues ufs 1 yes noatime,logging 2. Mount /var/spool/MailScanner/incoming as tmpfs, see example: swap - /var/spool/MailScanner/incoming tmpfs - yes - I don't remember if you already did this but it's important and risk free. 3. The two big r/w intensive directories are /var/spool/mqueue and /var/spool/mqueue.in (if you use default MS directories), that's why you load c0t0d0s7 and c0t0d0s4 (d3) so much. They should be spread to two different disks, preferably to two different controllers as well. I guess you have two 18 GB internal drives and an external array, maybe an A1000 or similar? You could change the incoming queue directory (/var/spool/mqueue.in) to /export/home/mqueue.in or /var/mail/mqueue.in temporarily to test how it will perform. If that works better for you. you should think about some repartitioning of those big partitions, or you could just keep it that way if it doesn't bother you. 4. You could also be bogged down by syslogging to /var (d3). If you want to you could mount /var too with no atime (see 1). You could also syslog to another host via a second network adapter. Keep us posted, this is interesting. :-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMNETWORKS.NET Sat May 1 10:51:40 2004 From: david at PLATFORMNETWORKS.NET (David Hooton) Date: Thu Jan 12 21:24:57 2006 Subject: Script to reverse "deliver attachment" Message-ID: <200405010951.i419pYO14125@mx1.mailsecurity.net.au> Hi All, Does anyone have a script that can be run on an MBOX to reverse the delivery action "deliver attachment"? I've got a fairly large set of mbox files which have been hand sorted, but the messages are all attached so they are no good to train bayes. Any help hugely appreciated!! Regards, ? David Hooton ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Sat May 1 10:58:35 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:57 2006 Subject: Help with queue backup In-Reply-To: <40937015.1070704@ucgbook.com> References: <8BD06A60242B4341B8919A4AC958C1D0181BC8@busted.dandd.com> <40937015.1070704@ucgbook.com> Message-ID: <1083405514.31086.11.camel@bach.kevinspicer.co.uk> On Sat, 2004-05-01 at 10:38, Peter Bonivart wrote: > 3. The two big r/w intensive directories are /var/spool/mqueue and > /var/spool/mqueue.in (if you use default MS directories), that's why you > load c0t0d0s7 and c0t0d0s4 (d3) so much. They should be spread to two > different disks, preferably to two different controllers as well. > > I guess you have two 18 GB internal drives and an external array, maybe > an A1000 or similar? You could change the incoming queue directory > (/var/spool/mqueue.in) to /export/home/mqueue.in or /var/mail/mqueue.in > temporarily to test how it will perform. If that works better for you. > you should think about some repartitioning of those big partitions, or > you could just keep it that way if it doesn't bother you. Peter, Whilst I agree with everything else you've said I have a different understanding on the above issue. My understanding is that mqueue.in and mqueue should be on the same partition, because then to move files between directories all MailScanner needs to do is a link/unlink action. By splitting the spools onto different partitions MailScanner needs to actually copy the files, adding read and write overhead. I'd guess this is less of an issue if you routinely change clean messages (by using Sign Clean Messages for example), since this requires MS to rebuild the message anyway (which in itself can be a big performance hit). One further note for the archives (not relevent to the original poster who is running Solaris 8 I think), the noatime flag was only added to Solaris on Solaris 7 or 8 (can't remember which, but I have tried to use it on a Solaris 2.6 machine and failed). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Sat May 1 11:08:46 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:57 2006 Subject: tao Linux In-Reply-To: <20040501014201.97FBF21C2DE@mail.fsl.com> References: <20040501014201.97FBF21C2DE@mail.fsl.com> Message-ID: <1083406126.31086.20.camel@bach.kevinspicer.co.uk> On Sat, 2004-05-01 at 02:42, Stephen Swaney wrote: > > http://www.redhat.com/archives/taroon-list/2004-March/msg00240.html > > > > http://www.redhat.com/archives/taroon-list/2004-March/msg00243.html > > > > http://updates.redhat.com/enterprise/ > > > > -- > > shrek-m > > > > Exceptionally cogent and informative answer - Thanks, I'd just like to add one point to that. Since the sources are GPL'd (in the main) RH are required to make them available to anyone to whom they distribute the binaries. Because they are GPL'd they cannot prevent that person from further distributing the SRPMS, therefore all that is needed is for one person on the Whitebox/ Taos/ CaOS teams to own a licence for RHEL and they have a right of access to the sources and a right to redistribute. The Tao site say that the primary author [if author is really the right word] has two RHEL machines which he keeps because he wants their support on it as they are mission critical systems. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sat May 1 11:40:56 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:57 2006 Subject: Help with queue backup In-Reply-To: <1083405514.31086.11.camel@bach.kevinspicer.co.uk> References: <8BD06A60242B4341B8919A4AC958C1D0181BC8@busted.dandd.com> <40937015.1070704@ucgbook.com> <1083405514.31086.11.camel@bach.kevinspicer.co.uk> Message-ID: <40937EB8.1090908@ucgbook.com> Kevin Spicer wrote: > My understanding is that mqueue.in and mqueue should be on the same > partition, because then to move files between directories all > MailScanner needs to do is a link/unlink action. By splitting the > spools onto different partitions MailScanner needs to actually copy the > files, adding read and write overhead. Yes, you're right but in this case he's overloading one disk and needs to transfer some I/O off of it. I think it's well worth a test, he only needs to create a mqueue.in directory on one of those partitions and change one line in MailScanner.conf and his Sendmail start script to test it. > One further note for the archives (not relevent to the original poster > who is running Solaris 8 I think), the noatime flag was only added to > Solaris on Solaris 7 or 8 (can't remember which, but I have tried to use > it on a Solaris 2.6 machine and failed). It was added in 7. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Sat May 1 11:56:56 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:57 2006 Subject: Help with queue backup In-Reply-To: <40937EB8.1090908@ucgbook.com> References: <8BD06A60242B4341B8919A4AC958C1D0181BC8@busted.dandd.com> <40937015.1070704@ucgbook.com> <1083405514.31086.11.camel@bach.kevinspicer.co.uk> <40937EB8.1090908@ucgbook.com> Message-ID: <1083409016.31076.26.camel@bach.kevinspicer.co.uk> On Sat, 2004-05-01 at 11:40, Peter Bonivart wrote: > Kevin Spicer wrote: > > My understanding is that mqueue.in and mqueue should be on the same > > partition, because then to move files between directories all > > MailScanner needs to do is a link/unlink action. By splitting the > > spools onto different partitions MailScanner needs to actually copy the > > files, adding read and write overhead. > > Yes, you're right but in this case he's overloading one disk and needs > to transfer some I/O off of it. I think it's well worth a test, he only > needs to create a mqueue.in directory on one of those partitions and > change one line in MailScanner.conf and his Sendmail start script to > test it. Another idea (although more involved to do, as it involves some shuffling) is to create a striped metadevice accross two partitions on different disks (and ideally different controllers), and use that for the /var/spool partition. That would give the benefit of spreading the load, without the extra IO from MailScanner caused by splitting the spool directory. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sat May 1 12:17:52 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:57 2006 Subject: Detected HTML-specific exploits In-Reply-To: References: Message-ID: <40938760.2010805@ucgbook.com> Andrew Stubbs wrote: > Allow IFrame Tags = yes > Allow Form Tags = yes > Allow Object Codebase Tags = yes You should have a line like this in MailScanner.conf: Allow Script Tags = no If you don't maybe you didn't run the upgrade_MailScanner_conf script? -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From andrews at stusoft.com Sat May 1 12:29:52 2004 From: andrews at stusoft.com (Andrew Stubbs) Date: Thu Jan 12 21:24:57 2006 Subject: Detected HTML-specific exploits In-Reply-To: <40938760.2010805@ucgbook.com> Message-ID: >>If you don't maybe you didn't run the upgrade_MailScanner_conf script? Or just bite the bullet and actually do the upgrade to the current version 8) Thanx Andrew -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 1 12:39:36 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:57 2006 Subject: SweepViruses.pm: minor patch to 4.29.7, for 4.30 In-Reply-To: References: <40924CEE.4748.2E18ABD1@localhost> Message-ID: <6.0.1.1.2.20040501123906.04391f18@imap.ecs.soton.ac.uk> All done. Now outputs either "SophosSAVI::" or "ClamAVModule::" at the start of the log output from each scanner. At 21:00 30/04/2004, you wrote: >Julian, > This is fine by me, I can work with whatever you implement here. > >Jeff Earickson > >On Fri, 30 Apr 2004, Mark Nienberg wrote: > > > Date: Fri, 30 Apr 2004 12:56:14 -0700 > > From: Mark Nienberg > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: SweepViruses.pm: minor patch to 4.29.7, for 4.30 > > > > > > On 30 Apr 2004 at 8:59, Julian Field wrote: > > > You can't do that without changing the parser. You got away with it as > > > you also mistakenly changed the separator from ":: " to "::" so it > > > didn't pick up your change. I'll fix it for you and put it in 4.30. > > > > > > At 15:32 29/04/2004, you wrote: > > > >The purpose of the patch is to > > > >change the syslog output for ClamAVmodule and SophosSAVI from: > > > > > > > >MailScanner[29668]: INFECTED:: W32/Bagle-AA:: (pathname) > > > >MailScanner[29668]: INFECTED:: Worm.Bagle.Z:: (pathname) > > > > > > > >to: > > > > > > > >MailScanner[24988]: INFECTED::SophosSAVI:: W32/Bagle-AA:: (pathname) > > > >MailScanner[24988]: INFECTED::ClamAVModule:: Worm.Bagle.Z:: > > > >(pathname) > > I wonder if it would be better to change it to something like: > > MailScanner[24988]: SophosSAVI::INFECTED:: W32/Bagle-AA:: (pathname) > > so it wouldn't break all of the log parsing scripts that currently > search for > > INFECTED and expect to find the virus name immediately after. > > -- > > Mark W. Nienberg, SE > > Tipping Mar + associates > > 1906 Shattuck Ave, Berkeley, CA 94704 > > (510) 549-1906 > > visit our website www.tippingmar.com > > -------------------------- MailScanner list ---------------------- To > leave, > > send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, > please see > > the Most Asked Questions at http://www.mailscanner.biz/maq/ and the > archives > > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 1 12:45:52 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:57 2006 Subject: Problem With PDF Files - SOLVED In-Reply-To: <200405010129.i411TEU17034@mx1.mailsecurity.net.au> References: <6.0.1.1.2.20040430170904.04253d00@imap.ecs.soton.ac.uk> <200405010129.i411TEU17034@mx1.mailsecurity.net.au> Message-ID: <6.0.1.1.2.20040501124010.043b0ca8@imap.ecs.soton.ac.uk> At 02:29 01/05/2004, you wrote: > > >Can we produce a list of the MIME-types that MailScanner should not sign. > > >At the moment it will sign any in-line text/* section. I can easily put > > in > > >a little list of exceptions to catch things like text/pdf. What are the > > >MIME types used by Outlook for these messages? > > > > > >It would be good to get this fixed before the next release, so the next > > >release will have to wait until we get this resolved. > > > > Or would I be better off only signing text/plain and text/html? > >Hmm, I like this method better than the other, /however/ I have a feeling it >may result in a heap of "corrections" post initial release. Could this list >of mime types be included in a ruleset? I will restrict it to text/plain and text/html. Time will tell if this is okay. >I don't really want to make yet another option in the config file if we >don't have to, but perhaps this might be easiest even if it's only while >this feature is in unstable mode. I don't think this will be a big enough problem to warrant yet another config option. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sat May 1 13:02:05 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:24:57 2006 Subject: simple question!!! Why? Message-ID: <38531FBA30509D418523F41CC6E981D827EAAD@securenetdc.securenet.co.il> 1. Martin thanks a lot 2. about RBL lists, where I configure the RBL list in the spamassassin/MailScanner ? I know this line in the MailScanner.conf "Spam List = ORDB-RBL # MAPS-RBL+ costs money (except .ac.uk)" but I don't know if this line OK or NOT. 3. I looked over this file "spam.assassin.prefs.conf" and I found this : whitelist_from monty@roscom.com Who is "monty@roscom.com" and why I am getting my whitelist from him ? Thanks. -----Original Message----- From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] Sent: Thursday, April 29, 2004 2:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: simple question!!! Why? Idan yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Idan Plotnik wrote: > Hi Martin > > thanks a lot for your help!!!. > I just need to copy the files (ruls) into this directory and make sure > that to user have access to them ? > > Thanks > > > -----Original Message----- > From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] > Sent: Thursday, April 29, 2004 1:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: simple question!!! Why? > > d'oh > > http://www.rulesemporium.com/ > > add them into /etc/mail/spamassasin > > make sure they are readable by the MailScanner user and restart > MailScanner. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Idan Plotnik wrote: > >>Hi Martin, >> >>1. The link is not working >>2. how do I install these rules on my MailScanner, I thinks this is >>the solution !!! Thanks a lot. >> >> >>-----Original Message----- >>From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] >>Sent: Thursday, April 29, 2004 12:37 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: simple question!!! Why? >> >>Idan >> >>it hit the following rules on my system.. >> >>score=5.971, required 5, BAYES_44 -0.00, BIZ_TLD 0.10, > > FCS_URI_NODOTS > >>0.35, LARGE_HEX 1.16, LG_4C_2V_3C 0.05, OACYS_CONS_6 1.00, > > OACYS_HASH > >>1.00, PLING_PLING 0.65, SARE_ADULT2 1.67 >> >>I've got alot of the rules in www.ruleemporium.org loaded (not the >>bigevil.cf!) >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept for the >>presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>For further info about MailScanner, please see the Most Asked >>Questions at http://www.mailscanner.biz/maq/ and the archives >>at http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > For further info about MailScanner, please see the Most Asked > Questions at http://www.mailscanner.biz/maq/ and the archives > at http://www.jiscmail.ac.uk/lists/mailscanner.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk For further info about MailScanner, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 1 14:55:28 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:57 2006 Subject: ANNOUNCE: Stable version 4.30 released Message-ID: <6.0.1.1.2.20040501145037.04539150@imap.ecs.soton.ac.uk> Hi folks, I have just released a new MailScanner stable release 4.30. Main highlights in this month's release are more improvements to the handling of zip files, decoding attachments and support for the AVG virus scanner. I have also improved the SRPM files in the Linux releases so that it will install much more easily on new RedHat and SuSE distributions. Download as usual from www.mailscanner.info. The Change Log for this release is: * New Features and Improvements * - Zip files can now be located either by filename or by file contents, so you can effectively control whether your users can avoid zip file checking by renaming ".zip" to "_zip" for example. Note this does not affect virus checking, the contents of zip files will still be scanned for viruses. Note that this works with self-extracting zip files as well. The configuration option is called "Find Archives By Content" and is on by default. - Tightened up MIME decoder to catch more of the tests at www.testvirus.org. - Added support for Grisoft AVG virus scanner. Thanks to Rick Cooper for his hard work on this. - BitDefender wrapper and autoupdate scripts now support both old and new versions without any modifications needed. They find the version automatically. - The upgrade_MailScanner_conf command now preserves all your custom %variable% settings. - Linux cron job scripts added to tarball distribution. - Made the spam tag come before the virus tag on infected messages so that spam can be dumped more easily automatically. - Added support for SpamAssassin version 3. - Added new configuration options so that RBL's (and SpamAssassin) can have their network checks disabled is they fail more than a certain fraction of the time. This is very good for finding unreliable RBL's that don't always fail and are therefore not found by the "max timeouts" settings. - Added new configuration option "Ignore Spam Whitelist If Recipients Exceed" to catch spammers who deliver messages to lots of recipients, including one recipient who chooses to receive all their spam. - Added link to the Ellen MacArthur Trust to the home page. Please support this charity, they perform excellent work in an area that is very close to my heart. - Improved update_virus_scanners so it ignores the lock if it is old. - Added scanner name to log output from library-based virus scanners modules. - Improved building of SRPMs so they work on all RedHat and SuSE versions. * Fixes * - Debian fix for their different dir structure causing problems with update_virus_scanners. - Fixed problem where some HTML messages from Yahoo did not have the clean message signature added to their HTML portion. - Fixed problem with some systems not rewinding file extraction directory properly. - Fix to avoid problems in Qmail with regular expression match which reading Qf file. - Messages with too many attachments should get a proper report now. - Quarantine and Incoming Queue group memberships should now work properly for non-root users. - Now only signs text/plain and text/html sections, so some PDF files and Outlook messages are not corrupted. P.S. MailScanner has now passed 1/4 million downloads! -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Sat May 1 14:55:28 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:57 2006 Subject: ANNOUNCE: Stable version 4.30 released Message-ID: <6.0.1.1.2.20040501145037.04539150@imap.ecs.soton.ac.uk> Hi folks, I have just released a new MailScanner stable release 4.30. Main highlights in this month's release are more improvements to the handling of zip files, decoding attachments and support for the AVG virus scanner. I have also improved the SRPM files in the Linux releases so that it will install much more easily on new RedHat and SuSE distributions. Download as usual from www.mailscanner.info. The Change Log for this release is: * New Features and Improvements * - Zip files can now be located either by filename or by file contents, so you can effectively control whether your users can avoid zip file checking by renaming ".zip" to "_zip" for example. Note this does not affect virus checking, the contents of zip files will still be scanned for viruses. Note that this works with self-extracting zip files as well. The configuration option is called "Find Archives By Content" and is on by default. - Tightened up MIME decoder to catch more of the tests at www.testvirus.org. - Added support for Grisoft AVG virus scanner. Thanks to Rick Cooper for his hard work on this. - BitDefender wrapper and autoupdate scripts now support both old and new versions without any modifications needed. They find the version automatically. - The upgrade_MailScanner_conf command now preserves all your custom %variable% settings. - Linux cron job scripts added to tarball distribution. - Made the spam tag come before the virus tag on infected messages so that spam can be dumped more easily automatically. - Added support for SpamAssassin version 3. - Added new configuration options so that RBL's (and SpamAssassin) can have their network checks disabled is they fail more than a certain fraction of the time. This is very good for finding unreliable RBL's that don't always fail and are therefore not found by the "max timeouts" settings. - Added new configuration option "Ignore Spam Whitelist If Recipients Exceed" to catch spammers who deliver messages to lots of recipients, including one recipient who chooses to receive all their spam. - Added link to the Ellen MacArthur Trust to the home page. Please support this charity, they perform excellent work in an area that is very close to my heart. - Improved update_virus_scanners so it ignores the lock if it is old. - Added scanner name to log output from library-based virus scanners modules. - Improved building of SRPMs so they work on all RedHat and SuSE versions. * Fixes * - Debian fix for their different dir structure causing problems with update_virus_scanners. - Fixed problem where some HTML messages from Yahoo did not have the clean message signature added to their HTML portion. - Fixed problem with some systems not rewinding file extraction directory properly. - Fix to avoid problems in Qmail with regular expression match which reading Qf file. - Messages with too many attachments should get a proper report now. - Quarantine and Incoming Queue group memberships should now work properly for non-root users. - Now only signs text/plain and text/html sections, so some PDF files and Outlook messages are not corrupted. P.S. MailScanner has now passed 1/4 million downloads! -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 1 15:04:43 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:57 2006 Subject: simple question!!! Why? In-Reply-To: <38531FBA30509D418523F41CC6E981D827EAAD@securenetdc.securen et.co.il> References: <38531FBA30509D418523F41CC6E981D827EAAD@securenetdc.securenet.co.il> Message-ID: <6.0.1.1.2.20040501150225.042b4d30@imap.ecs.soton.ac.uk> At 13:02 01/05/2004, you wrote: >1. Martin thanks a lot >2. about RBL lists, where I configure the RBL list in the >spamassassin/MailScanner ? > I know this line in the MailScanner.conf "Spam List = ORDB-RBL # >MAPS-RBL+ costs money (except .ac.uk)" > but I don't know if this line OK or NOT. That is where to put RBL lists in MailScanner.conf. The names (such as ORDB-RBL) that you use in that line must be defined in spam.lists.conf. The format of that file is obvious, if you need to change it. >3. I looked over this file "spam.assassin.prefs.conf" and I found this : > >whitelist_from monty@roscom.com > >Who is "monty@roscom.com" and why I am getting my whitelist from him ? It is a sample email address. You are not getting your whitelist from him, you are whitelisting messages from him. It means "whitelist messages from" and not "get whitelist from". -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Sat May 1 15:00:06 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:57 2006 Subject: simple question!!! Why? In-Reply-To: <38531FBA30509D418523F41CC6E981D827EAAD@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EAAD@securenetdc.securenet.co.il> Message-ID: Idan Plotnik wrote: > 1. Martin thanks a lot > 2. about RBL lists, where I configure the RBL list in the > spamassassin/MailScanner ? > I know this line in the MailScanner.conf "Spam List = ORDB-RBL # > MAPS-RBL+ costs money (except .ac.uk)" > but I don't know if this line OK or NOT. This is for RBL lists in MailScanner. For spamassassin, it is in spam.assassin.prefs.conf. See this setting: # By default, SpamAssassin will run RBL checks. If your ISP already # does this, set this to 1. # # skip_rbl_checks 1 > > 3. I looked over this file "spam.assassin.prefs.conf" and I found this : > > whitelist_from monty@roscom.com > > Who is "monty@roscom.com" and why I am getting my whitelist from him ? # Monty Solomon: he posts from an ISP that has often been the source of spam # (no fault of his own ;), and sometimes uses Bcc: when mailing. -this comes with spamassassin. > > Thanks. > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From evertjan at VANRAMSELAAR.NL Sat May 1 16:10:15 2004 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:24:57 2006 Subject: "Virus Scanner Test #21" undetected? Message-ID: <4093BDD7.2050303@vanramselaar.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, I just upgrade MailScanner to the latest version 4.30.3-1 and decided to test my configuration via http://www.testvirus.org . Of the 25 tests, one slipped through: Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability" MailScanner stated this message as clean. Is this something to worry about? - -- ~ Evert Jan van Ramselaar ~ Van Ramselaar Info Tech Mail pgpkey@vanramselaar.nl to get my G/PGP Public Key. Key fingerprint = 4F2A 56C4 F9C3 FA36 3ED8 DEC8 B50C D425 1202 DA95 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAk73WtQzUJRIC2pURAqkuAJ9+HJvK6u8TxVqAk/TtJZP3ScLo0wCg4ZiK gt0F5TFh2e/U/79Nd8K3RsI= =Pps7 -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 1 16:22:28 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: "Virus Scanner Test #21" undetected? In-Reply-To: <4093BDD7.2050303@vanramselaar.nl> References: <4093BDD7.2050303@vanramselaar.nl> Message-ID: <6.0.1.1.2.20040501161716.046f3df0@imap.ecs.soton.ac.uk> At 16:10 01/05/2004, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi there, > >I just upgrade MailScanner to the latest version 4.30.3-1 and decided to >test my configuration via http://www.testvirus.org . > >Of the 25 tests, one slipped through: >Test #21: Eicar virus within zip file hidden using the "Long MIME >Boundary Vulnerability" > >MailScanner stated this message as clean. Is this something to worry about? The test is basically this: 1. Set the MIME boundary to a string as normal 2. Check to see if the MIME boundary turns up as a string starting with (1) But catching this as an attack completely stops Eudora from working, as it uses 1 MIME boundary per message, tacking things on the end as necessary for other bits of the MIME structure. So it's really an artificial test of the software that the guys who own testvirus.org are trying to sell. Allowing this test to pass would actually break quite a few messages. So I have no real intention of changing things so that the test passes. Don't for a minute assume that testvirus.org is "independent" just because it is a .org domain. It's not. Check the whois record to see who really owns it. It is owned by Excedent (check out www.excedent.com to see who they really are). -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Sat May 1 16:17:25 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:58 2006 Subject: "Virus Scanner Test #21" undetected? In-Reply-To: <4093BDD7.2050303@vanramselaar.nl> References: <4093BDD7.2050303@vanramselaar.nl> Message-ID: Evert Jan van Ramselaar wrote: > Hi there, > > I just upgrade MailScanner to the latest version 4.30.3-1 and decided to > test my configuration via http://www.testvirus.org . > > Of the 25 tests, one slipped through: > Test #21: Eicar virus within zip file hidden using the "Long MIME > Boundary Vulnerability" > > MailScanner stated this message as clean. Is this something to worry about? http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0403&L=mailscanner&P=R141186&I=-1 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From evertjan at VANRAMSELAAR.NL Sat May 1 16:31:48 2004 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:24:58 2006 Subject: "Virus Scanner Test #21" undetected? In-Reply-To: <6.0.1.1.2.20040501161716.046f3df0@imap.ecs.soton.ac.uk> References: <4093BDD7.2050303@vanramselaar.nl> <6.0.1.1.2.20040501161716.046f3df0@imap.ecs.soton.ac.uk> Message-ID: <4093C2E4.70605@vanramselaar.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field shared the following on 01-05-04 17:22: | But catching this as an attack completely stops Eudora from working, as it | uses 1 MIME boundary per message, tacking things on the end as necessary | for other bits of the MIME structure. | | So it's really an artificial test of the software that the guys who own | testvirus.org are trying to sell. Allowing this test to pass would actually | break quite a few messages. So I have no real intention of changing things | so that the test passes. | | Don't for a minute assume that testvirus.org is "independent" just because | it is a .org domain. It's not. Check the whois record to see who really | owns it. Ok, thanks for explaining this to me Julian. The good part of this all is, the other 24 test messages are being stopped by MailScanner! I've been using MailScanner for a long time now and I am often amazed by your "addictive" dedication! Keep up the good work and thanks a lot for this great piece of software! Oh and btw, 3.30.3-1 is working like a charm so far. - -- ~ Evert Jan van Ramselaar ~ Van Ramselaar Info Tech Mail pgpkey@vanramselaar.nl to get my G/PGP Public Key. Key fingerprint = 4F2A 56C4 F9C3 FA36 3ED8 DEC8 B50C D425 1202 DA95 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAk8LktQzUJRIC2pURAjMxAKCW2B+zJS54klvy1LZBHdFtGSsk0wCg8ErW +O4wz2DUgcZ4NJXwlHgnkWg= =h1EQ -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From zichovsky at TRUL.CZ Sat May 1 21:38:57 2004 From: zichovsky at TRUL.CZ (Pavel Zichovsky) Date: Thu Jan 12 21:24:58 2006 Subject: AVG Support Message-ID: On Mon, 5 Apr 2004 13:22:08 -0500, Quintin Giesbrecht wrote: >Also, those that are using AVG - which license did you buy? Can you get >away with the smallest they offer, because technically I am not scanning >mail-boxes as this is a relay - there are no mail-boxes on this >server...does anyone know if that will work? Thanks > I was discussing this with Grisoft (with one of their chiefs) last week. Resume is: If you are scannig e-mail passing through Linux server, You must buy AVG Linux Email Server Edition. You cannot use multilicence or any other licence type, just "LESE". If you are runnig avg on "end" server (server is delivering incoming mail to mailboxes on it) you have to buy LESE according to number of real mailboxes (readed by humans) or for 1 server (any number of mailboxes). If you are runing avg on "relay" server (incoming mail is scanned and sent out to other server) - which is your way - you have to buy license for 1 server (not for mailboxes). Hope it is clear, my english is not so good :-) With regards Pavel Zichovsky (zichovsky@trul.cz) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From matt at dworkin.org Sat May 1 21:40:04 2004 From: matt at dworkin.org (Matt Roberts) Date: Thu Jan 12 21:24:58 2006 Subject: KickMessage/qmgr error Message-ID: <20040501204001.M87303@dworkin.org> Hi MailScanner seems to work just fine (all appropriate spam and virus notifications/quarantining, messages received and delivered ok). However, after every batch examination by MailScanner I get this message in my mail log: May 1 15:49:52 Prime MailScanner[7213]: KickMessage failed as couldn't write to /var/spool/postfix/public/qmgr, No such device or address I'm using Postfix 2.0.19 with most recent MailScanner (4.22?) all installed from source (pet hate of RPMs) on SuSE 8.2 with kernel 2.4.20 (with all current security patches but nothing more). Postfix settings in MailScanner.conf: Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix.in/deferred Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Most relevant file system listings: ls -l /var/spool -l drwxr-xr-x 15 root postfix 360 Dec 15 23:09 postfix drwxr-xr-x 14 root postfix 336 Apr 29 16:36 postfix.in ls -l /var/spool/postfix drwx------ 18 postfix root 432 May 1 16:14 incoming drwx--x--- 2 postfix maildrop 168 Apr 29 19:12 public ls -l /var/spool/postfix/public srw-rw-rw- 1 postfix postfix 0 Apr 29 19:12 qmgr On a second server I manage this error does not occur, the only difference between the two being that it runs Postfix 2.0.16 and: ls -l /var/spool/postfix/public prw--w--w- 1 postfix postfix 0 May 1 20:17 qmgr I beleive that between 2.0.16 and 2.0.19 postfix moved from using its old qmgr to nqmgr as default. Not sure if that relates to the difference in listing between 'p' and 's' (pipe and socket I assume?) If the problem qmgr is deleted and recreated with mknod as a pipe it fails for postfix before even getting to test it with MailScanner. Deleteing is and letting psotfix recreate it on startup creates it as the socket listing above. To the best of my knowledge the only drawback of this whole thing is a long- ish delay between MailScanner processing and actual message delivery. No idea what kickmessage relates to, but I had thought it was to coerce qmgr into not waiting around for its normal polling cycle and just deliver the messages then and there? Thanks for any help, MailScanner (even with this error) is proving to be a real boon! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Sat May 1 22:12:09 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:58 2006 Subject: Clarification on stopping outbound spam scanning Message-ID: <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> Hello everyone. Just want to check on to see if my setup is working correctly. I have setup MailScanner to not scan outbound mail for spam from a internal mail server. Following these threads: http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0306&L=mailscanner&P=R52562&I=-1 http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0403&L=mailscanner&P=R203572&I=-1 I did the following: changed Spam Checks to... Spam Checks = /usr/local/etc/MailScanner/rules/spam.rules Created the spam.rules file and added the following: From: 192.168.1.165 no FromOrTo: default yes After restarting MS, I sent a piece of mail through to see if it would be scanned and saw the following: May 1 14:08:01 mail sm-mta-in[238]: i41L817V000238: from=, size=700, class=0, nrcpts=1, msgid=<5.2.1.1.0.20040501140912.00aeff50@pop.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=[192.168.1.165] May 1 14:08:01 mail sm-mta-in[238]: i41L817V000238: to=, delay=00:00:00, mailer=esmtp, pri=30700, stat=queued May 1 14:08:02 mail MailScanner[227]: New Batch: Scanning 1 messages, 1224 bytes May 1 14:08:02 mail MailScanner[227]: Spam Checks: Starting May 1 14:08:02 mail MailScanner[227]: Virus and Content Scanning: Starting May 1 14:08:03 mail MailScanner[227]: Uninfected: Delivered 1 messages May 1 14:08:04 mail sendmail[249]: i41L817V000238: to=, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=120700, relay=mx2.mail.yahoo.com. [64.156.215.18], dsn=2.0.0, stat=Sent (ok dirdel) Right in the middle, it stays Spam Checks: Starting So it appears I missed something and haven't been able to figure it out. I appreciate any help that you can lend me. Cheers, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 1 22:18:38 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: Clarification on stopping outbound spam scanning In-Reply-To: <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com > References: <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> Message-ID: <6.0.1.1.2.20040501221721.0433cd18@imap.ecs.soton.ac.uk> At 22:12 01/05/2004, you wrote: >Hello everyone. > >Just want to check on to see if my setup is working correctly. I have setup >MailScanner to not scan outbound mail for spam from a internal mail server. > >Following these threads: > >http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0306&L=mailscanner&P=R52562&I=-1 >http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0403&L=mailscanner&P=R203572&I=-1 > >I did the following: > >changed Spam Checks to... > >Spam Checks = /usr/local/etc/MailScanner/rules/spam.rules > >Created the spam.rules file and added the following: > > >From: 192.168.1.165 no >FromOrTo: default yes > >After restarting MS, I sent a piece of mail through to see if it would be >scanned and saw the following: > >May 1 14:08:01 mail sm-mta-in[238]: i41L817V000238: >from=, size=700, class=0, nrcpts=1, >msgid=<5.2.1.1.0.20040501140912.00aeff50@pop.courtesymortgage.com>, >proto=ESMTP, daemon=MTA, relay=[192.168.1.165] >May 1 14:08:01 mail sm-mta-in[238]: i41L817V000238: >to=, delay=00:00:00, mailer=esmtp, pri=30700, stat=queued >May 1 14:08:02 mail MailScanner[227]: New Batch: Scanning 1 messages, 1224 >bytes >May 1 14:08:02 mail MailScanner[227]: Spam Checks: Starting >May 1 14:08:02 mail MailScanner[227]: Virus and Content Scanning: Starting >May 1 14:08:03 mail MailScanner[227]: Uninfected: Delivered 1 messages >May 1 14:08:04 mail sendmail[249]: i41L817V000238: >to=, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, >pri=120700, relay=mx2.mail.yahoo.com. [64.156.215.18], dsn=2.0.0, stat=Sent >(ok dirdel) > >Right in the middle, it stays Spam Checks: Starting Don't worry about that. It is very hard to work out whether spam checks have been disabled for every message in a batch without doing some time-consuming calculations. So you will always get the log message, even if it happens that every message in the batch has the spam checks disabled. Check the headers of the outgoing messages, and you should find no spam-check headers. >So it appears I missed something and haven't been able to figure it out. > >I appreciate any help that you can lend me. > >Cheers, > >Jason > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From faq at mailscanner.info Sun May 2 00:28:07 2004 From: faq at mailscanner.info (faq@mailscanner.info) Date: Thu Jan 12 21:24:58 2006 Subject: Faq-O-Matic Error Log Message-ID: <200405012328.i41NS7eK023515@seer.ecs.soton.ac.uk> Errors from MailScanner Faq-O-Matic (v. 2.717): 2004-04-27-16-29-49 2.717 error editPart 25651 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.

Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.

(Sequence number in form: 5; in item: 11) 2004-04-28-16-49-49 2.717 error submitPart 29522 <(noID)> Your browser or WWW cache has truncated your POST. 2004-04-28-16-49-58 2.717 error submitPart 29592 <(noID)> Your browser or WWW cache has truncated your POST. 2004-04-28-21-01-57 2.717 error submitPass 30084 <(noID)> Your password may not contain spaces or carriage returns. 2004-04-29-01-09-02 2.717 error editPart 2593 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.

Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.

(Sequence number in form: 2; in item: 3) 2004-04-29-09-23-56 2.717 error editPart 28954 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.

Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.

(Sequence number in form: 5; in item: 11) 2004-04-30-22-19-15 2.717 error editPart 21501 <(noID)> Either someone has changed the answer or category you were editing since you received the editing form, or you submitted the same form twice.

Please [Return to the FAQ] and start again to make sure no changes are lost. Sorry for the inconvenience.

(Sequence number in form: 5; in item: 7) 2004-05-01-19-33-34 2.717 error faq 1279 <(noID)> error: Unknown command. Are you a confused robot or an 3l33t h@X0r? If neither, check with site admin to debug the problem. 2004-05-01-19-33-36 2.717 error faq 1280 <(noID)> error: Unknown command. Are you a confused robot or an 3l33t h@X0r? If neither, check with site admin to debug the problem. 2004-05-01-19-34-34 2.717 error faq 1532 <(noID)> error: Unknown command. Are you a confused robot or an 3l33t h@X0r? If neither, check with site admin to debug the problem. 2004-05-01-19-34-37 2.717 error faq 1533 <(noID)> error: Unknown command. Are you a confused robot or an 3l33t h@X0r? If neither, check with site admin to debug the problem. From drew at THEMARSHALLS.CO.UK Sat May 1 22:19:48 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:24:58 2006 Subject: KickMessage/qmgr error In-Reply-To: <20040501210831.M46653@dworkin.org> References: <20040501204001.M87303@dworkin.org> <40940FED.4010104@themarshalls.co.uk> <20040501210831.M46653@dworkin.org> Message-ID: <40941474.208@themarshalls.co.uk> Matt nqmgr is the 2.1.x default queue manager and better than qmgr, so that's good! On my FreeBSD system I still have prw--w--w- 1 postfix maildrop 0 May 1 22:07 qmgr so I have no idea why your system fancies the srw permissions. Interestingly, my qmgr has 'maildrop' group permissions (Which might be 'postdrop' on Linux). The queue manager just sends out 1 byte messages to the other processes in Postfix allowing the movement of mail through the system. The reason for your delay was due to these messages not being sent (Hence the kick failure). Mail was only being picked up when the timer in master.cf expired (normally 300 seconds) at which point the all the queue directories are checked and mail moved where required (For example from the defer queue for retry). Any way glad it's working. Drew Matt Roberts wrote: >Thanks Drew, > >the switch from qmgr to nqmgr in master.cf seems to have done the trick. I've >still no idea /why/ but hey...! > >Thanks again. > > >---------- Original Message ----------- >From: Drew Marshall >To: Matt Roberts >Sent: Sat, 01 May 2004 22:00:29 +0100 >Subject: Re: [MAILSCANNER] KickMessage/qmgr error > > > >>Matt Roberts wrote: >> >> >> >>>May 1 15:49:52 Prime MailScanner[7213]: KickMessage failed as couldn't >>> >>> >write > > >>>to /var/spool/postfix/public/qmgr, No such device or address >>> >>> >>> >>> >>> >>> >>Matt >> >>What have you got in your master.cf in ../postfix and ../postfix.in? >>Have you tried commenting out qmgr and uncommenting nqmgr and seeing if >>this repeats itself? >> >>Drew >> >> >> >------- End of Original Message ------- > > > -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040501/348e9ff8/attachment.html From kevins at BMRB.CO.UK Sat May 1 22:20:39 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:58 2006 Subject: Clarification on stopping outbound spam scanning In-Reply-To: <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> References: <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> Message-ID: <1083446438.24136.4.camel@bach.kevinspicer.co.uk> On Sat, 2004-05-01 at 22:12, Jason Williams wrote: > Right in the middle, it stays Spam Checks: Starting > > So it appears I missed something and haven't been able to figure it out. > It will always say that. It is starting spam checks for the batch, it will then consider whether to apply the spam checks to each message in the batch. The best way to test (assuming you are using SpamAssassin) is to include the GTUBE string in an outgoing mail and see itif gets flagged as spam. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Sat May 1 22:29:25 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:24:58 2006 Subject: Clarification on stopping outbound spam scanning In-Reply-To: <1083446438.24136.4.camel@bach.kevinspicer.co.uk> References: <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040501142742.00b078d8@pop.courtesymortgage.com> Thanks guys... >It will always say that. It is starting spam checks for the batch, it >will then consider whether to apply the spam checks to each message in >the batch. The best way to test (assuming you are using SpamAssassin) >is to include the GTUBE string in an outgoing mail and see itif gets >flagged as spam. Double checked it and it was working perfectly. I even did additional testing by shutting it off, sending some spam, turning it on and sending spam... Worked just like it should... I appreciate it. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sat May 1 22:48:07 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:58 2006 Subject: Clarification on stopping outbound spam scanning In-Reply-To: <5.2.1.1.0.20040501142742.00b078d8@pop.courtesymortgage.com> References: <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> <5.2.1.1.0.20040501141202.00aae9a0@pop.courtesymortgage.com> <5.2.1.1.0.20040501142742.00b078d8@pop.courtesymortgage.com> Message-ID: <40941B17.3010804@ucgbook.com> Jason Williams wrote: > Double checked it and it was working perfectly. > I even did additional testing by shutting it off, sending some spam, > turning it on and sending spam... > > Worked just like it should... > > I appreciate it. > > Jason Will you ever go live? ;-) No one prepped as much as you. That's a good thing of course. :-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From stephen at STEPHENFLETCHER.CO.UK Sun May 2 00:07:37 2004 From: stephen at STEPHENFLETCHER.CO.UK (Stephen Fletcher) Date: Thu Jan 12 21:24:58 2006 Subject: MailScanner.pid??? Message-ID: Hi, I'm running a Cobalt RAQ4 and have just upgraded MailScarrer to version 4.30-3. The install of the rpm package seemed to go fine, but when I try to restart Mailscanner using the command /etc/rc.d/init.d/MailScanner stop it simply wont let me. Having looked at my maillog I get the following error messages repeating every so often: May 2 00:03:13 www MailScanner[14247]: Could not read file /var/run/MailScanner.pid May 2 00:03:13 www MailScanner[14247]: Error in line 118, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read) Having checked out if the MailScanner.pid file exists, it doesnt, I tried running the install script again with no luck. Mailscanner is not scanning any of my emails at the moment, but thankfully I am still receving my email (and spam!). Is it possible for anyone to email me MailScanner.pid file? What are the permissions on the file and /var/run/ directory meant to be? Thanks for your help, Stephen Fletcher stephen@stephenfletcher.co.uk -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sun May 2 00:32:43 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:58 2006 Subject: MailScanner.pid??? In-Reply-To: References: Message-ID: <4094339B.4070405@ucgbook.com> Stephen Fletcher wrote: > Is it possible for anyone to email me MailScanner.pid file? What are the > permissions on the file and /var/run/ directory meant to be? The MailScanner.pid file just contains the process number of the parent process. It's a common way of knowing which process to terminate in a start/stop script. Is MS running? Check with "ps -ef | grep Mail". If it is, kill the lowest process number with "kill xxx" (xxx is the number of course). Wait 10 seconds and then try the start script again. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From David.While at UCE.AC.UK Sun May 2 11:24:57 2004 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender Message-ID: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> I have just upgraded to the latest version of MailScanner and the bitdefender scripts don't work. 1. It is not detected as being installed. This is because bitdefender-wrapper should have $2 not $1 on line 46. 2. There is no message output in the log to indicate whether there was an update or not. I have the new version of bitdefender which has the working --update flag. PS Bitdefender is free for Linux so people may like to consider adding it as another defence. Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a freeware product, which doesn't require a license to be used." David While -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040502/011bd11e/attachment.html From info at VILLAGE-NET.AT Sun May 2 11:27:43 2004 From: info at VILLAGE-NET.AT (Rudolf Kliemstein) Date: Thu Jan 12 21:24:58 2006 Subject: Whitelist on relaying only mailserver Message-ID: <009501c43030$1c1ca7e0$0101a8c0@wohnung> Hi, thx for your reply. Actually this works, but i have one problem: it populates the list but how can i have it in MailScanner? can i specify more than one rules file? Thx Rudi -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sun May 2 11:54:23 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce .ac.uk> References: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> Message-ID: <6.0.1.1.2.20040502115048.02db9be8@imap.ecs.soton.ac.uk> At 11:24 02/05/2004, you wrote: >I have just upgraded to the latest version of MailScanner and the >bitdefender scripts don't work. > >1. It is not detected as being installed. This is because >bitdefender-wrapper should have $2 not $1 on line 46. Wrong. Read line 32. >2. There is no message output in the log to indicate whether there was an >update or not. But if it just does a --update how am I supposed to know if there was an update? What happens if you do /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7 /tmp after you have undone any changes you made to the script. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From eja at urbakken.dk Sun May 2 11:40:08 2004 From: eja at urbakken.dk (Erik Jakobsen) Date: Thu Jan 12 21:24:58 2006 Subject: Problems with updating Message-ID: <200405021240.08522.eja@urbakken.dk> Hi. I'm not sure if my porblem is to be found in all the faq and maq's. I have updated to the last new stable MailScanner, but have problems with the upgrade_MaiScanner_conf. I do this: cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new But the /etc/MailScanner looks like this after upgrade has been ran: [root@urbakken MailScanner]# ls -l total 112 -rw-r--r-- 1 root root 4563 May 1 14:36 filename.rules.conf -rw-r--r-- 1 root root 706 May 1 14:36 filetype.rules.conf -rw-r--r-- 1 root root 68371 Apr 29 07:54 MailScanner.conf -rw-r--r-- 1 root root 0 May 2 12:28 MailScanner.new drwxr-xr-x 2 root root 4096 May 2 12:03 mcp drwxr-xr-x 17 root root 4096 Apr 28 08:50 reports drwxr-xr-x 2 root root 4096 May 2 12:03 rules -rw-r--r-- 1 root root 5402 May 1 14:36 spam.assassin.prefs.conf -rw-r--r-- 1 root root 2969 May 1 14:36 spam.lists.conf -rw-r--r-- 1 root root 2233 May 1 14:36 virus.scanners.conf [ It seems to me, that the MailScanner.conf MailScanner.conf.rpmnew is not there. What might be wrong ?. Yes, I ran the initrd.sh to install the new MailScanner. -- Med venlig hilsen - Best regards. Erik Jakobsen - eja@urbakken.dk. Licensed radioamateur with the callsign OZ4KK. SuSE Linux 9.0 Proff. Registered as user #319488 with the Linux Counter, http://counter.li.org. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Sun May 2 12:15:35 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> References: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> Message-ID: David While wrote: > I have just upgraded to the latest version of MailScanner and the > bitdefender scripts don't work. > > 1. It is not detected as being installed. This is because > bitdefender-wrapper should have $2 not $1 on line 46. > > 2. There is no message output in the log to indicate whether there was > an update or not. > > I have the new version of bitdefender which has the working --update flag. > > > PS Bitdefender is free for Linux so people may like to consider adding > it as another defence. > > Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a > freeware product, which doesn't require a license to be used." Yeah, I saw that yesterday. Can anyone confirm that it can be used with MailScanner without a license?? If it free, I'll use it for sure. > > David While Ugo -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Sun May 2 12:28:33 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:24:58 2006 Subject: Problems with updating In-Reply-To: <200405021240.08522.eja@urbakken.dk> References: <200405021240.08522.eja@urbakken.dk> Message-ID: <4094DB61.1060004@gmx.de> Erik Jakobsen wrote: >I have updated to the last new stable MailScanner, but have problems >with the upgrade_MaiScanner_conf. > >I do this: > >cd /etc/MailScanner >upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > >MailScanner.new >[...] >It seems to me, that the MailScanner.conf MailScanner.conf.rpmnew is >not there. > >What might be wrong ?. > > >Yes, I ran the initrd.sh to install the new MailScanner. > > ./install.sh ?? afaik, if you upgrade from eg. 4.30.x-1 to 4.30.3-1 mailscanner will not create a .rpmnew if nothing was changed in the conf-file i have done an update from 4.29.7-1 to 4.30.3-1, i have an .rpmnew $ rpm -q mailscanner mailscanner-4.29.7-1 # ls *.rpmnew ls: *.rpmnew: Datei oder Verzeichnis nicht gefunden ./install.sh as root [...] # rpm -q mailscanner mailscanner-4.30.3-1 # ls *.rpmnew MailScanner.conf.rpmnew -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sun May 2 12:32:02 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> Message-ID: Hi! > PS Bitdefender is free for Linux so people may like to consider adding > it as another defence. > > Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a > freeware product, which doesn't require a license to be used." Trying this right now, but i noticed the update_virus_scanners didnt see i have it installed. Its in the regular place (/opt/bdc) and when i run manually /usr/lib/MailScanner/bitdefender_autoupdate is updated the sig files. Any idea Julian ? Trying the RPM version from their website: BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm So its using the suggested paths as packed by bitdefender theirselves I also noticed in the /etc/MailScanner/virus.scanners.conf bitdefender /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7 After changing that to /opt/bdc it seems to pick it up ok: bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc/ May 2 13:25:41 vmx01 update.virus.scanners: Found bitdefender installed May 2 13:25:41 vmx01 update.virus.scanners: Running autoupdate for bitdefender There is some stuff in the wrapper i noticed, but thats not picking things up, right now it is, but only with the changed paths in the virus.scanners.conf Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From David.While at UCE.AC.UK Sun May 2 12:33:38 2004 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender Message-ID: <107DE25EC0216C45AEF670016024245F6441CA@exchangea.staff.uce.ac.uk> Saw that but with it set to $1 it doesn't work and with it set to $2 it does work. if you do a --update you have to parse the output of the command. If there was no update it outputs "No update available" - this is what I did in my modified autoupdate script. By default the bitdefender rpm doesn't install in /usr/local/bd7 but in /usr/bin so the output of the command /usr/lib/MailScanner/bitdefender-wrapper /usr/bin /tmp is: // // BDC scan report // // Time: Sun May 2 12:32:34 2004 // Command line: --log=/tmp/log.bdc.26742 /tmp // Core: AVCORE v1.0 (build 2095) (i386) (Dec 10 2003 16:34:47) // Engines: scan: 12, unpack: 3, archive: 34, mail: 6 // Total signatures: 76391 // /tmp/mem100.mdb ok Results: Folders :298 Files :1 Packed :0 Infected files :0 Suspect files :0 Warnings :0 I/O errors :0 Files/second :1 Scan time :00:00:01 David While -----Original Message----- From: MailScanner mailing list on behalf of Julian Field Sent: Sun 02/05/2004 11:54 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: problems with bitdefender At 11:24 02/05/2004, you wrote: >I have just upgraded to the latest version of MailScanner and the >bitdefender scripts don't work. > >1. It is not detected as being installed. This is because >bitdefender-wrapper should have $2 not $1 on line 46. Wrong. Read line 32. >2. There is no message output in the log to indicate whether there was an >update or not. But if it just does a --update how am I supposed to know if there was an update? What happens if you do /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7 /tmp after you have undone any changes you made to the script. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sun May 2 12:36:07 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: Message-ID: Hi! > > Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a > > freeware product, which doesn't require a license to be used." > > Yeah, I saw that yesterday. Can anyone confirm that it can be used with > MailScanner without a license?? If it free, I'll use it for sure. Well, if its free its free, simple :) It runs without a license, and updating also works, with minor adjustments to the MS files, see my other posting. I am testrunning it on two of my boxes, seems ok so far, ohw you have to switch codestatus to beta to get it going... Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sun May 2 12:39:25 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: References: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> Message-ID: <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> At 12:32 02/05/2004, you wrote: >Hi! > > > PS Bitdefender is free for Linux so people may like to consider adding > > it as another defence. > > > > Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a > > freeware product, which doesn't require a license to be used." > >Trying this right now, but i noticed the update_virus_scanners didnt see i >have it installed. Its in the regular place (/opt/bdc) and when i run >manually /usr/lib/MailScanner/bitdefender_autoupdate is updated the sig >files. > >Any idea Julian ? > >Trying the RPM version from their website: >BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm > >So its using the suggested paths as packed by bitdefender theirselves > >I also noticed in the /etc/MailScanner/virus.scanners.conf > >bitdefender /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7 > >After changing that to /opt/bdc it seems to pick it up ok: > >bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc/ > >May 2 13:25:41 vmx01 update.virus.scanners: Found bitdefender installed >May 2 13:25:41 vmx01 update.virus.scanners: Running autoupdate for >bitdefender > >There is some stuff in the wrapper i noticed, but thats not picking things >up, right now it is, but only with the changed paths in the >virus.scanners.conf The preferred path *was* /usr/local/bd7, they must have changed it. Everything should work once virus.scanners.conf points to /opt/bdc (you don't need the trailing / on the end). It's awkward to have 2 default paths for one scanner :-) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sun May 2 12:47:25 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> Message-ID: Hi! > >There is some stuff in the wrapper i noticed, but thats not picking things > >up, right now it is, but only with the changed paths in the > >virus.scanners.conf > > The preferred path *was* /usr/local/bd7, they must have changed it. > Everything should work once virus.scanners.conf points to /opt/bdc (you > don't need the trailing / on the end). I kinda figured. I tried this one before and indeed that was the current path. > It's awkward to have 2 default paths for one scanner :-) Uhm yeah. This is the output of the updater: [root@vmx02 MailScanner]# ./bitdefender-autoupdate BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. /opt/bdc/Plugins/cab.xmd .... updated /opt/bdc/Plugins/cevakrnl.ivd .. updated /opt/bdc/Plugins/cevakrnl.rvd .............. updated /opt/bdc/Plugins/cevakrnl.xmd ............... updated /opt/bdc/Plugins/cran.cvd ..... updated /opt/bdc/Plugins/cran.xmd . updated /opt/bdc/Plugins/dbx.xmd updated /opt/bdc/Plugins/emalware.cvd ............................................................................................................................. updated /opt/bdc/Plugins/emalware.ivd . updated /opt/bdc/Plugins/emalware.xmd . updated /opt/bdc/Plugins/gzip.xmd updated /opt/bdc/Plugins/hqx.xmd updated /opt/bdc/Plugins/iso.xmd updated /opt/bdc/Plugins/java.cvd updated /opt/bdc/Plugins/mbox.xmd updated /opt/bdc/Plugins/mdx.xmd ........ updated /opt/bdc/Plugins/mdx_97.ivd ..... updated /opt/bdc/Plugins/mdx_w95.cvd ........... updated /opt/bdc/Plugins/mdx_x95.cvd updated /opt/bdc/Plugins/mime.xmd updated /opt/bdc/Plugins/mso.xmd updated /opt/bdc/Plugins/na.cvd updated /opt/bdc/Plugins/na.xmd .... updated /opt/bdc/Plugins/nelf.cvd ... updated /opt/bdc/Plugins/pdf.xmd ... updated /opt/bdc/Plugins/pst.xmd . updated /opt/bdc/Plugins/rup.cvd updated /opt/bdc/Plugins/rup.xmd .... updated /opt/bdc/Plugins/sdx.ivd ........ updated /opt/bdc/Plugins/unpack.cvd ........... updated /opt/bdc/Plugins/unpack.ivd ...... updated /opt/bdc/Plugins/unpack.xmd ..... updated /opt/bdc/Plugins/update.txt updated /opt/bdc/Plugins/ve.cvd . updated /opt/bdc/Plugins/ve.xmd ............... updated /opt/bdc/Plugins/zip.xmd .. updated Perhaps you can parse that for the log entry. Didnt see a 'updated' entry yet in the logs. The old one seems to look for added and removed, but not updated So it seems that part also changed ? Perhaps you can grab the rpm and have a look. Speeds of the scanner are also improved, scans pretty fast. If its really free then people will start using it a lot i think, together with clam... Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sun May 2 12:54:44 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: Message-ID: Hi! > This is the output of the updater: > > [root@vmx02 MailScanner]# ./bitdefender-autoupdate > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > /opt/bdc/Plugins/cab.xmd .... updated > /opt/bdc/Plugins/cevakrnl.ivd .. updated > /opt/bdc/Plugins/cevakrnl.rvd .............. updated > /opt/bdc/Plugins/cevakrnl.xmd ............... updated The update server also changed. http://upgrade.bitdefender.com/update7 Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Sun May 2 12:45:07 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> References: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> Message-ID: Could someone be kind enough to send me by mail or post to the list the eventual conclusion to this thread? I really want to try this out, and write a FAQ and put that in the MAQ as well. Thanks, BTW: http://www.anti-virus-software-review.com/ Julian Field wrote: > At 12:32 02/05/2004, you wrote: > >> Hi! >> >> > PS Bitdefender is free for Linux so people may like to consider adding >> > it as another defence. >> > >> > Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a >> > freeware product, which doesn't require a license to be used." >> >> Trying this right now, but i noticed the update_virus_scanners didnt >> see i >> have it installed. Its in the regular place (/opt/bdc) and when i run >> manually /usr/lib/MailScanner/bitdefender_autoupdate is updated the sig >> files. >> >> Any idea Julian ? >> >> Trying the RPM version from their website: >> BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm >> >> So its using the suggested paths as packed by bitdefender theirselves >> >> I also noticed in the /etc/MailScanner/virus.scanners.conf >> >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7 >> >> After changing that to /opt/bdc it seems to pick it up ok: >> >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc/ >> >> May 2 13:25:41 vmx01 update.virus.scanners: Found bitdefender installed >> May 2 13:25:41 vmx01 update.virus.scanners: Running autoupdate for >> bitdefender >> >> There is some stuff in the wrapper i noticed, but thats not picking >> things >> up, right now it is, but only with the changed paths in the >> virus.scanners.conf > > > The preferred path *was* /usr/local/bd7, they must have changed it. > Everything should work once virus.scanners.conf points to /opt/bdc (you > don't need the trailing / on the end). > > It's awkward to have 2 default paths for one scanner :-) > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sun May 2 13:34:58 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:24:58 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200405021234.i42CYwHN018925@seer.ecs.soton.ac.uk> New Guestbook-Entry from Angus Schweiger playing http://www.fairslots.com

is one of the most wanted web *********** />
on the other hand web keno

and web poker

are like web slot machines, very popular

we feature you with web slots and

web video poker

From pete at eatathome.com.au Sun May 2 14:10:16 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: References: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> Message-ID: <4094F338.3060501@eatathome.com.au> Anyone got any tips for getting bitdefender working on FreeBSD ? i can only find rpms :( > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sun May 2 12:39:21 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <107DE25EC0216C45AEF670016024245F6441CA@exchangea.staff.uce.ac.uk> Message-ID: Hi! > By default the bitdefender rpm doesn't install in /usr/local/bd7 but in > /usr/bin so the output of the command Uhm no. it will put it in /opt/bdc Both files listed on their website: BitDefender-Console-Antivirus-7.0.1-3.linux-gcc29x.i586.rpm BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm Install in /opt/dbc After changing the virus.scanners.conf (see my other posting) it seems to update just fine. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From eja at urbakken.dk Sun May 2 14:59:00 2004 From: eja at urbakken.dk (Erik Jakobsen) Date: Thu Jan 12 21:24:58 2006 Subject: Problems with updating In-Reply-To: <4094DB61.1060004@gmx.de> References: <200405021240.08522.eja@urbakken.dk> <4094DB61.1060004@gmx.de> Message-ID: <200405021559.00153.eja@urbakken.dk> On Sunday 02 May 2004 13:28, shrek-m@gmx.de wrote: > Erik Jakobsen wrote: > >I have updated to the last new stable MailScanner, but have > > problems with the upgrade_MaiScanner_conf. > > > >I do this: > > > >cd /etc/MailScanner > >upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > > > MailScanner.new > >[...] > >It seems to me, that the MailScanner.conf MailScanner.conf.rpmnew > > is not there. > > > >What might be wrong ?. > > > > > >Yes, I ran the initrd.sh to install the new MailScanner. > > ./install.sh ?? Of course. Thank you :-) > > afaik, > if you upgrade from eg. 4.30.x-1 to 4.30.3-1 > mailscanner will not create a .rpmnew if nothing was changed in the > conf-file > Ok. > i have done an update from 4.29.7-1 to 4.30.3-1, i have an .rpmnew Good. > $ rpm -q mailscanner > mailscanner-4.29.7-1 > # ls *.rpmnew > ls: *.rpmnew: Datei oder Verzeichnis nicht gefunden > > > ./install.sh as root > [...] > > > # rpm -q mailscanner > mailscanner-4.30.3-1 > # ls *.rpmnew > MailScanner.conf.rpmnew > Thank you for your kindly reply shrek-m, and for your good explanation. > -- > shrek-m > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -- Med venlig hilsen - Best regards. Erik Jakobsen - eja@urbakken.dk. Licensed radioamateur with the callsign OZ4KK. SuSE Linux 9.0 Proff. Registered as user #319488 with the Linux Counter, http://counter.li.org. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Sun May 2 15:46:47 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: References: <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> Message-ID: > > Speeds of the scanner are also improved, scans pretty fast. Cool. > > If its really free then people will start using it a lot i think, together > with clam... That is what I plan to do. What is weird, though, is this message at the end of the install: "IMPORTANT: Before using our product, make sure you read the LICENSE file located in /opt/bdc/doc". I've read it quickly and it says it can be used on one computer. I didn't see any references to the # of users. I'm testing it right now... looks fine. > > Bye, > Raymond. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Sun May 2 17:52:29 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:24:58 2006 Subject: AntiVir In-Reply-To: <200405010951.i419pYO14125@mx1.mailsecurity.net.au> Message-ID: <001501c43065$dcd233d0$0100a8c0@cositputer> MailScanner supports the AntiVir scanner and so far, for me, it's worked perfectly - except for one incident where a program called "prelink" kept modifying the antivir executable. I fixed that by uninstalling the prelink rpm from my Fedora Core 1 machine and reinstalling AntiVir. I noticed there was a separate AntiVir for Workstations, which I tried installing after removing the server version. It didn't work from within MailScanner (didn't show up on the logs, didn't pick up EICAR), although update_virus_scanners and the command line wrapper worked perfectly. Does this mean MailScanner only works with AntiVir "server edition", or am I missing something else? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040502/45091c17/smime.bin From mailscanner at ecs.soton.ac.uk Sun May 2 19:01:06 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: AntiVir In-Reply-To: <001501c43065$dcd233d0$0100a8c0@cositputer> References: <200405010951.i419pYO14125@mx1.mailsecurity.net.au> <001501c43065$dcd233d0$0100a8c0@cositputer> Message-ID: <6.0.1.1.2.20040502185900.03fc5e70@imap.ecs.soton.ac.uk> At 17:52 02/05/2004, you wrote: >MailScanner supports the AntiVir scanner and so far, for me, it's worked >perfectly - except for one incident where a program called "prelink" kept >modifying the antivir executable. I fixed that by uninstalling the prelink >rpm from my Fedora Core 1 machine and reinstalling AntiVir. > >I noticed there was a separate AntiVir for Workstations, which I tried >installing after removing the server version. It didn't work from within >MailScanner (didn't show up on the logs, didn't pick up EICAR), although >update_virus_scanners and the command line wrapper worked perfectly. > >Does this mean MailScanner only works with AntiVir "server edition", or am >I missing something else? Can you put an eicar.com in the current directory and run /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir . for each of the 2 editions and see if there is any difference in the output? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Sun May 2 19:10:14 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:24:58 2006 Subject: AntiVir In-Reply-To: <001501c43065$dcd233d0$0100a8c0@cositputer> References: <001501c43065$dcd233d0$0100a8c0@cositputer> Message-ID: <40953986.2020009@themarshalls.co.uk> Alex Neuman wrote: >MailScanner supports the AntiVir scanner and so far, for me, it's worked >perfectly - except for one incident where a program called "prelink" kept >modifying the antivir executable. I fixed that by uninstalling the prelink >rpm from my Fedora Core 1 machine and reinstalling AntiVir. > >I noticed there was a separate AntiVir for Workstations, which I tried >installing after removing the server version. It didn't work from within >MailScanner (didn't show up on the logs, didn't pick up EICAR), although >update_virus_scanners and the command line wrapper worked perfectly. > >Does this mean MailScanner only works with AntiVir "server edition", or am >I missing something else? > > > I have, until recently, been using Antivir in it's free licence version (For home use) but following a system reinstall (And version upgrades of MS, SA etc) it stopped being called by MailScanner. Like you, the update_virus_scanners worked fine and the command line wrapper worked fine. I have no idea why and have given up using it. Any clues on this one would be appreciated. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sun May 2 19:47:10 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: Very minor update: 4.30.3-2 Message-ID: <6.0.1.1.2.20040502194331.0413fc88@imap.ecs.soton.ac.uk> You do not need to replace 4.30.3-1 with -2 if you have already installed it. There are 2 minor corrections in -2 when compared to -1: 1) The perl-Net-CIDR rpm has been updated to 0.09, there was a discrepancy in -1 between the version of this rpm I supplied, and the version it would try to install. 2) The default installation location of BitDefender is now set to /opt/bdc and not /usr/local/bd7. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From mailscanner at ecs.soton.ac.uk Sun May 2 19:47:10 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: Very minor update: 4.30.3-2 Message-ID: <6.0.1.1.2.20040502194331.0413fc88@imap.ecs.soton.ac.uk> You do not need to replace 4.30.3-1 with -2 if you have already installed it. There are 2 minor corrections in -2 when compared to -1: 1) The perl-Net-CIDR rpm has been updated to 0.09, there was a discrepancy in -1 between the version of this rpm I supplied, and the version it would try to install. 2) The default installation location of BitDefender is now set to /opt/bdc and not /usr/local/bd7. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Sun May 2 20:24:32 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:24:58 2006 Subject: AntiVir In-Reply-To: <6.0.1.1.2.20040502185900.03fc5e70@imap.ecs.soton.ac.uk> Message-ID: <001601c4307b$1a780380$0100a8c0@cositputer> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040502/aef34de4/smime.bin From mailscanner at ecs.soton.ac.uk Mon May 3 01:23:16 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:24:58 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200405030023.i430NG4E010887@seer.ecs.soton.ac.uk> New Guestbook-Entry from ricardo schvarchman ricar pleased From mailscanner at BARENDSE.TO Mon May 3 08:54:39 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:24:58 2006 Subject: MCP rules to block Delivery Status Notifications :) Message-ID: Success! Really have no idea what changed but MCP is working for me now :) Attached is a ruleset I created that will block the annoying Delivery Status Notifications. It seems to be working pretty well, all the DSR's are properly filtered out :) This list is just starter, additional rules will have to be created if you are running a non-English MUA / MTA. Unfortunately I could not find the examples anymore but when you are running a Spanish MUA/MTA the body of the read receipt will be in Spanish too but I don't have an example of it. This is a useful example of MCP :) Maybe we could include it with MailScanner. I must say that I do not fully understand all the options in MailScanner.conf for MCP. I would like to block (protect) all e-mails FROM our domains from DRS using these rules but I would like to allow incoming DSR's. Is this possible? MailScanner.conf has these options: Is Definitely MCP = no Is Definitely Not MCP = no I would need an option like Scan for MCP = no or which can be made a ruleset too -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- # # This is where the rules can go for the Message Content Protection system. # Any *.cf file in this directory will be used, so organise them as you like. # # For details on the format of all this, read # man Mail::SpamAssassin::Conf # and look at the *.cf files supplied with SpamAssassin. # # Remember this is not for spam detection, it's for content detection. # header BANNED_HRRNL Subject =~ /Gelezen:/i describe BANNED_HRRNL Blocked read DSR score BANNED_HRRNL 100 header BANNED_HRRES Subject =~ /Le?do:/i describe BANNED_HRRES Blocked read DSR score BANNED_HRRES 100 header BANNED_HRRPT Subject =~ /Lida:/i describe BANNED_HRRPT Blocked read DSR score BANNED_HRRPT 100 header BANNED_HRREN Subject =~ /Read:/i describe BANNED_HRREN Blocked read DSR score BANNED_HRREN 100 header BANNED_HRRPT2 Subject =~ /Lidas:/i describe BANNED_HRRPT2 Blocked read DSR score BANNED_HRRPT2 100 header BANNED_HNRNL Subject =~ /Niet gelezen:/i describe BANNED_HNRNL Blocked not read DSR score BANNED_HNRNL 100 header BANNED_HNRES Subject =~ /No le?do:/i describe BANNED_HNRES Blocked not read DSR score BANNED_HNRES 100 header BANNED_HNREN Subject =~ /Not read:/i describe BANNED_HNREN Blocked not read DSR score BANNED_HNREN 100 body BANNED_BRRPT2 /Esta ? uma confirma??o de recebimento do email que voc? enviou para/i describe BANNED_BRRPT2 Blocked read DSR score BANNED_BRRPT2 100 body BANNED_BRRPT /foi lida em/i describe BANNED_BRRPT Blocked read DSR score BANNED_BRRPT 100 body BANNED_BRREN /was read on/i describe BANNED_BRREN Blocked read DSR score BANNED_BRREN 100 body BANNED_BNREN /was deleted without being read/i describe BANNED_BNREN Blocked read DSR score BANNED_BNREN 100 From pete at eatathome.com.au Mon May 3 01:58:54 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: References: <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> Message-ID: <4095994E.3020200@eatathome.com.au> The wrapper provides the following output and update_virus_scanners only displays any info about clamav, not a word about BD. I am using FreeBSD 4.9/ms4.29-7 and have installed the linux binaries to /opt/bdc, i have added virus scanners = clamav bitdefender, change the supported code status to beta (or i get errors) and changed virus.scanners.conf to "bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc/ " I have checked that linux support is installed and enabled - does anyone have any tips on getting this working on FreeBSD ? or do i need to wait for the port update and upgrade first before trying to fix this? -su-2.05b# kldstat Id Refs Address Size Name 1 2 0xc0100000 43d388 kernel 2 1 0xc5c3c000 15000 linux.ko -su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc/ . cat: /tmp/log.bdc.62830: No such file or directory rm: /tmp/log.bdc.62830: No such file or directory >> >> Speeds of the scanner are also improved, scans pretty fast. > > > Cool. > >> >> If its really free then people will start using it a lot i think, >> together >> with clam... > > > That is what I plan to do. What is weird, though, is this message at > the end of the install: > > "IMPORTANT: Before using our product, make sure you read the LICENSE > file located in /opt/bdc/doc". > > I've read it quickly and it says it can be used on one computer. I > didn't see any references to the # of users. > > I'm testing it right now... looks fine. > >> >> Bye, >> Raymond. >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From zichovsky at TRUL.CZ Mon May 3 09:35:44 2004 From: zichovsky at TRUL.CZ (Pavel Zichovsky) Date: Thu Jan 12 21:24:58 2006 Subject: non english AVG support Message-ID: <40962080.5353.31CE8F@localhost> Hi there! I am runnig MailScanner with AVG as virusscanner. But current release of avg support in MS is not working correctly on my system. Problem is, that because I am in Czech, my server uses Czech locales. And because czech language is also AVG's natural language, all output is in czech. And MailScanner cannot identify virus message, because instead of "Virus identified" in output is "Identifikov?n virus". This problem can be also on other locales (when there will be translations). Solution is quite easy :-) in avg-wrapper script has to be inserted this line just before "exec" command: LANG=EN this will cause AVG to always use english language while scannig for MS, and will not change system locale setting. Maybe you could include this avg-wrapper change in next release of MS. With regards Pavel Zichovsky (zichovsky@trul.cz) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From roger at SOLIDAIR.NL Mon May 3 11:30:12 2004 From: roger at SOLIDAIR.NL (Roger Koot) Date: Thu Jan 12 21:24:58 2006 Subject: bayes_tok.expireXXXX Message-ID: <1083580212.9759.6.camel@azrael.de-verandering> Hi, I'm using spamassassin 2.63 in combination with mailscanner 4.29.7. I enabled the autolearn option and auto whitelists. I've been happy with this for some time, but since yesterday, some bayes_tok.expireXXXX (where XXXX is a number) appeared in my /var/spool/spamassassin directory. What are they supposed to do there ? Is it maybe because a expiration run timed out ? How can I correct this ? thanks in advance Roger -- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 12:21:13 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: MCP rules to block Delivery Status Notifications :) In-Reply-To: References: Message-ID: <6.0.1.1.2.20040503122021.043db2c8@imap.ecs.soton.ac.uk> At 08:54 03/05/2004, you wrote: >Success! > >Really have no idea what changed but MCP is working for me now :) > >Attached is a ruleset I created that will block the annoying Delivery >Status Notifications. > >It seems to be working pretty well, all the DSR's are properly filtered >out :) > >This list is just starter, additional rules will have to be created if >you are running a non-English MUA / MTA. Unfortunately I could not find >the examples anymore but when you are running a Spanish MUA/MTA the body >of the read receipt will be in Spanish too but I don't have an example of >it. > >This is a useful example of MCP :) Maybe we could include it with >MailScanner. > > >I must say that I do not fully understand all the options in >MailScanner.conf for MCP. I would like to block (protect) all e-mails FROM >our domains from DRS using these rules but I would like to allow >incoming DSR's. Is this possible? > >MailScanner.conf has these options: >Is Definitely MCP = no >Is Definitely Not MCP = no > >I would need an option like >Scan for MCP = no >or >which can be made a ruleset too "Is Definitely Not MCP" would have the same effect, put a ruleset there to whitelist all incoming mail. >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 12:35:14 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:24:58 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200405031135.i43BZExH029785@seer.ecs.soton.ac.uk> New Guestbook-Entry from Dorman Behn site about http://www.angelfire.com/cantina/seafood_poison very useful information on how to get out of dire striat situations, featuring : people throwing up galleries and more!! From mailscanner at ecs.soton.ac.uk Mon May 3 12:39:27 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: non english AVG support In-Reply-To: <40962080.5353.31CE8F@localhost> References: <40962080.5353.31CE8F@localhost> Message-ID: <6.0.1.1.2.20040503123907.045219f0@imap.ecs.soton.ac.uk> Thanks for letting me know about that. The fix will be in the next release. At 09:35 03/05/2004, you wrote: >Hi there! > >I am runnig MailScanner with AVG as virusscanner. But current release of avg >support in MS is not working correctly on my system. > >Problem is, that because I am in Czech, my server uses Czech locales. And >because czech language is also AVG's natural language, all output is in czech. > >And MailScanner cannot identify virus message, because instead of "Virus >identified" in output is "Identifikov?n virus". > >This problem can be also on other locales (when there will be translations). >Solution is quite easy :-) >in avg-wrapper script has to be inserted this line just before "exec" command: > >LANG=EN > >this will cause AVG to always use english language while scannig for MS, >and will >not change system locale setting. > >Maybe you could include this avg-wrapper change in next release of MS. > >With regards >Pavel Zichovsky (zichovsky@trul.cz) > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 12:41:55 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: bayes_tok.expireXXXX In-Reply-To: <1083580212.9759.6.camel@azrael.de-verandering> References: <1083580212.9759.6.camel@azrael.de-verandering> Message-ID: <6.0.1.1.2.20040503123958.04521840@imap.ecs.soton.ac.uk> At 11:30 03/05/2004, you wrote: >Hi, > >I'm using spamassassin 2.63 in combination with mailscanner 4.29.7. >I enabled the autolearn option and auto whitelists. >I've been happy with this for some time, but since yesterday, some >bayes_tok.expireXXXX (where XXXX is a number) appeared in my >/var/spool/spamassassin directory. >What are they supposed to do there ? Is it maybe because a expiration >run timed out ? Correct. >How can I correct this ? One solution is to disable Bayes auto-expiry in spamassassin.prefs.conf and do the scheduled Bayes from within MailScanner. Read "man Mail::SpamAssassin::Conf" for how to disable auto-expiry and look for "Bayes" in MailScanner.conf for how to enable it there. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at BARENDSE.TO Mon May 3 13:20:22 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:24:58 2006 Subject: MCP rules to block Delivery Status Notifications :) In-Reply-To: <6.0.1.1.2.20040503122021.043db2c8@imap.ecs.soton.ac.uk> References: <6.0.1.1.2.20040503122021.043db2c8@imap.ecs.soton.ac.uk> Message-ID: Would this indicate a problem? May 3 14:15:20 linuxgw MailScanner[3070]: Looked up unknown string mcpwhitelisted in language translation file /etc/MailScann er/reports/en/languages.conf On Mon, 3 May 2004, Julian Field wrote: > At 08:54 03/05/2004, you wrote: > >Success! > > > >Really have no idea what changed but MCP is working for me now :) > > > >Attached is a ruleset I created that will block the annoying Delivery > >Status Notifications. > > > >It seems to be working pretty well, all the DSR's are properly filtered > >out :) > > > >This list is just starter, additional rules will have to be created if > >you are running a non-English MUA / MTA. Unfortunately I could not find > >the examples anymore but when you are running a Spanish MUA/MTA the body > >of the read receipt will be in Spanish too but I don't have an example of > >it. > > > >This is a useful example of MCP :) Maybe we could include it with > >MailScanner. > > > > > >I must say that I do not fully understand all the options in > >MailScanner.conf for MCP. I would like to block (protect) all e-mails FROM > >our domains from DRS using these rules but I would like to allow > >incoming DSR's. Is this possible? > > > >MailScanner.conf has these options: > >Is Definitely MCP = no > >Is Definitely Not MCP = no > > > >I would need an option like > >Scan for MCP = no > >or > >which can be made a ruleset too > > "Is Definitely Not MCP" would have the same effect, put a ruleset there to > whitelist all incoming mail. > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcelo at CIAGRI.USP.BR Mon May 3 13:50:34 2004 From: marcelo at CIAGRI.USP.BR (Marcelo Zacarias da Silva) Date: Thu Jan 12 21:24:58 2006 Subject: virus scan / filename check Message-ID: <20040503125034.GB15377@qs.ciagri.usp.br> Hello. My MailScanner+ClamAV simple installation is working fine but I'm experiencing a minor problem: MS is quarantining attachments with viruses (like Document.pif) based on their filenames and sending notifications to the users (by my setup) but since they contain viruses listed in my Silent Viruses definition, I?d like that MS take action based first on the antivirus check before the filename rules check. Is that possible or I'm doing something wrong? Thanks and please excuse my bad English. Marcelo. -- Marcelo Zacarias da Silva - CIAGRI/USP / Fone: (19)3429-4532 GPG public key: http://www.ciagri.usp.br/~marcelo/marcelo.asc -- Mensagem verificada contra v?rus (Ciagri::MailScanner) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Mon May 3 13:56:37 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <4095994E.3020200@eatathome.com.au> References: <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> <4095994E.3020200@eatathome.com.au> Message-ID: <40964185.4000807@eatathome.com.au> Seems like i had the wrong linux-base installed, so i install base-8 which seems to be the latest, but now bdc seems to run, but there is no output and running update_virus_scanners list absolutely nothing other than clamav stuff in the maillog - i have added bitdefender to virus scanners = . Anyone else got any tips on getting this running under Freebsd 4.9 ? much appreciated Pete Pete wrote: > The wrapper provides the following output and update_virus_scanners only > displays any info about clamav, not a word about BD. > I am using FreeBSD 4.9/ms4.29-7 and have installed the linux binaries to > /opt/bdc, i have added virus scanners = clamav bitdefender, change the > supported code status to beta (or i get errors) and changed > virus.scanners.conf to "bitdefender > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc/ " > > I have checked that linux support is installed and enabled - does anyone > have any tips on getting this working on FreeBSD ? or do i need to wait > for the port update and upgrade first before trying to fix this? > > -su-2.05b# kldstat > Id Refs Address Size Name > 1 2 0xc0100000 43d388 kernel > 2 1 0xc5c3c000 15000 linux.ko > > -su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc/ . > cat: /tmp/log.bdc.62830: No such file or directory > rm: /tmp/log.bdc.62830: No such file or directory > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 14:05:01 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: virus scan / filename check In-Reply-To: <20040503125034.GB15377@qs.ciagri.usp.br> References: <20040503125034.GB15377@qs.ciagri.usp.br> Message-ID: <6.0.1.1.2.20040503140420.046b8230@imap.ecs.soton.ac.uk> At 13:50 03/05/2004, you wrote: >Hello. > >My MailScanner+ClamAV simple installation is working fine but I'm >experiencing a minor problem: MS is quarantining attachments with >viruses (like Document.pif) based on their filenames and sending >notifications to the users (by my setup) Check that you are seeing the ClamAV reports as well as the filename check reports. It should treat them as "silent" if ClamAV found them. > but since they contain >viruses listed in my Silent Viruses definition, I?d like that MS >take action based first on the antivirus check before the >filename rules check. > >Is that possible or I'm doing something wrong? > >Thanks and please excuse my bad English. > >Marcelo. > >-- > >Marcelo Zacarias da Silva - CIAGRI/USP / Fone: (19)3429-4532 >GPG public key: http://www.ciagri.usp.br/~marcelo/marcelo.asc > >-- >Mensagem verificada contra v?rus (Ciagri::MailScanner) > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 14:05:41 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: problems with bitdefender In-Reply-To: <40964185.4000807@eatathome.com.au> References: <6.0.1.1.2.20040502123733.046e9670@imap.ecs.soton.ac.uk> <4095994E.3020200@eatathome.com.au> <40964185.4000807@eatathome.com.au> Message-ID: <6.0.1.1.2.20040503140516.046e1318@imap.ecs.soton.ac.uk> You did remember to update your virus.scanners.conf to point to /opt/bdc, didn't you? At 13:56 03/05/2004, you wrote: >Seems like i had the wrong linux-base installed, so i install base-8 >which seems to be the latest, but now bdc seems to run, but there is no >output and running update_virus_scanners list absolutely nothing other >than clamav stuff in the maillog - i have added bitdefender to virus >scanners = . > >Anyone else got any tips on getting this running under Freebsd 4.9 ? > >much appreciated >Pete > >Pete wrote: > >>The wrapper provides the following output and update_virus_scanners only >>displays any info about clamav, not a word about BD. >>I am using FreeBSD 4.9/ms4.29-7 and have installed the linux binaries to >>/opt/bdc, i have added virus scanners = clamav bitdefender, change the >>supported code status to beta (or i get errors) and changed >>virus.scanners.conf to "bitdefender >>/usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc/ " >> >>I have checked that linux support is installed and enabled - does anyone >>have any tips on getting this working on FreeBSD ? or do i need to wait >>for the port update and upgrade first before trying to fix this? >> >>-su-2.05b# kldstat >>Id Refs Address Size Name >>1 2 0xc0100000 43d388 kernel >>2 1 0xc5c3c000 15000 linux.ko >> >>-su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc/ . >>cat: /tmp/log.bdc.62830: No such file or directory >>rm: /tmp/log.bdc.62830: No such file or directory >> >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From goleotti at MISAG.IT Mon May 3 14:09:33 2004 From: goleotti at MISAG.IT (Gabriele Oleotti) Date: Thu Jan 12 21:24:58 2006 Subject: More on Vexira Message-ID: <1488394A34F6A0408FDA3841418D14420F2457@scorpio.auron.mi> Any chance to finally have Vexira support in MailScanner? I don't want to bore anyone, I only would want to know if I could wait for a next release (as Julian states) or if I need to apply my patch to any new release of MailScanner (that's not so bad, but I wonder if anybody else would like to benefit from it...) Actually it is more than 6 months I'm successfully using it (and I'm rather satisfied)! Thank you, Gabriele -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 14:26:02 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: More on Vexira In-Reply-To: <1488394A34F6A0408FDA3841418D14420F2457@scorpio.auron.mi> References: <1488394A34F6A0408FDA3841418D14420F2457@scorpio.auron.mi> Message-ID: <6.0.1.1.2.20040503142420.043fce90@imap.ecs.soton.ac.uk> At 14:09 03/05/2004, you wrote: >Any chance to finally have Vexira support in MailScanner? Really sorry about this, just haven't ever got around to sorting it out. Can you mail me a copy with all the necessary licence files (off-list of course). This copy would only be used for development purposes and I would never think of giving it to anyone else. >I don't want to bore anyone, I only would want to know if I could wait for >a next release (as Julian states) or if I need to apply my patch to any >new release of MailScanner (that's not so bad, but I wonder if anybody >else would like to benefit from it...) > >Actually it is more than 6 months I'm successfully using it (and I'm >rather satisfied)! If you can get back to me today, I might have time to do it. Public holiday here today and the weather is lousy (as to be expected of a public holiday!). -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcelo at CIAGRI.USP.BR Mon May 3 14:41:40 2004 From: marcelo at CIAGRI.USP.BR (Marcelo Zacarias da Silva) Date: Thu Jan 12 21:24:58 2006 Subject: virus scan / filename check In-Reply-To: <6.0.1.1.2.20040503140420.046b8230@imap.ecs.soton.ac.uk> References: <20040503125034.GB15377@qs.ciagri.usp.br> <6.0.1.1.2.20040503140420.046b8230@imap.ecs.soton.ac.uk> Message-ID: <20040503134140.GD15377@qs.ciagri.usp.br> On Mon, May 03, 2004 at 02:05:01PM +0100, Julian Field wrote: > At 13:50 03/05/2004, you wrote: > >Hello. > > > >My MailScanner+ClamAV simple installation is working fine but I'm > >experiencing a minor problem: MS is quarantining attachments with > >viruses (like Document.pif) based on their filenames and sending > >notifications to the users (by my setup) > > Check that you are seeing the ClamAV reports as well as the filename check > reports. It should treat them as "silent" if ClamAV found them. I sent myself a infected attachment (ZZZZZ.scr): $ clamscan ZZZZZ.scr ZZZZZ.scr: Worm.SomeFool.P FOUND 'SomeFool' is in my Silent Viruses definition. Then I received the cleaned email and MS reported just: 'Windows Screensavers are often used to hide viruses (ZZZZZ.scr)' I think the relevant log entries are: May 3 10:29:41 truta MailScanner[8235]: /opt/MailScanner-4.30.3/var/incoming/82 35/./i43DTexO002867/ZZZZZ.scr: Worm.SomeFool.P FOUND May 3 10:29:41 truta MailScanner[8235]: Virus Scanning: Found 1 viruses May 3 10:29:41 truta MailScanner[8235]: Filename Checks: Possible virus hidden in a screensaver (i43DTexO002867 ZZZZZ.scr) May 3 10:29:41 truta MailScanner[8235]: Other Checks: Found 1 problems May 3 10:29:41 truta MailScanner[8235]: Saved entire message to /dump/MailScanner/var/quarant/20040503/i43DTexO002867 May 3 10:29:41 truta MailScanner[8235]: Saved infected "ZZZZZ.scr" to /dump/Mai lScanner/var/quarant/20040503/i43DTexO002867 May 3 10:29:41 truta MailScanner[8235]: Cleaned: Delivered 1 cleaned messages May 3 10:29:42 truta MailScanner[8235]: Notices: Warned about 1 messages Thanks again. > > > but since they contain > >viruses listed in my Silent Viruses definition, I?d like that MS > >take action based first on the antivirus check before the > >filename rules check. > > > >Is that possible or I'm doing something wrong? > > > >Thanks and please excuse my bad English. > > > >Marcelo. > > -- Marcelo Zacarias da Silva - CIAGRI/USP / Fone: (19)3429-4532 GPG public key: http://www.ciagri.usp.br/~marcelo/marcelo.asc -- Mensagem verificada contra v?rus (Ciagri::MailScanner) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jpabuyer at TECNOERA.COM Mon May 3 14:42:47 2004 From: jpabuyer at TECNOERA.COM (Juan Pablo Abuyeres) Date: Thu Jan 12 21:24:58 2006 Subject: no syslog -> mailscanner defunct Message-ID: <1083591767.13196.15.camel@blackbird.tecnoera.com> Hi guys, I have to shut down syslog (I have another problem, syslog is raising my system load to heaven for some reason), but when I shut down syslog, MailScanner kind of stop working. I can't see the logfile to see what happens because syslog is down. But... [root@melchor root]# ps axwww|grep -i mailscanner 20245 pts/2 S 0:00 grep MailScanner 22515 ? S 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf 22516 ? Z 0:06 [MailScanner ] 22916 ? Z 0:03 [MailScanner ] 23106 ? Z 0:01 [MailScanner ] 23483 ? Z 0:01 [MailScanner ] 27559 ? S 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf 27640 pts/3 S 0:00 grep -i mailscanner 27643 ? S 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf [root@melchor root]# I looked in the .conf file but I couldn't find an option not to log. Any clues? -- Juan Pablo Abuyeres -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 14:59:16 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:58 2006 Subject: virus scan / filename check In-Reply-To: <20040503134140.GD15377@qs.ciagri.usp.br> References: <20040503125034.GB15377@qs.ciagri.usp.br> <6.0.1.1.2.20040503140420.046b8230@imap.ecs.soton.ac.uk> <20040503134140.GD15377@qs.ciagri.usp.br> Message-ID: <6.0.1.1.2.20040503145829.04677e58@imap.ecs.soton.ac.uk> Check your Incoming Work Dir setting. As the comment above it says, this must include no links at all, but must be the genuine absolute path to the incoming directory. This is almost certainly where you have gone wrong. At 14:41 03/05/2004, you wrote: >On Mon, May 03, 2004 at 02:05:01PM +0100, Julian Field wrote: > > At 13:50 03/05/2004, you wrote: > > >Hello. > > > > > >My MailScanner+ClamAV simple installation is working fine but I'm > > >experiencing a minor problem: MS is quarantining attachments with > > >viruses (like Document.pif) based on their filenames and sending > > >notifications to the users (by my setup) > > > > Check that you are seeing the ClamAV reports as well as the filename check > > reports. It should treat them as "silent" if ClamAV found them. > >I sent myself a infected attachment (ZZZZZ.scr): > >$ clamscan ZZZZZ.scr >ZZZZZ.scr: Worm.SomeFool.P FOUND > >'SomeFool' is in my Silent Viruses definition. > >Then I received the cleaned email and MS reported just: > >'Windows Screensavers are often used to hide viruses (ZZZZZ.scr)' > >I think the relevant log entries are: > >May 3 10:29:41 truta MailScanner[8235]: >/opt/MailScanner-4.30.3/var/incoming/82 35/./i43DTexO002867/ZZZZZ.scr: >Worm.SomeFool.P FOUND >May 3 10:29:41 truta MailScanner[8235]: Virus Scanning: Found 1 viruses >May 3 10:29:41 truta MailScanner[8235]: Filename Checks: Possible virus >hidden in a screensaver (i43DTexO002867 ZZZZZ.scr) >May 3 10:29:41 truta MailScanner[8235]: Other Checks: Found 1 problems >May 3 10:29:41 truta MailScanner[8235]: Saved entire message to >/dump/MailScanner/var/quarant/20040503/i43DTexO002867 >May 3 10:29:41 truta MailScanner[8235]: Saved infected "ZZZZZ.scr" to >/dump/Mai >lScanner/var/quarant/20040503/i43DTexO002867 >May 3 10:29:41 truta MailScanner[8235]: Cleaned: Delivered 1 cleaned >messages >May 3 10:29:42 truta MailScanner[8235]: Notices: Warned about 1 messages > > >Thanks again. > > > > > > but since they contain > > >viruses listed in my Silent Viruses definition, I?d like that MS > > >take action based first on the antivirus check before the > > >filename rules check. > > > > > >Is that possible or I'm doing something wrong? > > > > > >Thanks and please excuse my bad English. > > > > > >Marcelo. > > > > >-- > >Marcelo Zacarias da Silva - CIAGRI/USP / Fone: (19)3429-4532 >GPG public key: http://www.ciagri.usp.br/~marcelo/marcelo.asc > >-- >Mensagem verificada contra v?rus (Ciagri::MailScanner) > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon May 3 15:29:18 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:58 2006 Subject: MCP rules to block Delivery Status Notifications :) In-Reply-To: References: <6.0.1.1.2.20040503122021.043db2c8@imap.ecs.soton.ac.uk> Message-ID: Remco Barendse wrote: > Would this indicate a problem? > > May 3 14:15:20 linuxgw MailScanner[3070]: Looked up unknown string > mcpwhitelisted in language translation file /etc/MailScann > er/reports/en/languages.conf > Yes. Using a rpm-based distribution? Watch for .rpmnew files in the report directory. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcelo at CIAGRI.USP.BR Mon May 3 15:45:18 2004 From: marcelo at CIAGRI.USP.BR (Marcelo Zacarias da Silva) Date: Thu Jan 12 21:24:59 2006 Subject: virus scan / filename check In-Reply-To: <6.0.1.1.2.20040503145829.04677e58@imap.ecs.soton.ac.uk> References: <20040503125034.GB15377@qs.ciagri.usp.br> <6.0.1.1.2.20040503140420.046b8230@imap.ecs.soton.ac.uk> <20040503134140.GD15377@qs.ciagri.usp.br> <6.0.1.1.2.20040503145829.04677e58@imap.ecs.soton.ac.uk> Message-ID: <20040503144517.GF15377@qs.ciagri.usp.br> On Mon, May 03, 2004 at 02:59:16PM +0100, Julian Field wrote: > Check your > Incoming Work Dir > setting. As the comment above it says, this must include no links at all, > but must be the genuine absolute path to the incoming directory. This is > almost certainly where you have gone wrong. > You are right... I forgot about that and made /opt/MailScanner a symlink since last upgrade. Sorry for wasting your time. -- Marcelo Zacarias da Silva - CIAGRI/USP / Fone: (19)3429-4532 GPG public key: http://www.ciagri.usp.br/~marcelo/marcelo.asc -- Mensagem verificada contra vírus (Ciagri::MailScanner) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robv at DISASTER.COM Mon May 3 15:14:46 2004 From: robv at DISASTER.COM (Vicchiullo, Rob) Date: Thu Jan 12 21:24:59 2006 Subject: Help with queue backup Message-ID: <8BD06A60242B4341B8919A4AC958C1D0181BD6@busted.dandd.com> I actually tried having the 2 queue dirs on separate disks but mailscanner died compaining that the queues needed to be on the same partition. Rob -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart Sent: Saturday, May 01, 2004 6:41 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help with queue backup Kevin Spicer wrote: > My understanding is that mqueue.in and mqueue should be on the same > partition, because then to move files between directories all > MailScanner needs to do is a link/unlink action. By splitting the > spools onto different partitions MailScanner needs to actually copy the > files, adding read and write overhead. Yes, you're right but in this case he's overloading one disk and needs to transfer some I/O off of it. I think it's well worth a test, he only needs to create a mqueue.in directory on one of those partitions and change one line in MailScanner.conf and his Sendmail start script to test it. > One further note for the archives (not relevent to the original poster > who is running Solaris 8 I think), the noatime flag was only added to > Solaris on Solaris 7 or 8 (can't remember which, but I have tried to use > it on a Solaris 2.6 machine and failed). It was added in 7. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From goleotti at MISAG.IT Mon May 3 15:23:25 2004 From: goleotti at MISAG.IT (Gabriele Oleotti) Date: Thu Jan 12 21:24:59 2006 Subject: More on Vexira Message-ID: <1488394A34F6A0408FDA3841418D14420F2459@scorpio.auron.mi> Thank you Julian! I've sent you what you've asked for on your email (the one I found here http://www.ecs.soton.ac.uk/info/people/jkf ) Remember I have already written something you might find useful (parsing of the vexira log and the update scripts.) If you want I can send you those (or otherwise they should be in mailing list archive.) Thank you again, Gabriele -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: luned? 3 maggio 2004 15.26 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: More on Vexira At 14:09 03/05/2004, you wrote: >Any chance to finally have Vexira support in MailScanner? Really sorry about this, just haven't ever got around to sorting it out. Can you mail me a copy with all the necessary licence files (off-list of course). This copy would only be used for development purposes and I would never think of giving it to anyone else. >I don't want to bore anyone, I only would want to know if I could wait for >a next release (as Julian states) or if I need to apply my patch to any >new release of MailScanner (that's not so bad, but I wonder if anybody >else would like to benefit from it...) > >Actually it is more than 6 months I'm successfully using it (and I'm >rather satisfied)! If you can get back to me today, I might have time to do it. Public holiday here today and the weather is lousy (as to be expected of a public holiday!). -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ricardo.bernardes at centraldecomunicacao.pt Mon May 3 16:18:56 2004 From: ricardo.bernardes at centraldecomunicacao.pt (Ricardo Bernardes) Date: Thu Jan 12 21:24:59 2006 Subject: .EXE files Message-ID: <005e01c43121$f3a0f3f0$320fa8c0@rbernardes> Hello, I?m using MS + ClamAV i need to send and receive .exe files (mainly flash presentations) i thought it would be good if MS didn?t scan any .ZIP files, so that i could zip the .EXE files and pass them thru. is this possible? any other ideas ? TIA Ricardo Bernardes -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040503/cf364116/attachment.html From HancockS at MORGANCO.COM Mon May 3 16:28:45 2004 From: HancockS at MORGANCO.COM (Hancock, Scott) Date: Thu Jan 12 21:24:59 2006 Subject: Ruleset to NOT append to header. - Lotus Domino Message-ID: <3EA1A302A4978A4C970D2C63F327156E02406E71@worc-mail2.int.morganco.com> I have a vendor running The Lotus Domino Release 5.0.12. Lotus is rejecting my email because of the last two lines in the email header. For example: 058 X-Morgan-MailScanner: Found to be clean 042 X-MailScanner-From: hancocknsd@morganco.com If I delete these lines from the header, the mail is delivered. Otherwise, my mail is rejected with 554 Error writing message to safe storage; message could not be stored to disk In the conf file, I see I can make a ruleset. # Add this extra header to all mail as it is processed. # This *must* include the colon ":" at the end. # This can also be the filename of a ruleset. Mail Header = %rules-dir%/writeheader.rules Is this the proper syntax? ------------------------------------ # This next line gives an example of how you might enable this option for # a frequent customer of yours. FromOrTo: LotusServer.com no # Under no circumstances should this be changed to "yes". FromOrTo: default X-%org-name%-MailScanner: ------------------------------------- Or should I tell this guy to straighten out his email system? Any lotus domino users here know the settings to fix this? Thanks Scott Hancock Morgan Construction. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From hywel at BURRIS.ORG.UK Mon May 3 16:35:14 2004 From: hywel at BURRIS.ORG.UK (Hywel Burris) Date: Thu Jan 12 21:24:59 2006 Subject: problems with bitdefender In-Reply-To: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> Message-ID: <200405031537.i43FbbZu004760@mail.burris.org.uk> I can?t get this working on fedora core 1 with mailscanner 4.30.3-2 I am getting the following error when I run in debug FATAL: *Please go and READ* http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml as it will tell you what to do. at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2472 Bitdefender seems to be installed ok [root@mail MailScanner]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc /tmp // // BDC scan report // // Time: Mon May 3 16:35:14 2004 // Command line: --log=/tmp/log.bdc.4635 /tmp // Core: AVCORE v1.0 (build 2095) (i386) (Dec 10 2003 16:34:47) // Engines: scan: 12, unpack: 3, archive: 34, mail: 6 // Total signatures: 76479 // Results: Folders :4 Files :0 Packed :0 Infected files :0 Suspect files :0 Warnings :0 I/O errors :0 ________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David While Sent: 02 May 2004 11:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: problems with bitdefender I have just upgraded to the latest version of MailScanner and the bitdefender scripts don't work. ? 1. It is not detected as being installed. This is because bitdefender-wrapper should have $2 not $1 on line 46. ? 2. There is no message output in the log to indicate whether there was an update or not. ? I have the new version of bitdefender which has the working --update flag. ? ? PS Bitdefender is free for Linux so people may like to consider adding it as another defence. ? Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a freeware product, which doesn't require a license to be used." ? David While -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3028 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040503/2e588f54/smime.bin From ugob at CAMO-ROUTE.COM Mon May 3 16:53:34 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:59 2006 Subject: .EXE files In-Reply-To: <005e01c43121$f3a0f3f0$320fa8c0@rbernardes> References: <005e01c43121$f3a0f3f0$320fa8c0@rbernardes> Message-ID: Ricardo Bernardes wrote: > Hello, > > I?m using MS + ClamAV > i need to send and receive .exe files (mainly flash presentations) > i thought it would be good if MS didn?t scan any .ZIP files, so that i > could zip the .EXE files and pass them thru. > is this possible? > any other ideas ? from MailScanner.conf : # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. Maximum Archive Depth = 4 > > TIA > Ricardo Bernardes > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, > please see the Most Asked Questions at http://www.mailscanner.biz/maq/ > and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gib at TMISNET.COM Mon May 3 15:13:53 2004 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:24:59 2006 Subject: Bayes expiry, and bayes corruption In-Reply-To: <6.0.1.1.2.20040503123958.04521840@imap.ecs.soton.ac.uk> References: <1083580212.9759.6.camel@azrael.de-verandering> <6.0.1.1.2.20040503123958.04521840@imap.ecs.soton.ac.uk> Message-ID: <6.0.1.1.2.20040503235502.03cddb10@mail.tmisnet.com> Hi All. Still trying to figure out problems with bayes db corruption. I've found that when I --lint the spamassasin rules I get the following when "bayes_auto_expire 0" is set in spam.assassin.prefs.conf # /usr/local/bin/spamassassin --lint -C /usr/local/etc/MailScanner/spam.assassin.prefs.conf Failed to parse line in SpamAssassin configuration, skipping: bayes_auto_expire 0 Is this anything to be concerned about, or is it just skipping this one line in the conf file? Also I'm still getting corrupted Bayes databases about every 2nd or 3rd day even though I now stop MailScanner, wait 30 seconds (as per suggestions from the list), remove any lock files, then run the force expire command, wait another 30 seconds and then restart MailScanner. Any ideas? Here is my bayes-expire.sh script (run from cron), and the output (e-mailed to me) from it. #!/bin/csh /usr/local/etc/rc.d/mailscanner.sh stop echo "sleeping 30 seconds" sleep 30 /bin/ls -la /var/spool/spamassassin sleep 5 rm /var/spool/spamassassin/bayes.lock.* sleep 5 sa-learn -C /usr/local/etc/MailScanner/spam.assassin.prefs.conf --force-expire echo "sleeping 30 seconds" sleep 30 /bin/ls -la /var/spool/spamassassin sleep 5 /usr/local/etc/rc.d/mailscanner.sh start and the output... Stopping MailScanner... sleeping 30 seconds total 7508 drwxr-xr-x 2 root wheel 512 Apr 27 09:51 . drwxr-xr-x 13 root wheel 512 Mar 24 15:47 .. -rw------- 1 root wheel 150 Apr 26 20:13 bayes.lock.thumper.tmisnet.com.1023 -rw------- 1 root wheel 200 Apr 26 20:45 bayes.lock.thumper.tmisnet.com.5027 -rw------- 1 root wheel 25 Apr 26 20:45 bayes.lock.thumper.tmisnet.com.5042 -rw------- 1 root wheel 6768 Apr 27 02:16 bayes_journal -rw------- 1 root wheel 905 Apr 27 02:16 bayes_msgcount -rw------- 1 root wheel 5128192 Apr 27 02:16 bayes_seen -rw------- 1 root wheel 5259264 Apr 26 18:23 bayes_toks Cannot open bayes_path /var/spool/spamassassin/bayes R/O: Inappropriate file type or format Cannot open bayes_path /var/spool/spamassassin/bayes R/W: Inappropriate file type or format Cannot open bayes_path /var/spool/spamassassin/bayes R/W: Inappropriate file type or format sleeping 30 seconds total 7502 drwxr-xr-x 2 root wheel 512 Apr 27 09:52 . drwxr-xr-x 13 root wheel 512 Mar 24 15:47 .. -rw------- 1 root wheel 6768 Apr 27 02:16 bayes_journal -rw------- 1 root wheel 905 Apr 27 02:16 bayes_msgcount -rw------- 1 root wheel 5128192 Apr 27 02:16 bayes_seen -rw------- 1 root wheel 5259264 Apr 26 18:23 bayes_toks Starting MailScanner... It doesn't take long for the data base to start building up again, but the fact that it gets corrupted every 2 or 3 days is kind of a pain. Thanks gib Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's "Friendly ISP" -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon May 3 16:54:48 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:59 2006 Subject: problems with bitdefender In-Reply-To: <200405031537.i43FbbZu004760@mail.burris.org.uk> References: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> <200405031537.i43FbbZu004760@mail.burris.org.uk> Message-ID: Hywel Burris wrote: > I can?t get this working on fedora core 1 with mailscanner 4.30.3-2 > > I am getting the following error when I run in debug > \ You must put beta as minimum codestatus in MailScanner.conf for bitdefender. > FATAL: *Please go and READ* > http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml as it > will tell you what to do. at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2472 > > Bitdefender seems to be installed ok > > [root@mail MailScanner]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > /tmp > // > // BDC scan report > // > // Time: Mon May 3 16:35:14 2004 > // Command line: --log=/tmp/log.bdc.4635 /tmp > // Core: AVCORE v1.0 (build 2095) (i386) (Dec 10 2003 16:34:47) > // Engines: scan: 12, unpack: 3, archive: 34, mail: 6 > // Total signatures: 76479 > // > > > > Results: > Folders :4 > Files :0 > Packed :0 > Infected files :0 > Suspect files :0 > Warnings :0 > I/O errors :0 > > ________________________________________ > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of David While > Sent: 02 May 2004 11:25 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: problems with bitdefender > > I have just upgraded to the latest version of MailScanner and the > bitdefender scripts don't work. > > 1. It is not detected as being installed. This is because > bitdefender-wrapper should have $2 not $1 on line 46. > > 2. There is no message output in the log to indicate whether there was an > update or not. > > I have the new version of bitdefender which has the working --update flag. > > > PS Bitdefender is free for Linux so people may like to consider adding it as > another defence. > > Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a > freeware product, which doesn't require a license to be used." > > David While > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From hywel at BURRIS.ORG.UK Mon May 3 17:13:49 2004 From: hywel at BURRIS.ORG.UK (Hywel Burris) Date: Thu Jan 12 21:24:59 2006 Subject: problems with bitdefender In-Reply-To: Message-ID: <200405031616.i43GGC3s006670@mail.burris.org.uk> Thanks Ugo worked a treat -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: 03 May 2004 16:55 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: problems with bitdefender Hywel Burris wrote: > I can't get this working on fedora core 1 with mailscanner 4.30.3-2 > > I am getting the following error when I run in debug > \ You must put beta as minimum codestatus in MailScanner.conf for bitdefender. > FATAL: *Please go and READ* > http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml as it > will tell you what to do. at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2472 > > Bitdefender seems to be installed ok > > [root@mail MailScanner]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > /tmp > // > // BDC scan report > // > // Time: Mon May 3 16:35:14 2004 > // Command line: --log=/tmp/log.bdc.4635 /tmp > // Core: AVCORE v1.0 (build 2095) (i386) (Dec 10 2003 16:34:47) > // Engines: scan: 12, unpack: 3, archive: 34, mail: 6 > // Total signatures: 76479 > // > > > > Results: > Folders :4 > Files :0 > Packed :0 > Infected files :0 > Suspect files :0 > Warnings :0 > I/O errors :0 > > ________________________________________ > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of David While > Sent: 02 May 2004 11:25 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: problems with bitdefender > > I have just upgraded to the latest version of MailScanner and the > bitdefender scripts don't work. > > 1. It is not detected as being installed. This is because > bitdefender-wrapper should have $2 not $1 on line 46. > > 2. There is no message output in the log to indicate whether there was an > update or not. > > I have the new version of bitdefender which has the working --update flag. > > > PS Bitdefender is free for Linux so people may like to consider adding it as > another defence. > > Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a > freeware product, which doesn't require a license to be used." > > David While > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3028 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040503/b3123fc4/smime.bin From mailscanner at ecs.soton.ac.uk Mon May 3 17:14:59 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: More on Vexira In-Reply-To: <1488394A34F6A0408FDA3841418D14420F2459@scorpio.auron.mi> References: <1488394A34F6A0408FDA3841418D14420F2459@scorpio.auron.mi> Message-ID: <6.0.1.1.2.20040503171424.03e371f8@imap.ecs.soton.ac.uk> At 15:23 03/05/2004, you wrote: >Thank you Julian! >I've sent you what you've asked for on your email (the one I found here >http://www.ecs.soton.ac.uk/info/people/jkf ) I don't think I have received them yet :( >Remember I have already written something you might find useful (parsing >of the vexira log and the update scripts.) If you want I can send you >those (or otherwise they should be in mailing list archive.) Please send me them again, to save me hunting the archive :-) >Thank you again, >Gabriele > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: luned? 3 maggio 2004 15.26 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: More on Vexira > > >At 14:09 03/05/2004, you wrote: > >Any chance to finally have Vexira support in MailScanner? > >Really sorry about this, just haven't ever got around to sorting it out. > >Can you mail me a copy with all the necessary licence files (off-list of >course). This copy would only be used for development purposes and I would >never think of giving it to anyone else. > > >I don't want to bore anyone, I only would want to know if I could wait for > >a next release (as Julian states) or if I need to apply my patch to any > >new release of MailScanner (that's not so bad, but I wonder if anybody > >else would like to benefit from it...) > > > >Actually it is more than 6 months I'm successfully using it (and I'm > >rather satisfied)! > >If you can get back to me today, I might have time to do it. Public holiday >here today and the weather is lousy (as to be expected of a public holiday!). >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 17:18:28 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: problems with bitdefender In-Reply-To: <200405031537.i43FbbZu004760@mail.burris.org.uk> References: <107DE25EC0216C45AEF670016024245F6441C9@exchangea.staff.uce.ac.uk> <200405031537.i43FbbZu004760@mail.burris.org.uk> Message-ID: <6.0.1.1.2.20040503171743.03e52688@imap.ecs.soton.ac.uk> At 16:35 03/05/2004, you wrote: >I can't get this working on fedora core 1 with mailscanner 4.30.3-2 > >I am getting the following error when I run in debug > >FATAL: *Please go and READ* >http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml as it >will tell you what to do. at >/usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2472 Yes, well done. Did you read the error message? Did you do what it says? I can't make the error much more clear than this! >Bitdefender seems to be installed ok > >[root@mail MailScanner]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >/tmp >// >// BDC scan report >// >// Time: Mon May 3 16:35:14 2004 >// Command line: --log=/tmp/log.bdc.4635 /tmp >// Core: AVCORE v1.0 (build 2095) (i386) (Dec 10 2003 16:34:47) >// Engines: scan: 12, unpack: 3, archive: 34, mail: 6 >// Total signatures: 76479 >// > > > >Results: >Folders :4 >Files :0 >Packed :0 >Infected files :0 >Suspect files :0 >Warnings :0 >I/O errors :0 > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of David While >Sent: 02 May 2004 11:25 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: problems with bitdefender > >I have just upgraded to the latest version of MailScanner and the >bitdefender scripts don't work. > >1. It is not detected as being installed. This is because >bitdefender-wrapper should have $2 not $1 on line 46. > >2. There is no message output in the log to indicate whether there was an >update or not. > >I have the new version of bitdefender which has the working --update flag. > > >PS Bitdefender is free for Linux so people may like to consider adding it as >another defence. > >Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a >freeware product, which doesn't require a license to be used." > >David While > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 17:17:29 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: Ruleset to NOT append to header. - Lotus Domino In-Reply-To: <3EA1A302A4978A4C970D2C63F327156E02406E71@worc-mail2.int.mo rganco.com> References: <3EA1A302A4978A4C970D2C63F327156E02406E71@worc-mail2.int.morganco.com> Message-ID: <6.0.1.1.2.20040503171618.03e3c088@imap.ecs.soton.ac.uk> At 16:28 03/05/2004, you wrote: >I have a vendor running The Lotus Domino Release 5.0.12. Lotus is >rejecting my email because of the last two lines in the email header. > >For example: > >058 X-Morgan-MailScanner: Found to be clean >042 X-MailScanner-From: hancocknsd@morganco.com > >If I delete these lines from the header, the mail is delivered. >Otherwise, my mail is rejected with > >554 Error writing message to safe storage; message could not be stored >to disk > >In the conf file, I see I can make a ruleset. > ># Add this extra header to all mail as it is processed. ># This *must* include the colon ":" at the end. ># This can also be the filename of a ruleset. >Mail Header = %rules-dir%/writeheader.rules > > >Is this the proper syntax? >------------------------------------ ># This next line gives an example of how you might enable this option >for ># a frequent customer of yours. > >FromOrTo: LotusServer.com no That will create a header name of "no" which is broken as it doesn't end with a ":". I suspect it isn't what you wanted either :) ># Under no circumstances should this be changed to "yes". >FromOrTo: default X-%org-name%-MailScanner: >------------------------------------- > > >Or should I tell this guy to straighten out his email system? Any lotus >domino users here know the settings to fix this? A Domino system rejecting headers starting with an "X" is too broken to even believe... -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ISLANDB.COM Mon May 3 17:39:36 2004 From: mailscanner at ISLANDB.COM (Brooks Weisblat) Date: Thu Jan 12 21:24:59 2006 Subject: How to change "From: MailScanner"? Message-ID: <47165.199.227.86.10.1083602376.squirrel@www.islandb.com> How can I change the "From: MailScanner" to something else when email is sent to the person who sent out the virus? I changed: Notices From = MailScanner to what I wanted, but that only changes the emails that are sent to the system administrators... not to the person who originally sent the email... thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From HancockS at MORGANCO.COM Mon May 3 17:46:12 2004 From: HancockS at MORGANCO.COM (Hancock, Scott) Date: Thu Jan 12 21:24:59 2006 Subject: Ruleset to NOT append to header. - Lotus Domino Message-ID: <3EA1A302A4978A4C970D2C63F327156E02406E73@worc-mail2.int.morganco.com> >> >>FromOrTo: LotusServer.com no > >That will create a header name of "no" which is broken as it doesn't end >with a ":". I suspect it isn't what you wanted either :) You suspect right. So if for no reason but my amusement, is there a way to suppress the header additions? > >A Domino system rejecting headers starting with an "X" is too broken to >even believe... This is from their email admin after reporting 5GB of free disk space on all volumes. --------------------------------------- you have a problem with mails to SMS Demag. I think it's a illegal sign in the header of your Mails. Have you installed a virus or spam software? They often writes informaitions in the header of any mail which leaves the Mail-Server. Please read the RFC821 " SIMPLE MAIL TRANSFER PROTOCOL". The status-code 554 means: Invalid command arguments. A valid mail transaction protocol command was issued with invalid arguments, either because the arguments were out of range or represented unrecognized features. This is useful only as a permanent error. You can answer to this mail-address, or test the connection at: mathias.schneider@sms-demag.de Best Regards --------------------------------------- Please, try deleting the "X" lines yourself. Scott -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Mon May 3 17:54:38 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:24:59 2006 Subject: How to change "From: MailScanner"? In-Reply-To: <47165.199.227.86.10.1083602376.squirrel@www.islandb.com> Message-ID: Hi! > I changed: > > Notices From = MailScanner > > to what I wanted, but that only changes the emails that are sent to the > system administrators... not to the person who originally sent the > email... Look in your languages.conf: # Used in filename/filetype/content reports MailScanner = MailScanner Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rabollinger at COMCAST.NET Mon May 3 18:01:01 2004 From: rabollinger at COMCAST.NET (Richard Bollinger) Date: Thu Jan 12 21:24:59 2006 Subject: Ruleset to NOT append to header. - Lotus Domino References: <3EA1A302A4978A4C970D2C63F327156E02406E71@worc-mail2.int.morganco.com> <6.0.1.1.2.20040503171618.03e3c088@imap.ecs.soton.ac.uk> Message-ID: <01b901c43130$3fb78700$8b030180@elliottturbo.com> We've been running with various releases of Lotus Domino R5 and R6 since MS 3.15... working fine. Must be something else wrong with the config. ----- Original Message ----- From: "Julian Field" To: Sent: Monday, May 03, 2004 12:17 PM Subject: Re: Ruleset to NOT append to header. - Lotus Domino >... > A Domino system rejecting headers starting with an "X" is too broken to > even believe... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jflowers at EZO.NET Mon May 3 18:06:46 2004 From: jflowers at EZO.NET (Jim Flowers) Date: Thu Jan 12 21:24:59 2006 Subject: Razor -agent log Invalid Arguments Message-ID: I seem to be getting a fair number of SA timeouts (3%) so I looked at this log and was surprised to see a lot of Unable to connect Reason: Invalid Argument messages. Is this a known problem/bug and if so what is the fix? mailscanner-4.26.7 with razor-agents-2.36_2 on FreeBSD 4.9-STABLE -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From goleotti at MISAG.IT Mon May 3 18:02:55 2004 From: goleotti at MISAG.IT (Gabriele Oleotti) Date: Thu Jan 12 21:24:59 2006 Subject: More on Vexira Message-ID: <1488394A34F6A0408FDA3841418D1442183ED7@scorpio.auron.mi> Julian, you should have everything in the attachment. The diff file is from MS 4.24-5 (the one I have worked on,) anyway here is what it does: - adds vexira-wrapper in virus.scanners.conf - in SweepViruses.pm adds Vexira properties and functions InitVexiraParser, ProcessVexiraOutput (I have even changed something in the report, but this is only for my own server, anyway it is in the diff, sorry...) - add vexira-autoupdate - add vexira-wrapper About the email I'm trying sending you another one. Anyway, my mail server says it has successfully sent it at 4:16pm bye, Gabriele -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: luned? 3 maggio 2004 18.15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: More on Vexira At 15:23 03/05/2004, you wrote: >Thank you Julian! >I've sent you what you've asked for on your email (the one I found here >http://www.ecs.soton.ac.uk/info/people/jkf ) I don't think I have received them yet :( >Remember I have already written something you might find useful (parsing >of the vexira log and the update scripts.) If you want I can send you >those (or otherwise they should be in mailing list archive.) Please send me them again, to save me hunting the archive :-) >Thank you again, >Gabriele > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: luned? 3 maggio 2004 15.26 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: More on Vexira > > >At 14:09 03/05/2004, you wrote: > >Any chance to finally have Vexira support in MailScanner? > >Really sorry about this, just haven't ever got around to sorting it out. > >Can you mail me a copy with all the necessary licence files (off-list of >course). This copy would only be used for development purposes and I would >never think of giving it to anyone else. > > >I don't want to bore anyone, I only would want to know if I could wait for > >a next release (as Julian states) or if I need to apply my patch to any > >new release of MailScanner (that's not so bad, but I wonder if anybody > >else would like to benefit from it...) > > > >Actually it is more than 6 months I'm successfully using it (and I'm > >rather satisfied)! > >If you can get back to me today, I might have time to do it. Public holiday >here today and the weather is lousy (as to be expected of a public holiday!). >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: vexira_last.patch Type: application/octet-stream Size: 8456 bytes Desc: vexira_last.patch Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040503/e44da3c8/vexira_last.obj From mailscanner at ISLANDB.COM Mon May 3 18:10:41 2004 From: mailscanner at ISLANDB.COM (Brooks Weisblat) Date: Thu Jan 12 21:24:59 2006 Subject: How to change "From: MailScanner"? In-Reply-To: References: <47165.199.227.86.10.1083602376.squirrel@www.islandb.com> Message-ID: <48239.199.227.86.10.1083604241.squirrel@www.islandb.com> Thanks Raymond.... changing that variable didn't help, but that helped me track it down.... it's actually hard coded in the sender.virus.report.txt file.... > Hi! > >> I changed: >> >> Notices From = MailScanner >> >> to what I wanted, but that only changes the emails that are sent to the >> system administrators... not to the person who originally sent the >> email... > > Look in your languages.conf: > > # Used in filename/filetype/content reports > MailScanner = MailScanner > > Bye, > Raymond. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 18:32:44 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: More on Vexira Message-ID: <6.0.1.1.2.20040503183219.03eb13a0@wheresmymailserver.com> Okay, this time with the attachment :-) Attached is a zip file containing: vexira-wrapper vexira-autoupdate SweepViruses.pm The SweepViruses.pm goes in /usr/lib/MailScanner/MailScanner over the top of the latest version of SweepViruses.pm. You will need to be running 4.30.3 to use this new file. You will also need to add the following line to /etc/MailScanner/virus.scanners.conf vexira /opt/MailScanner/lib/vexira-wrapper /usr/lib/Vexira Once you have done that lot, you should be able to add Virus Scanners = vexira in your MailScanner.conf file. This takes MailScanner to 21 different virus scanning engines! There can't be many left... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: vexira.zip Type: application/zip Size: 23572 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040503/58267084/vexira.zip -------------- next part -------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From HancockS at MORGANCO.COM Mon May 3 18:34:57 2004 From: HancockS at MORGANCO.COM (Hancock, Scott) Date: Thu Jan 12 21:24:59 2006 Subject: Ruleset to NOT append to header. - Lotus Domino Message-ID: <3EA1A302A4978A4C970D2C63F327156E02406E74@worc-mail2.int.morganco.com> Thanks for the info. Per the Symantic problem with "." in the header, I tried eliminating the "." in the envelope sender email in the "X" header # Do you want to add the Envelope-From: header? # This is very useful for tracking where spam came from as it # contains the envelope sender address. # This can also be the filename of a ruleset. Add Envelope From Header = no Changing this to "no", seems to have fixed my problem. Scott >-----Original Message----- >From: Richard Bollinger [mailto:rabollinger@COMCAST.NET] >Sent: Monday, May 03, 2004 1:01 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Ruleset to NOT append to header. - Lotus Domino > >We've been running with various releases of Lotus Domino R5 and R6 since >MS 3.15... working fine. >Must be something else wrong with the config. > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Monday, May 03, 2004 12:17 PM >Subject: Re: Ruleset to NOT append to header. - Lotus Domino > > >>... >> A Domino system rejecting headers starting with an "X" is too broken to >> even believe... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Mon May 3 18:31:15 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:24:59 2006 Subject: Razor -agent log Invalid Arguments In-Reply-To: Message-ID: <20040503173115.F31A121C2D6@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jim Flowers > Sent: Monday, May 03, 2004 1:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Razor -agent log Invalid Arguments > > I seem to be getting a fair number of SA timeouts (3%) so I looked at this > log and was surprised to see a lot of Unable to connect Reason: Invalid > Argument messages. > > Is this a known problem/bug and if so what is the fix? > > mailscanner-4.26.7 with razor-agents-2.36_2 on FreeBSD 4.9-STABLE > I've never heard of a bug but the latest version of razor-agents is 2.40. You are running razor-discover from a daily cron job to make sure you list of razor servers is current? Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Mon May 3 18:38:19 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions config Message-ID: <20040503173813.CJVJ29772.tomts45-srv.bellnexxia.net@ronniepc> Hi, I have noticed that Spam Actions setting can also be the filename of a ruleset. What would the structure of the filename be if I wanted to accomplish the following: Example1.com bounce Example2.com deliver store Example3.com forward joe@example.com I.e.: different actions for different domains. I am running mailscanner-4.29.7-1. Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. ronnie@daslweb.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 19:03:37 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:24:59 2006 Subject: Protected Mail System Message-ID: <200405031904.i43J4afJ020560@linux.get.tur.cu> A non-text attachment was scrubbed... Name: not available Type: multipart/mixed Size: 136 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040503/29d56d96/attachment.bin From mailscanner at ecs.soton.ac.uk Mon May 3 19:12:48 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions config In-Reply-To: <20040503173813.CJVJ29772.tomts45-srv.bellnexxia.net@ronnie pc> References: <20040503173813.CJVJ29772.tomts45-srv.bellnexxia.net@ronniepc> Message-ID: <6.0.1.1.2.20040503191210.03e45af0@imap.ecs.soton.ac.uk> At 18:38 03/05/2004, you wrote: >Hi, >I have noticed that Spam Actions setting can also be the filename of a >ruleset. What would the structure of the filename be if I wanted to >accomplish the following: > >Example1.com bounce >Example2.com deliver store >Example3.com forward joe@example.com To: Example1.com bounce To: Example2.com deliver store To: Example3.com forward joe@example.com >I.e.: different actions for different domains. >I am running mailscanner-4.29.7-1. > >Thanks. > >Ronnie Regev >System Administrator >Microsoft Certified Professional MCP >Daslweb Inc. >ronnie@daslweb.com > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Mon May 3 19:13:43 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions config In-Reply-To: <004901c43138$ec688960$0200a8c0@alexlaptop> Message-ID: <20040503181339.HBHY10950.tomts19-srv.bellnexxia.net@ronniepc> I think setting this up properly would allow for such a great amount of flexibility in terms of the service offered to clients as well. Would the format you listed be correct? -----Original Message----- From: Alex Neuman [mailto:alex@nkpanama.com] Sent: Monday, May 03, 2004 2:03 PM To: ronnie@daslweb.com Subject: RE: Spam Actions config This would be interesting for me because our local ISP's have a limited number of IP ranges, so I could, in theory, From: some.ip.address.block/24 forward abuse@isp1.com From: some.other.ipaddress.block/24 forward abuse@someotherisp.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ronnie Regev Sent: Monday, May 03, 2004 12:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Spam Actions config Hi, I have noticed that Spam Actions setting can also be the filename of a ruleset. What would the structure of the filename be if I wanted to accomplish the following: Example1.com bounce Example2.com deliver store Example3.com forward joe@example.com I.e.: different actions for different domains. I am running mailscanner-4.29.7-1. Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. ronnie@daslweb.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From eja at URBAKKEN.DK Mon May 3 19:18:07 2004 From: eja at URBAKKEN.DK (Erik Jakobsen) Date: Thu Jan 12 21:24:59 2006 Subject: More on Vexira In-Reply-To: <6.0.1.1.2.20040503183219.03eb13a0@wheresmymailserver.com> References: <6.0.1.1.2.20040503183219.03eb13a0@wheresmymailserver.com> Message-ID: <40968CDF.1080602@urbakken.dk> Julian Field wrote: > Okay, this time with the attachment :-) > > Attached is a zip file containing: > vexira-wrapper > vexira-autoupdate > SweepViruses.pm > The SweepViruses.pm goes in /usr/lib/MailScanner/MailScanner over the top > of the latest version of SweepViruses.pm. You will need to be running > 4.30.3 to use this new file. > > You will also need to add the following line to > /etc/MailScanner/virus.scanners.conf > > vexira /opt/MailScanner/lib/vexira-wrapper /usr/lib/Vexira I understand it as the SweepViruses.pm shal just be copied to overwrite the existent one. Am I right in that ? Shall there be made by manual a directory /opt/MailScanner/lib/vexira-wrapper ?. What does /usr/lib/Vexira contents. Where shall the vexira-autoupdate be placed ? > Once you have done that lot, you should be able to add > Virus Scanners = vexira > in your MailScanner.conf file. > > This takes MailScanner to 21 different virus scanning engines! There can't > be many left... > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -- Med venlig hilsen - Best regards. Erik Jakobsen - eja@urbakken.dk. Licensed radioamateur with the callsign OZ4KK. SuSE Linux 9.0 Proff. Registered as user #319488 with the Linux Counter, http://counter.li.org. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Mon May 3 19:21:07 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions config In-Reply-To: <6.0.1.1.2.20040503191210.03e45af0@imap.ecs.soton.ac.uk> Message-ID: <20040503182101.DCPY8548.tomts35-srv.bellnexxia.net@ronniepc> Thanks for the info. Would the following be correct: To: *@*.* delete To: exception.com deliver The purpose being to delete, or whatever action, by default, and then a secondary action for specific domains, in this case, to deliver. Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. ronnie@daslweb.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, May 03, 2004 2:13 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Spam Actions config At 18:38 03/05/2004, you wrote: >Hi, >I have noticed that Spam Actions setting can also be the filename of a >ruleset. What would the structure of the filename be if I wanted to >accomplish the following: > >Example1.com bounce >Example2.com deliver store >Example3.com forward joe@example.com To: Example1.com bounce To: Example2.com deliver store To: Example3.com forward joe@example.com >I.e.: different actions for different domains. >I am running mailscanner-4.29.7-1. > >Thanks. > >Ronnie Regev >System Administrator >Microsoft Certified Professional MCP >Daslweb Inc. >ronnie@daslweb.com > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon May 3 19:25:16 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions config In-Reply-To: <20040503182101.DCPY8548.tomts35-srv.bellnexxia.net@ronniepc> References: <6.0.1.1.2.20040503191210.03e45af0@imap.ecs.soton.ac.uk> Message-ID: <4096645C.8653.F3790B1@localhost> IIRC, the proper way to do what you want is To: exception.com deliver FromOrTo: Default delete El 3 May 2004 a las 14:21, Ronnie Regev escribi?: > Thanks for the info. > Would the following be correct: > > To: *@*.* delete > To: exception.com deliver > > The purpose being to delete, or whatever action, by default, and then a > secondary action for specific domains, in this case, to deliver. > > Thanks. > > Ronnie Regev > System Administrator > Microsoft Certified Professional MCP > Daslweb Inc. > ronnie@daslweb.com > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Julian Field > Sent: Monday, May 03, 2004 2:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Spam Actions config > > At 18:38 03/05/2004, you wrote: > >Hi, > >I have noticed that Spam Actions setting can also be the filename of a > >ruleset. What would the structure of the filename be if I wanted to > >accomplish the following: > > > >Example1.com bounce > >Example2.com deliver store > >Example3.com forward joe@example.com > > To: Example1.com bounce > To: Example2.com deliver store > To: Example3.com forward joe@example.com > > > >I.e.: different actions for different domains. > >I am running mailscanner-4.29.7-1. > > > >Thanks. > > > >Ronnie Regev > >System Administrator > >Microsoft Certified Professional MCP > >Daslweb Inc. > >ronnie@daslweb.com > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -- Mariano Absatz El Baby ---------------------------------------------------------- Daddy, why doesn't this magnet pick up this floppy disk? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From erich at MUSEUM.STATE.IL.US Mon May 3 19:33:09 2004 From: erich at MUSEUM.STATE.IL.US (Erich Schroeder) Date: Thu Jan 12 21:24:59 2006 Subject: OT (maybe) Vacation script stopped working Message-ID: I'm hunting down a new problem that may be coincedent with installing MailScanner several months ago. I've had a long-running mail server (Sendmail 8.11.6, RH 7.2) and I have been able to provide my users with the vacation script (using the version 1.2.6 from http://vacation.sourceforge.net/). I have to set up one for someone on maternity leave, and now I'm getting a message: 550 5.7.1 /home/bshea/.forward: line 1: "|vacation userid" ... Address is unsafe for mailing to programs This normally means that one doesn't have the vacation program "registered" with smrsh, but it is--just as it always was. The vacation program runs fine from the command line. The log files state that the error is coming from sendmail, but I was wondering if something in the installation of MailScanner could caused the change in my server. I expect that it's not the case, otherwise I would have found something when I searched the archives and MAQ. Erich -- --------------------------------------------------------------------- Erich Schroeder Phone: (217)785-0033 Curator, Information Technologies FAX: (217)785-2857 Illinois State Museum GIS Lab email:erich(at)illinois.state.museum http://illinois.state.museum/ --------------------------------------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brent at WHITE-DEV.QUATRO.COM Mon May 3 19:42:20 2004 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:24:59 2006 Subject: tao Linux In-Reply-To: A<002801c42edb$37499060$a301a8c0@cnpapers.net> Message-ID: <200405031834.i43IYeh32366@white-dev.quatro.com> You may also want to look at CentOS, its another popular rebuild of rh es. http://www.centos.org/index.php?option=displaypage&Itemid=62&op=page&SubMenu = http://ibiblio.org/pub/linux/distributions/caoslinux/centos-3/3.1/ I've used it internally for a few things and it appears to be a good project. Brent -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephe Campbell Sent: Friday, April 30, 2004 1:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: tao Linux Michele, Could you possibly elaborate on why you went to something other than a RH OS. This part really is the gut of the situation. Most of my servers are RH 7.3, which seems really stable. If I am to trust our future to the Open Source community, why shouldn't I trust them to keep RH 7.3, or any other RH version, up to date and safe? I do realize that old is not always best, but can you truthfully use this example to justify things like RH 8.0 versus RH 7.3? BTW, WhiteBox, as I recall, had some issues with their installation package (was there even an X interface?) How would you rate the installation process? A friend of mine at one of the US government laboratories here has highly recommended WB, but they rolled their own installation scripts for convenience., tailoring it more to their needs. They have more hands there than we do here, though. Thank you very much for your time and thoughts. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Michele Neylon :: Blacknight Solutions" To: Sent: Friday, April 30, 2004 12:55 PM Subject: Re: tao Linux > Stephen > > We are currently using Whitebox on approx 6 servers, that are a mixture of > shared and dedicated. To date we have not had any problems worth reporting > and have generally found it to be an improvement on RH9. > We have not used RHEL ES, so I cannot offer a comparison > > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Stephe Campbell > Sent: 30 April 2004 17:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] tao Linux > > I had looked at White Box and Tao once. I wasn't really sure how mature they > were. Can anyone offer an opinion of how complete both of these are compared > to what RHEL ES presently represents, please? > > An off-list reply would be fine, due to the content. > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > ----- Original Message ----- > From: "Michele Neylon :: Blacknight Solutions" > > To: > Sent: Friday, April 30, 2004 11:03 AM > Subject: Re: tao Linux > > > > I think he means with the standard install ie. You don't have to go > looking > > for it > > > > Mr Michele Neylon > > Blacknight Internet Solutions Ltd > > http://www.blacknight.ie/ > > Tel. +353 59 9137101 > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > > Of Marco Obaid > > Sent: 30 April 2004 15:24 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] tao Linux > > > > Hi Stephen, > > > > Quoting Stephen Swaney : > > > > > One nice feature of both distros is that they include MySQL which is > > missing > > > from the RH 3.0 release. > > > > I may have misunderstood your statement above, but mysql-server *is* > > available > > for RH 3.0. It is on the "Extras" channel of RHEL. > > > > > > Marco > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon May 3 19:45:19 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:59 2006 Subject: Bayes expiry, and bayes corruption In-Reply-To: <6.0.1.1.2.20040503235502.03cddb10@mail.tmisnet.com> References: <1083580212.9759.6.camel@azrael.de-verandering> <6.0.1.1.2.20040503123958.04521840@imap.ecs.soton.ac.uk> <6.0.1.1.2.20040503235502.03cddb10@mail.tmisnet.com> Message-ID: <4096933F.7090100@ucgbook.com> Gib Gilbertson Jr. wrote: > # /usr/local/bin/spamassassin --lint -C > /usr/local/etc/MailScanner/spam.assassin.prefs.conf > Failed to parse line in SpamAssassin configuration, skipping: > bayes_auto_expire 0 Since the default for expire is to do it (1) and your line is ignored for some reason I bet that's why you still have problems with it. Concentrate on fixing the above problem. I just needed to remove the comment from Julians example and it worked. Are you sure you don't have anything strange on that line or the one before or after? Like white space before or after the line or special characters or something? -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 20:04:01 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: More on Vexira In-Reply-To: <40968CDF.1080602@urbakken.dk> References: <6.0.1.1.2.20040503183219.03eb13a0@wheresmymailserver.com> <40968CDF.1080602@urbakken.dk> Message-ID: <6.0.1.1.2.20040503200319.03eae9e8@imap.ecs.soton.ac.uk> At 19:18 03/05/2004, you wrote: >Julian Field wrote: >>Okay, this time with the attachment :-) >> >>Attached is a zip file containing: >> vexira-wrapper > > vexira-autoupdate >> SweepViruses.pm >>The SweepViruses.pm goes in /usr/lib/MailScanner/MailScanner over the top >>of the latest version of SweepViruses.pm. You will need to be running >>4.30.3 to use this new file. >> >>You will also need to add the following line to >>/etc/MailScanner/virus.scanners.conf >> >>vexira /opt/MailScanner/lib/vexira-wrapper /usr/lib/Vexira > >I understand it as the SweepViruses.pm shal just be copied to overwrite >the existent one. Am I right in that ? Correct. >Shall there be made by manual a directory >/opt/MailScanner/lib/vexira-wrapper ?. > >What does /usr/lib/Vexira contents. > >Where shall the vexira-autoupdate be placed ? Both should be placed in /opt/MailScanner/lib. >>Once you have done that lot, you should be able to add >>Virus Scanners = vexira >>in your MailScanner.conf file. >> >>This takes MailScanner to 21 different virus scanning engines! There can't >>be many left... -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 3 20:04:43 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: OT (maybe) Vacation script stopped working In-Reply-To: References: Message-ID: <6.0.1.1.2.20040503200422.03ed35f0@imap.ecs.soton.ac.uk> MailScanner does not get involved with mail delivery or .forward files at all. At 19:33 03/05/2004, you wrote: >I'm hunting down a new problem that may be coincedent with installing >MailScanner several months ago. I've had a long-running mail server >(Sendmail 8.11.6, RH 7.2) and I have been able to provide my users with >the vacation script (using the version 1.2.6 from >http://vacation.sourceforge.net/). I have to set up one for someone on >maternity leave, and now I'm getting a message: > >550 5.7.1 /home/bshea/.forward: line 1: "|vacation userid" ... Address > is unsafe for mailing to programs > >This normally means that one doesn't have the vacation program >"registered" with smrsh, but it is--just as it always was. The vacation >program runs fine from the command line. > >The log files state that the error is coming from sendmail, but I was >wondering if something in the installation of MailScanner could caused the >change in my server. > >I expect that it's not the case, otherwise I would have found something >when I searched the archives and MAQ. > >Erich > >-- >--------------------------------------------------------------------- >Erich Schroeder Phone: (217)785-0033 >Curator, Information Technologies FAX: (217)785-2857 >Illinois State Museum GIS Lab email:erich(at)illinois.state.museum > http://illinois.state.museum/ >--------------------------------------------------------------------- > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From brent at WHITE-DEV.QUATRO.COM Mon May 3 20:19:31 2004 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:24:59 2006 Subject: tao Linux In-Reply-To: A<1083611007.3300.16.camel@bach.kevinspicer.co.uk> Message-ID: <200405031911.i43JBvh05752@white-dev.quatro.com> Actually it is using the rh es kernels: CentOS box rpm -qa | grep kernel kernel-pcmcia-cs-3.1.31-13 kernel-utils-2.4-8.37.1 kernel-2.4.21-9.0.1.EL.c0 kernel-source-2.4.21-9.0.1.EL.c0 rh es srpm mirror: kernel-2.4.21-9.0.1.EL.src.rpm 17-Feb-2004 14:23 I have Symantec manhunt, the current version of which is designed for rh es 3, running right of the box on a centos-3 server. I've been happy with it. For me it was between centos or tao, but I think I went with Centos because it had a larger following at the time, and released the patches faster. Brent -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer Sent: Monday, May 03, 2004 3:03 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: tao Linux On Mon, 2004-05-03 at 19:42, Brent wrote: > You may also want to look at CentOS, its another popular rebuild of rh es. > > http://www.centos.org/index.php?option=displaypage&Itemid=62&op=page&SubMenu > = Interesting, a brief comparison of the web sites for Whitebox, Tao and CentOS reveals the following significant differences between the distros. Whitebox - packages built for i386 (but with i686 instruction order optimisation). Additional kernels available for i686/athlon etc. Tao - packages built for i686 (at least I think thats what they are saying) CentOS - Uses vanilla kernels, couldn't spot what optimisations they were compiling with. It strikes me that using vanilla kernels doesn't really make a lot of sense, surely the Red Hat patch set is one of the key selling points of RHEL?? One of the reasons I'm interested in using one of the above is so I can get a long product life span. with the added benefit of being able to use the additional HP specific drivers that HP makes available for their hardware. I'm erring towards Tao, but I'd be interested in any comparisons. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Mon May 3 22:54:22 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:24:59 2006 Subject: spam.assassin.prefs.conf ruleset Message-ID: <4096955E.28004.FF6FF4B@localhost> Hi, one of the setups I have is an old MS 4.23-11 with SpamAssassin 2.63. It works quite nice, but I had a request from a group of people to use a special set of SA scores with some (only some) of the scores changed from the default 50_scores.cf. That seemed like a fit situation for rulesets, so I copied my spam.assasssin.prefs.conf to spam.assassin.prefs-other.conf and made a simple ruleset named spam.assassin.prefs.rules that says: To: someone@example.com spam.assassin.prefs-other.conf To: anotherone@example.com spam.assassin.prefs-other.conf FromOrTo: default spam.assassin.prefs.rules However, as soon as I restarted MailScanner I got: May 3 15:54:03 alerce1-or MailScanner-MX[2316]: Value of spamassassinprefsfile cannot be a ruleset, only a simple value :-( At first I thought that maybe upgrading to a newer MailScanner might solve this... but, as I write this, I fear not, since it probably has to do with the way SpamAssassin is initialized from within MailScanner. So, 1) Is this possible with the latest MailScanner? 2) if the answer to 1) is "no"... does anyone have a nice idea of how to implement differentiated SA scores? TIA. -- Mariano Absatz El Baby ---------------------------------------------------------- "Unix was not designed to stop people from doing stupid things, because that would also stop them from doing clever things." --Doug Gwyn -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From postmaster at caspa.frlp.utn.edu.ar Tue May 4 04:46:25 2004 From: postmaster at caspa.frlp.utn.edu.ar (MailScanner) Date: Thu Jan 12 21:24:59 2006 Subject: Atención: Virus detectado en e-mail Message-ID: <200405040346.i443kPL9010976@caspa.frlp.utn.edu.ar> Nuestro detector de virus ha sido activado por un mensaje enviado por Usted: A: tsp@frgp.utn.edu.ar Asunto: Mail Delivery (failure tsp@frgp.utn.edu.ar) Fecha: Tue May 4 00:46:25 2004 Las partes del mensaje que estaban infectadas no han sido enviadas. Este mensaje es s?lo para avisarle de que su sistema puede tener un virus y deber?a verificarlo. El detector de virus dijo lo siguiente acerca del mensaje: Informe: >>> Virus 'W32/Netsky-P' found in file message.scr Windows Screensavers are often used to hide viruses (message.scr) -- MailScanner Protecci?n contra Virus de E-mail www.mailscanner.info From mailscanner at ecs.soton.ac.uk Mon May 3 18:27:02 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:24:59 2006 Subject: More on Vexira In-Reply-To: <6.0.1.1.2.20040503171424.03e371f8@imap.ecs.soton.ac.uk> References: <1488394A34F6A0408FDA3841418D14420F2459@scorpio.auron.mi> <6.0.1.1.2.20040503171424.03e371f8@imap.ecs.soton.ac.uk> Message-ID: <6.0.1.1.2.20040503182341.03e45af0@imap.ecs.soton.ac.uk> Attached is a zip file containing: vexira-wrapper vexira-autoupdate SweepViruses.pm The SweepViruses.pm goes in /usr/lib/MailScanner/MailScanner over the top of the latest version of SweepViruses.pm. You will need to be running 4.30.3 to use this new file. You will also need to add the following line to /etc/MailScanner/virus.scanners.conf vexira /opt/MailScanner/lib/vexira-wrapper /usr/lib/Vexira Once you have done that lot, you should be able to add Virus Scanners = vexira in your MailScanner.conf file. This takes MailScanner to 21 different virus scanning engines! There can't be many left... -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Mon May 3 19:03:16 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:59 2006 Subject: non english AVG support In-Reply-To: <6.0.1.1.2.20040503123907.045219f0@imap.ecs.soton.ac.uk> References: <40962080.5353.31CE8F@localhost> <6.0.1.1.2.20040503123907.045219f0@imap.ecs.soton.ac.uk> Message-ID: <1083607395.3306.2.camel@bach.kevinspicer.co.uk> On Mon, 2004-05-03 at 12:39, Julian Field wrote: > Thanks for letting me know about that. > The fix will be in the next release. > Julian, is it worth adding that to the environment before MailScanner calls the external wrapper scripts, rather than putting it in the wrapper script for AVG (assuming that is what you did)? My thinking is that will avoid future problems with any other scanner that supports locales (or starts to support in a future release). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Mon May 3 20:03:27 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:24:59 2006 Subject: tao Linux In-Reply-To: <200405031834.i43IYeh32366@white-dev.quatro.com> References: <200405031834.i43IYeh32366@white-dev.quatro.com> Message-ID: <1083611007.3300.16.camel@bach.kevinspicer.co.uk> On Mon, 2004-05-03 at 19:42, Brent wrote: > You may also want to look at CentOS, its another popular rebuild of rh es. > > http://www.centos.org/index.php?option=displaypage&Itemid=62&op=page&SubMenu > = Interesting, a brief comparison of the web sites for Whitebox, Tao and CentOS reveals the following significant differences between the distros. Whitebox - packages built for i386 (but with i686 instruction order optimisation). Additional kernels available for i686/athlon etc. Tao - packages built for i686 (at least I think thats what they are saying) CentOS - Uses vanilla kernels, couldn't spot what optimisations they were compiling with. It strikes me that using vanilla kernels doesn't really make a lot of sense, surely the Red Hat patch set is one of the key selling points of RHEL?? One of the reasons I'm interested in using one of the above is so I can get a long product life span. with the added benefit of being able to use the additional HP specific drivers that HP makes available for their hardware. I'm erring towards Tao, but I'd be interested in any comparisons. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ryan at MARINOCRANE.COM Mon May 3 20:37:56 2004 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions Question Message-ID: <40969F94.80008@marinocrane.com> Currently, I have MailScanner set up to *delete* high scoring spam. I would like to have the option to forward those high scoring messages to a different machine for testing purposes. I have tried the *forward* option (Shown Below), which does work, although it also delivers the messages to the originally intended users. *High Scoring Spam Actions = delete forward bob@bob.com* I would like to forward these messages to another machine, but also have them NOT delievered (deleted) to the original addressees! Any ideas? Than you Ryan Pitt -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Mon May 3 20:34:39 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:24:59 2006 Subject: Mail header received from question Message-ID: <20040503193434.JCLK10950.tomts19-srv.bellnexxia.net@ronniepc> After having setup mailscanner-4.29.7-1 as a mailscanner relay server, I have noticed that all mail being scanned have the following in their header: Received: from filter.daslweb.ca (filter.daslweb.ca.224.39.65.in-addr.arpa [65.39.224.201] (may be forged)) Filter.daslweb.ca being my mailscanner relay server. Why would the from server be detected as being forged? Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. ronnie@daslweb.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From stephen at STEPHENFLETCHER.CO.UK Mon May 3 20:59:21 2004 From: stephen at STEPHENFLETCHER.CO.UK (Stephen Fletcher) Date: Thu Jan 12 21:24:59 2006 Subject: MailScanner.pid??? Message-ID: <004001c43149$3251c5d0$1f8069d5@stephen5vmdxc8> Hi Peter, When I do the "ps -ef | grep Mail" command I got the following output: root 1761 1 0 Apr26 ? 00:00:00 perl -I/usr/lib/MailScanner /usr root 1762 1761 0 Apr26 ? 00:00:05 [MailScanner ] root 1768 1761 0 Apr26 ? 00:00:05 [MailScanner ] root 1771 1761 0 Apr26 ? 00:00:05 [MailScanner ] root 1793 1761 0 Apr26 ? 00:00:05 [MailScanner ] root 15855 1761 3 20:35 ? 00:00:00 [MailScanner ] root 15857 15668 0 20:36 pts/0 00:00:00 grep Mail And as you said I the did "kill 1761", but had to do it a couple of times to make sure it had stopped. Then "/etc/rc.d/init.d/MailScanner stop", "/etc/rc.d/init.d/sendmail stop", then restarted it all up by "/etc/rc.d/init.d/MailScanner start". Hurray!!!! Thank-you so much Peter! It seems to be working again and the MailScanner headers are appearing in the emails again. I't is much appreciated. Thanks. Stephen Fletcher stephen@stephenfletcher.co.uk -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From joey at JOESMITH.NET Mon May 3 21:14:20 2004 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions Question In-Reply-To: <40969F94.80008@marinocrane.com> Message-ID: On Mon, 3 May 2004, Ryan Pitt wrote: > Currently, I have MailScanner set up to *delete* high scoring spam. > I would like to have the option to forward those high scoring messages > to a different machine for testing purposes. > I have tried the *forward* option (Shown Below), which does work, > although it also delivers the messages to the originally intended users. > *High Scoring Spam Actions = delete forward bob@bob.com* > I would like to forward these messages to another machine, but also have > them NOT delievered (deleted) to the original addressees! Try changing the line to: High Scoring Spam Actions = forward bob@bob.com This is how I have my boxes setup when I want to not sent to the original recepient but forward to another address. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon May 3 21:06:26 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:59 2006 Subject: Mail header received from question In-Reply-To: <20040503193434.JCLK10950.tomts19-srv.bellnexxia.net@ronniepc> References: <20040503193434.JCLK10950.tomts19-srv.bellnexxia.net@ronniepc> Message-ID: <4096A642.5080708@ucgbook.com> Ronnie Regev wrote: > Received: from filter.daslweb.ca (filter.daslweb.ca.224.39.65.in-addr.arpa > [65.39.224.201] (may be forged)) From Sendmail FAQ: --> Q3.38 -- What does "may be forged" mean? Date: November 12, 2001 After sendmail does a hostname look-up on the IP address of the connecting client, the IP addresses of that hostname are looked up. If the client IP address does not appear in that list, then the may be forged tag is added. <-- Common mistake, especially among Microsoft techs. ;-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Mon May 3 20:24:32 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions config In-Reply-To: <4096645C.8653.F3790B1@localhost> Message-ID: <20040503192429.JFHR17510.tomts28-srv.bellnexxia.net@ronniepc> I have set up the following in mailscanner.conf: Spam Actions = %rules-dir%/spam.actions And spam.actions as follows: To: example.com delete To: regev.ca delete FromOrTo: Default deliver When I send a GTUBE test to ronnie@regev.ca, it is identified as spam, however, the message is still delivered to the mailbox. All other spam is still being delivered to mailboxes. Any ideas? Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. 514-874-9809 ronnie@daslweb.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mariano Absatz Sent: Monday, May 03, 2004 2:25 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Spam Actions config IIRC, the proper way to do what you want is To: exception.com deliver FromOrTo: Default delete El 3 May 2004 a las 14:21, Ronnie Regev escribi?: > Thanks for the info. > Would the following be correct: > > To: *@*.* delete > To: exception.com deliver > > The purpose being to delete, or whatever action, by default, and then a > secondary action for specific domains, in this case, to deliver. > > Thanks. > > Ronnie Regev > System Administrator > Microsoft Certified Professional MCP > Daslweb Inc. > ronnie@daslweb.com > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Julian Field > Sent: Monday, May 03, 2004 2:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Spam Actions config > > At 18:38 03/05/2004, you wrote: > >Hi, > >I have noticed that Spam Actions setting can also be the filename of a > >ruleset. What would the structure of the filename be if I wanted to > >accomplish the following: > > > >Example1.com bounce > >Example2.com deliver store > >Example3.com forward joe@example.com > > To: Example1.com bounce > To: Example2.com deliver store > To: Example3.com forward joe@example.com > > > >I.e.: different actions for different domains. > >I am running mailscanner-4.29.7-1. > > > >Thanks. > > > >Ronnie Regev > >System Administrator > >Microsoft Certified Professional MCP > >Daslweb Inc. > >ronnie@daslweb.com > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -- Mariano Absatz El Baby ---------------------------------------------------------- Daddy, why doesn't this magnet pick up this floppy disk? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lbergman at WTXS.NET Mon May 3 21:45:40 2004 From: lbergman at WTXS.NET (Lewis Bergman) Date: Thu Jan 12 21:24:59 2006 Subject: bayes_99 Message-ID: <200405031545.40387.lbergman@wtxs.net> I am getting almost every mail hit on the BAYES_99 test which has a score of 5.4. My low spam score is 5 so almost every message is getting flagged. This started about a week ago. Is there any way to clean up a db that has been corrupted? Or, is 5 to low? I have been ruinning at 5 for about 2 years pretty well. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 301 800-299-6962 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon May 3 21:39:45 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:24:59 2006 Subject: Spam Actions Question In-Reply-To: <40969F94.80008@marinocrane.com> References: <40969F94.80008@marinocrane.com> Message-ID: Ryan Pitt wrote: > Currently, I have MailScanner set up to *delete* high scoring spam. > I would like to have the option to forward those high scoring messages > to a different machine for testing purposes. > I have tried the *forward* option (Shown Below), which does work, > although it also delivers the messages to the originally intended users. > *High Scoring Spam Actions = delete forward bob@bob.com* try: High Scoring Spam Actions = forward bob@bob.com What probably happens in your case is that the message is deleted before it is forwarded. > I would like to forward these messages to another machine, but also have > them NOT delievered (deleted) to the original addressees! > > Any ideas? > > Than you > Ryan Pitt > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Mon May 3 21:54:30 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:24:59 2006 Subject: spam.assassin.prefs.conf whitelist/blackist Message-ID: <002401c43150$d47998e0$7601a8c0@cnpapers.net> Curious enough today, someone mentioned the whitelist, blacklist entries in spam.assassin.prefs.conf just about the time I had considered a question about these also. Can I assume that these differ from the MS whitelist/blacklist entries in MS.conf rulesets in that they look through all To:/From: of the headers instead of just the envelop information? If this is so, what does MS do with something blacklisted in the spam.assassin.prefs.conf (SAPC) when this is triggered? I'm having a little trouble blocking things that are saying they are from someone in our domains, but are not. So I guess the envelop is saying From: ####@cnpapers.com but is really from another IP/domain. Steve Campbell campbell@cnpapers.com Charleston Newspapers -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon May 3 22:31:14 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:24:59 2006 Subject: bayes_99 In-Reply-To: <200405031545.40387.lbergman@wtxs.net> References: <200405031545.40387.lbergman@wtxs.net> Message-ID: <4096BA22.20500@ucgbook.com> Lewis Bergman wrote: > I am getting almost every mail hit on the BAYES_99 test which has a score of > 5.4. My low spam score is 5 so almost every message is getting flagged. This > started about a week ago. Is there any way to clean up a db that has been > corrupted? Just delete the files and it will start over. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From erich at MUSEUM.STATE.IL.US Mon May 3 22:36:33 2004 From: erich at MUSEUM.STATE.IL.US (Erich Schroeder) Date: Thu Jan 12 21:25:00 2006 Subject: OT (maybe) Vacation script stopped working In-Reply-To: Message-ID: Thanks for your response Julian, great program, and great support. For the record, the problem was that sendmail is sensitve to permissions, and would fail if the .forward file was group writable. Erich -- --------------------------------------------------------------------- Erich Schroeder Phone: (217)785-0033 Curator, Information Technologies FAX: (217)785-2857 Illinois State Museum GIS Lab email:erich(at)illinois.state.museum http://illinois.state.museum/ --------------------------------------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon May 3 22:36:21 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:00 2006 Subject: bayes_99 In-Reply-To: <200405031633.59952.lbergman@wtxs.net> References: <200405031545.40387.lbergman@wtxs.net> <4096BA22.20500@ucgbook.com> <200405031633.59952.lbergman@wtxs.net> Message-ID: <4096BB55.2090003@ucgbook.com> Lewis Bergman wrote: > Thanks. Sorry about the repeat question. I finally found it in the archives > dated 3/27/04 No problemo. 8-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Mon May 3 22:36:21 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:00 2006 Subject: bayes_99 In-Reply-To: <200405031545.40387.lbergman@wtxs.net> Message-ID: <20040503213621.6E5B321C278@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lewis Bergman > Sent: Monday, May 03, 2004 4:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: bayes_99 > > I am getting almost every mail hit on the BAYES_99 test which has a score > of > 5.4. My low spam score is 5 so almost every message is getting flagged. > This > started about a week ago. Is there any way to clean up a db that has been > corrupted? > Lewis, You have to start over with a clean database. There is a starter database I've created at: http://www.fsl.com/support/bayes-starter.tar.gz try: wget http://www.fsl.com/support/bayes-starter.tar.gz To download the database. Remove your existing bayes databases and install this on. Make sure the ownerships and permissions match you old bays_* files. This will jumpstart the auto_learn process since this DB has +200 hams and spams. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > Or, is 5 to low? I have been ruinning at 5 for about 2 years pretty well. > -- > Lewis Bergman > Texas Communications > 4309 Maple St. > Abilene, TX 79602-8044 > 915-695-6962 ext 301 > 800-299-6962 > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon May 3 22:34:11 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:00 2006 Subject: spam.assassin.prefs.conf whitelist/blackist In-Reply-To: <002401c43150$d47998e0$7601a8c0@cnpapers.net> References: <002401c43150$d47998e0$7601a8c0@cnpapers.net> Message-ID: <4096BAD3.2020102@ucgbook.com> Stephe Campbell wrote: > If this is so, what does MS do with something blacklisted in the > spam.assassin.prefs.conf (SAPC) when this is triggered? The white/blacklists in MS override everything but in SA they only add to the score as every other rule. I think a blacklisted address adds 100 points but if it's whitelisted in MS that will still win. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lbergman at WTXS.NET Mon May 3 22:33:59 2004 From: lbergman at WTXS.NET (Lewis Bergman) Date: Thu Jan 12 21:25:00 2006 Subject: bayes_99 In-Reply-To: <4096BA22.20500@ucgbook.com> References: <200405031545.40387.lbergman@wtxs.net> <4096BA22.20500@ucgbook.com> Message-ID: <200405031633.59952.lbergman@wtxs.net> On Monday 03 May 2004 04:31 pm, Peter Bonivart wrote: > Lewis Bergman wrote: > > I am getting almost every mail hit on the BAYES_99 test which has a score > > of 5.4. My low spam score is 5 so almost every message is getting > > flagged. This started about a week ago. Is there any way to clean up a db > > that has been corrupted? > > Just delete the files and it will start over. Thanks. Sorry about the repeat question. I finally found it in the archives dated 3/27/04 -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 301 800-299-6962 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Mon May 3 22:56:00 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:00 2006 Subject: problems with bitdefender In-Reply-To: References: Message-ID: <4096BFF0.3010404@eatathome.com.au> No output :( had asked Julian for a bit of help but he concludes that something is not quite right with linux compatability - i guess its because the enviornment variables requires to run stuff in linux isnt the same as with BSD - is this worth looking into further? We actually have an etrust license - have you ever tried to get this working under BSD? thanks Pete Jan-Peter Koopmann wrote: >On Monday, May 03, 2004 2:57 PM Pete wrote: > > > >>Seems like i had the wrong linux-base installed, so i install >>base-8 which seems to be the latest, but now bdc seems to >>run, but there is no output and running update_virus_scanners >>list absolutely nothing other than clamav stuff in the >>maillog - i have added bitdefender to virus scanners = . >> >>Anyone else got any tips on getting this running under Freebsd 4.9 ? >> >> > >Just tried it this morning without any luck. It installed but if you run bdc it simply exits without saying anything. Try to run > >bdc --help > >No output here. If you get output, then you are already more successful than I am. :-) > > >Regards > >Jan-Peter Koopmann >Dipl.-Wirtschaftsinformatiker >Gesch?ftsf?hrer / COO > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Mon May 3 23:00:53 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:00 2006 Subject: Ruleset to NOT append to header. - Lotus Domino In-Reply-To: <3EA1A302A4978A4C970D2C63F327156E02406E71@worc-mail2.int.morganco.com> References: <3EA1A302A4978A4C970D2C63F327156E02406E71@worc-mail2.int.morganco.com> Message-ID: <4096C115.6050709@eatathome.com.au> One of the developers of SMPT for domino Matt Chant repsonds to almost the same query as yours on the Notes forums. http://www-10.lotus.com/ldd/46dom.nsf/55c38d716d632d9b8525689b005ba1c0/f9af0b31f08e739e85256c210055a20c?OpenDocument Hancock, Scott wrote: >I have a vendor running The Lotus Domino Release 5.0.12. Lotus is >rejecting my email because of the last two lines in the email header. > >For example: > >058 X-Morgan-MailScanner: Found to be clean >042 X-MailScanner-From: hancocknsd@morganco.com > >If I delete these lines from the header, the mail is delivered. >Otherwise, my mail is rejected with > >554 Error writing message to safe storage; message could not be stored >to disk > >In the conf file, I see I can make a ruleset. > ># Add this extra header to all mail as it is processed. ># This *must* include the colon ":" at the end. ># This can also be the filename of a ruleset. >Mail Header = %rules-dir%/writeheader.rules > > >Is this the proper syntax? >------------------------------------ ># This next line gives an example of how you might enable this option >for ># a frequent customer of yours. > >FromOrTo: LotusServer.com no > ># Under no circumstances should this be changed to "yes". >FromOrTo: default X-%org-name%-MailScanner: >------------------------------------- > > >Or should I tell this guy to straighten out his email system? Any lotus >domino users here know the settings to fix this? > > >Thanks > >Scott Hancock >Morgan Construction. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Mon May 3 23:02:58 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:00 2006 Subject: Ruleset to NOT append to header. - Lotus Domino In-Reply-To: <3EA1A302A4978A4C970D2C63F327156E02406E73@worc-mail2.int.morganco.com> References: <3EA1A302A4978A4C970D2C63F327156E02406E73@worc-mail2.int.morganco.com> Message-ID: <4096C192.7050907@eatathome.com.au> > >This is from their email admin after reporting 5GB of free disk space on >all volumes. > > I too am fortuante enough look after a Domino network and MailScaner is working perfectly for us. Let me know if you want me to check or test anytthing for you, we too are running mix of 5.011/5.0.12 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From hywel at BURRIS.ORG.UK Mon May 3 23:24:47 2004 From: hywel at BURRIS.ORG.UK (Hywel Burris) Date: Thu Jan 12 21:25:00 2006 Subject: problems with bitdefender In-Reply-To: <6.0.1.1.2.20040503171743.03e52688@imap.ecs.soton.ac.uk> Message-ID: <200405032227.i43MRB3s020195@mail.burris.org.uk> Sorry I did see it but thought it was another generic load of rubbish! Too used to seeing Microsoft and other sites that give invaluable information. Learnt my lesson -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 03 May 2004 17:18 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: problems with bitdefender At 16:35 03/05/2004, you wrote: >I can't get this working on fedora core 1 with mailscanner 4.30.3-2 > >I am getting the following error when I run in debug > >FATAL: *Please go and READ* >http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml as it >will tell you what to do. at >/usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2472 Yes, well done. Did you read the error message? Did you do what it says? I can't make the error much more clear than this! >Bitdefender seems to be installed ok > >[root@mail MailScanner]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >/tmp >// >// BDC scan report >// >// Time: Mon May 3 16:35:14 2004 >// Command line: --log=/tmp/log.bdc.4635 /tmp >// Core: AVCORE v1.0 (build 2095) (i386) (Dec 10 2003 16:34:47) >// Engines: scan: 12, unpack: 3, archive: 34, mail: 6 >// Total signatures: 76479 >// > > > >Results: >Folders :4 >Files :0 >Packed :0 >Infected files :0 >Suspect files :0 >Warnings :0 >I/O errors :0 > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of David While >Sent: 02 May 2004 11:25 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: problems with bitdefender > >I have just upgraded to the latest version of MailScanner and the >bitdefender scripts don't work. > >1. It is not detected as being installed. This is because >bitdefender-wrapper should have $2 not $1 on line 46. > >2. There is no message output in the log to indicate whether there was an >update or not. > >I have the new version of bitdefender which has the working --update flag. > > >PS Bitdefender is free for Linux so people may like to consider adding it as >another defence. > >Quote from the Bitdefender web site: "BitDefender Linux Edition v7 is a >freeware product, which doesn't require a license to be used." > >David While > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3028 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040503/fc0d99cc/smime.bin From kevins at BMRB.CO.UK Mon May 3 23:29:18 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:00 2006 Subject: tao Linux In-Reply-To: <200405031911.i43JBvh05752@white-dev.quatro.com> References: <200405031911.i43JBvh05752@white-dev.quatro.com> Message-ID: <1083623358.3305.18.camel@bach.kevinspicer.co.uk> On Mon, 2004-05-03 at 20:19, Brent wrote: > Actually it is using the rh es kernels: > > CentOS box > rpm -qa | grep kernel > kernel-pcmcia-cs-3.1.31-13 > kernel-utils-2.4-8.37.1 > kernel-2.4.21-9.0.1.EL.c0 > kernel-source-2.4.21-9.0.1.EL.c0 > > rh es srpm mirror: > kernel-2.4.21-9.0.1.EL.src.rpm 17-Feb-2004 14:23 Which serves me right for believing the FAQ http://www.caosity.org/index.php?option=faq&task=viewfaq&artid=8&Itemid=5 BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From William.Burns at AEROFLEX.COM Mon May 3 23:40:30 2004 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:25:00 2006 Subject: OT (maybe) Vacation script stopped working In-Reply-To: References: Message-ID: <4096CA5E.50301@aeroflex.com> Erich: Erich Schroeder wrote: >Thanks for your response Julian, great program, and great support. > >For the record, the problem was that sendmail is sensitve to permissions, >and would fail if the .forward file was group writable. > > Here's another solution (assuming you dont WANT to fix your permissions) http://www.sendmail.org/tips/DontBlameSendmail.html -Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Mon May 3 23:49:49 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:00 2006 Subject: MailScanner question and add-ons Message-ID: <5.2.1.1.0.20040503154721.02c5bb80@pop.courtesymortgage.com> Not sure if this is politically correct to ask this here, but I know a lot of people use Mailwatch here. I was curious if those people use the mailwatch mailing list to answer and ask questions? Everything has gone well in my setup of the Mailwatch and Mailscanner and now im just tweaking things a bit and making them right. Just wanted to know where the best place is to get mailwatch info. I apologize if this is inappropriate. >Will you ever go live? ;-) No one prepped as much as you. That's a good >thing of course. :-) >-- >/Peter Bonivart Hopefully. :) Management keeps finding things they want and they change their mind. They saw mailwatch and were awed by the eye-candy...so I spent the weekend getting it up and ready for tonight. :) Cheers, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon May 3 23:56:02 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:00 2006 Subject: tao Linux In-Reply-To: <1083623358.3305.18.camel@bach.kevinspicer.co.uk> References: <200405031911.i43JBvh05752@white-dev.quatro.com> <1083623358.3305.18.camel@bach.kevinspicer.co.uk> Message-ID: <4096CE02.5030104@ucgbook.com> Kevin Spicer wrote: > Which serves me right for believing the FAQ > http://www.caosity.org/index.php?option=faq&task=viewfaq&artid=8&Itemid=5 No offense to Kevin or anyone else posting in this thread but hasn't this gone on for long enough now? I haven't seen MS mentioned once, it's basically just a couple of distros which many of us may have some generic interest in but it's not MS specific in any way. Maybe I could make a SA rule: describe LOCAL_TAO_OT Off topic post about new linux distros header LOCAL_TAO_OT Subject ~= /tao linux/i score LOCAL_TAO_OT 10 :-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Tue May 4 00:00:53 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:00 2006 Subject: MailScanner question and add-ons In-Reply-To: <5.2.1.1.0.20040503154721.02c5bb80@pop.courtesymortgage.com> References: <5.2.1.1.0.20040503154721.02c5bb80@pop.courtesymortgage.com> Message-ID: <4096CF25.80001@eatathome.com.au> use the mailwatch list, its very good and Steve Freegard is extremly helpful and knowledgable. Pete > Not sure if this is politically correct to ask this here, but I know a > lot > of people use Mailwatch here. I was curious if those people use the > mailwatch mailing list to answer and ask questions? > > Everything has gone well in my setup of the Mailwatch and Mailscanner and > now im just tweaking things a bit and making them right. > > Just wanted to know where the best place is to get mailwatch info. > > I apologize if this is inappropriate. > > >Will you ever go live? ;-) No one prepped as much as you. That's a good > >thing of course. :-) > > >-- > >/Peter Bonivart > > Hopefully. :) Management keeps finding things they want and they change > their mind. They saw mailwatch and were awed by the eye-candy...so I > spent > the weekend getting it up and ready for tonight. :) > > Cheers, > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Tue May 4 00:17:40 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's Message-ID: <011701c43164$d9e2da30$0d01a8c0@DAVID> Hi Julian, It would appear that read reciepts are still being signed, abeit a lot more gracefully, and PDF's are still being corrupted in the 4.30.3-1 version of MailScanner. I'm not sure if anyone else is noticing this, but it's definately happening on at least one of our boxes, all of which were upgraded to 4.30.3-1 over the weekend. Regards, David Hooton Senior Partner Platform Networks 1300 85 4678 www.platformnetworks.net ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040504/3de658e0/attachment.html From lance at UKLINUX.NET Tue May 4 01:07:57 2004 From: lance at UKLINUX.NET (Lance Davis) Date: Thu Jan 12 21:25:00 2006 Subject: tao Linux In-Reply-To: <1083623358.3305.18.camel@bach.kevinspicer.co.uk> Message-ID: On Mon, 3 May 2004, Kevin Spicer wrote: > On Mon, 2004-05-03 at 20:19, Brent wrote: > > Actually it is using the rh es kernels: > > > > CentOS box > > rpm -qa | grep kernel > > kernel-pcmcia-cs-3.1.31-13 > > kernel-utils-2.4-8.37.1 > > kernel-2.4.21-9.0.1.EL.c0 > > kernel-source-2.4.21-9.0.1.EL.c0 > > > > rh es srpm mirror: > > kernel-2.4.21-9.0.1.EL.src.rpm 17-Feb-2004 14:23 > > Which serves me right for believing the FAQ > http://www.caosity.org/index.php?option=faq&task=viewfaq&artid=8&Itemid=5 You are confusing cAos - which does use kernel.org kernels, with CentOS which is a rebuild of redhat enterprise linux. Lance -- uklinux.net - The ISP of choice for the discerning Linux user. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lance at UKLINUX.NET Tue May 4 01:07:57 2004 From: lance at UKLINUX.NET (Lance Davis) Date: Thu Jan 12 21:25:00 2006 Subject: tao Linux In-Reply-To: <1083623358.3305.18.camel@bach.kevinspicer.co.uk> Message-ID: <20040504002148.57EB8EF180@mail.elmjack.com> On Mon, 3 May 2004, Kevin Spicer wrote: > On Mon, 2004-05-03 at 20:19, Brent wrote: > > Actually it is using the rh es kernels: > > > > CentOS box > > rpm -qa | grep kernel > > kernel-pcmcia-cs-3.1.31-13 > > kernel-utils-2.4-8.37.1 > > kernel-2.4.21-9.0.1.EL.c0 > > kernel-source-2.4.21-9.0.1.EL.c0 > > > > rh es srpm mirror: > > kernel-2.4.21-9.0.1.EL.src.rpm 17-Feb-2004 14:23 > > Which serves me right for believing the FAQ > http://www.caosity.org/index.php?option=faq&task=viewfaq&artid=8&Itemid=5 You are confusing cAos - which does use kernel.org kernels, with CentOS which is a rebuild of redhat enterprise linux. Lance -- uklinux.net - The ISP of choice for the discerning Linux user. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -- This message has been scanned for viruses and other dangerous content by MailScanner and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue May 4 02:09:07 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:00 2006 Subject: tao Linux In-Reply-To: <4096CE02.5030104@ucgbook.com> Message-ID: <200405040104.i44146WT001562@monitor.blacknight.ie> Peter Apologies if it seemed completely OT, but there was a very valid reason for bringing this up. As you know RH are no longer supporting RH9 and so the choice is to either switch distros entirely, move to RHE or look at alternatives. A lot of people on this list use RH or a derivative thereof, which is why I asked here. Sorry if this bothered you :) Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart Sent: 03 May 2004 23:56 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] tao Linux Kevin Spicer wrote: > Which serves me right for believing the FAQ > http://www.caosity.org/index.php?option=faq&task=viewfaq&artid=8&Itemid=5 No offense to Kevin or anyone else posting in this thread but hasn't this gone on for long enough now? I haven't seen MS mentioned once, it's basically just a couple of distros which many of us may have some generic interest in but it's not MS specific in any way. Maybe I could make a SA rule: describe LOCAL_TAO_OT Off topic post about new linux distros header LOCAL_TAO_OT Subject ~= /tao linux/i score LOCAL_TAO_OT 10 :-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gib at TMISNET.COM Tue May 4 04:17:14 2004 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:25:00 2006 Subject: Bayes expiry, and bayes corruption In-Reply-To: <4096933F.7090100@ucgbook.com> References: <1083580212.9759.6.camel@azrael.de-verandering> <6.0.1.1.2.20040503123958.04521840@imap.ecs.soton.ac.uk> <6.0.1.1.2.20040503235502.03cddb10@mail.tmisnet.com> <4096933F.7090100@ucgbook.com> Message-ID: <6.0.1.1.2.20040504130934.02b9b188@mail.tmisnet.com> Hi. At 08:45 PM 5/3/2004 +0200, you wrote: >Gib Gilbertson Jr. wrote: >># /usr/local/bin/spamassassin --lint -C >>/usr/local/etc/MailScanner/spam.assassin.prefs.conf >>Failed to parse line in SpamAssassin configuration, skipping: >>bayes_auto_expire 0 > >Since the default for expire is to do it (1) and your line is ignored >for some reason I bet that's why you still have problems with it. >Concentrate on fixing the above problem. > >I just needed to remove the comment from Julians example and it worked. >Are you sure you don't have anything strange on that line or the one >before or after? Like white space before or after the line or special >characters or something? I don't believe it's being ignored. It is when you lint the spamassassin rules and give it the local of the spamassassin conf file it then tells you "Failed to parse line in SpamAssassin configuration, skipping: bayes_auto_expire 0" I'm just trying to figure out is it just skipping that configuration option because ti doesn't know what to do with it, or is it skipping the rest of the checks because it failed at that point. Because of that line in the config file, other scripts I run which lint the spamassassin rules fail. gib >-- >/Peter Bonivart > >--Unix lovers do it in the Sun > >Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, >SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's "Friendly ISP" -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Mon May 3 19:48:36 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:00 2006 Subject: Help with queue backup In-Reply-To: <8BD06A60242B4341B8919A4AC958C1D0181BD6@busted.dandd.com> References: <8BD06A60242B4341B8919A4AC958C1D0181BD6@busted.dandd.com> Message-ID: <40969404.9060105@ucgbook.com> Vicchiullo, Rob wrote: > I actually tried having the 2 queue dirs on separate > disks but mailscanner died compaining that the queues > needed to be on the same partition. OK, could you try to have both mqueue.in and mqueue under /export/home? Did you do any of the other steps? -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From eja at URBAKKEN.DK Tue May 4 04:44:30 2004 From: eja at URBAKKEN.DK (Erik Jakobsen) Date: Thu Jan 12 21:25:00 2006 Subject: More on Vexira In-Reply-To: <6.0.1.1.2.20040503200319.03eae9e8@imap.ecs.soton.ac.uk> References: <6.0.1.1.2.20040503183219.03eb13a0@wheresmymailserver.com> <40968CDF.1080602@urbakken.dk> <6.0.1.1.2.20040503200319.03eae9e8@imap.ecs.soton.ac.uk> Message-ID: <4097119E.9060708@urbakken.dk> Thanks Jules. Julian Field wrote: > At 19:18 03/05/2004, you wrote: > >> Julian Field wrote: >> >>> Okay, this time with the attachment :-) >>> >>> Attached is a zip file containing: >>> vexira-wrapper >> >> > vexira-autoupdate >> >>> SweepViruses.pm >>> The SweepViruses.pm goes in /usr/lib/MailScanner/MailScanner over the >>> top >>> of the latest version of SweepViruses.pm. You will need to be running >>> 4.30.3 to use this new file. >>> >>> You will also need to add the following line to >>> /etc/MailScanner/virus.scanners.conf >>> >>> vexira /opt/MailScanner/lib/vexira-wrapper /usr/lib/Vexira >> >> >> I understand it as the SweepViruses.pm shal just be copied to overwrite >> the existent one. Am I right in that ? > > > Correct. > >> Shall there be made by manual a directory >> /opt/MailScanner/lib/vexira-wrapper ?. >> >> What does /usr/lib/Vexira contents. >> >> Where shall the vexira-autoupdate be placed ? > > > Both should be placed in /opt/MailScanner/lib. > >>> Once you have done that lot, you should be able to add >>> Virus Scanners = vexira >>> in your MailScanner.conf file. >>> >>> This takes MailScanner to 21 different virus scanning engines! There >>> can't >>> be many left... > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -- Med venlig hilsen - Best regards. Erik Jakobsen - eja@urbakken.dk. Licensed radioamateur with the callsign OZ4KK. SuSE Linux 9.0 Proff. Registered as user #319488 with the Linux Counter, http://counter.li.org. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From eja at URBAKKEN.DK Tue May 4 04:49:58 2004 From: eja at URBAKKEN.DK (Erik Jakobsen) Date: Thu Jan 12 21:25:00 2006 Subject: More on Vexira In-Reply-To: <6.0.1.1.2.20040503200319.03eae9e8@imap.ecs.soton.ac.uk> References: <6.0.1.1.2.20040503183219.03eb13a0@wheresmymailserver.com> <40968CDF.1080602@urbakken.dk> <6.0.1.1.2.20040503200319.03eae9e8@imap.ecs.soton.ac.uk> Message-ID: <409712E6.1030103@urbakken.dk> BTW I have non /opt/MailScanner/lib directory, but the MailScanner is installed normally, and nothing has been changed Erik. Julian Field wrote: > At 19:18 03/05/2004, you wrote: > >> Julian Field wrote: >> >>> Okay, this time with the attachment :-) >>> >>> Attached is a zip file containing: >>> vexira-wrapper >> >> > vexira-autoupdate >> >>> SweepViruses.pm >>> The SweepViruses.pm goes in /usr/lib/MailScanner/MailScanner over the >>> top >>> of the latest version of SweepViruses.pm. You will need to be running >>> 4.30.3 to use this new file. >>> >>> You will also need to add the following line to >>> /etc/MailScanner/virus.scanners.conf >>> >>> vexira /opt/MailScanner/lib/vexira-wrapper /usr/lib/Vexira >> >> >> I understand it as the SweepViruses.pm shal just be copied to overwrite >> the existent one. Am I right in that ? > > > Correct. > >> Shall there be made by manual a directory >> /opt/MailScanner/lib/vexira-wrapper ?. >> >> What does /usr/lib/Vexira contents. >> >> Where shall the vexira-autoupdate be placed ? > > > Both should be placed in /opt/MailScanner/lib. > >>> Once you have done that lot, you should be able to add >>> Virus Scanners = vexira >>> in your MailScanner.conf file. >>> >>> This takes MailScanner to 21 different virus scanning engines! There >>> can't >>> be many left... > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -- Med venlig hilsen - Best regards. Erik Jakobsen - eja@urbakken.dk. Licensed radioamateur with the callsign OZ4KK. SuSE Linux 9.0 Proff. Registered as user #319488 with the Linux Counter, http://counter.li.org. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From matt at FILEHOLDER.NET Tue May 4 06:23:12 2004 From: matt at FILEHOLDER.NET (Matt) Date: Thu Jan 12 21:25:00 2006 Subject: Dangerous Content Message-ID: <001301c43197$e55cbf60$6500a8c0@matthewmpqowmc> Since upgrading too MailScanner 4.30.3-1 from 4.27.7-1 I have some serious complaints about dangerous content. Mothers day email greetings not going through now. I ran the the conf update utility after upgrading. I noticed after the upgrade it turned filename and type filtering back on. So I turned it back off like so below. Filetype Rules =# %etc-dir%/filetype.rules.conf Filename Rules =# %etc-dir%/filename.rules.conf Still got complaints so I noticed this: # This can also be the filename of a ruleset. Allow Script Tags = no So I have now turned this off. I hope that fixes it. Anything else trigger dangerous content warnings? Thanks. Matt -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Tue May 4 06:29:45 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:00 2006 Subject: Dangerous Content In-Reply-To: <001301c43197$e55cbf60$6500a8c0@matthewmpqowmc> References: <001301c43197$e55cbf60$6500a8c0@matthewmpqowmc> Message-ID: <40972A49.9050309@eatathome.com.au> Change Allow Script Tags = no to Allow Script Tags = yes otherwise anything with a script tage will be stopped as dangerous content Matt wrote: >Since upgrading too MailScanner 4.30.3-1 from 4.27.7-1 I have some serious >complaints about dangerous content. Mothers day email greetings not going >through now. I ran the the conf update utility after upgrading. I noticed >after the upgrade it turned filename and type filtering back on. So I >turned it back off like so below. > >Filetype Rules =# %etc-dir%/filetype.rules.conf >Filename Rules =# %etc-dir%/filename.rules.conf > >Still got complaints so I noticed this: > ># This can also be the filename of a ruleset. >Allow Script Tags = no > >So I have now turned this off. I hope that fixes it. Anything else trigger >dangerous content warnings? > >Thanks. > >Matt > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Tue May 4 07:44:08 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:00 2006 Subject: problems with bitdefender Message-ID: On Monday, May 03, 2004 11:56 PM Pete wrote: > No output :( had asked Julian for a bit of help but he > concludes that something is not quite right with linux > compatability - i guess its because the enviornment variables > requires to run stuff in linux isnt the same as with BSD - is > this worth looking into further? Sure. If it is environment variables only then this is no problem. From looking at the ktrace I suspect something wrong with /proc though. We should contact bitdefender and ask them. > We actually have an etrust license - have you ever tried to > get this working under BSD? Tried: yes. Succeeded: No not yet... Regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Senior Engineer -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From P.G.M.Peters at utwente.nl Tue May 4 09:03:53 2004 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:25:00 2006 Subject: Mail header received from question In-Reply-To: <4096A642.5080708@ucgbook.com> References: <20040503193434.JCLK10950.tomts19-srv.bellnexxia.net@ronniepc> <4096A642.5080708@ucgbook.com> Message-ID: On Mon, 3 May 2004 22:06:26 +0200, you wrote: >Ronnie Regev wrote: >> Received: from filter.daslweb.ca (filter.daslweb.ca.224.39.65.in-addr.arpa >> [65.39.224.201] (may be forged)) > > From Sendmail FAQ: > >--> >Q3.38 -- What does "may be forged" mean? >Date: November 12, 2001 > >After sendmail does a hostname look-up on the IP address of the >connecting client, the IP addresses of that hostname are looked up. If >the client IP address does not appear in that list, then the may be >forged tag is added. ><-- When you look at the reverse address filter(...)arpa it looks like in the zone-file for 224.39.65.in-addr.arpa there is a PTR record wrong. Probably a dot is missing: 201 IN PTR filter.daslweb.ca instead of 201 IN PTR filter.daslweb.ca. Ask your nameserver administrator to check it's files. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue May 4 09:06:35 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's In-Reply-To: <011701c43164$d9e2da30$0d01a8c0@DAVID> References: <011701c43164$d9e2da30$0d01a8c0@DAVID> Message-ID: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> At 00:17 04/05/2004, you wrote: >Hi Julian, > >It would appear that read reciepts are still being signed, abeit a lot >more gracefully, and PDF's are still being corrupted in the 4.30.3-1 >version of MailScanner. It should now only be signing text/html and text/plain message parts. Can you check the MIME headers in a message that has been corrupted? If the PDF has been put in a text/plain, then there ain't much I can do :-( >I'm not sure if anyone else is noticing this, but it's definately >happening on at least one of our boxes, all of which were upgraded to >4.30.3-1 over the weekend. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From admin at WEBGUSTO.COM Tue May 4 09:54:26 2004 From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto) Date: Thu Jan 12 21:25:00 2006 Subject: Html forms In-Reply-To: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> Message-ID: It looks like a fair number of legit messages have HTML forms in them. Any suggestions about whether to block these across the board, allow them, or make rules? Forgive my ignorance, but if we create a rule allowing html forms in messages from xyz.com, how does MailScanner determine the actual sender is xyz.com? Thanks -- Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From xcelent at WOL.NET.PK Tue May 4 10:50:33 2004 From: xcelent at WOL.NET.PK (xcelent) Date: Thu Jan 12 21:25:00 2006 Subject: strange error In-Reply-To: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> References: <011701c43164$d9e2da30$0d01a8c0@DAVID> <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> Message-ID: <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> Hi, Im getting a strange error when starting Mailscanner. /usr/sbin/check_Mailscanner: line 56: 31931 segmentation fault $Process $config and entries in /usr/sbin/check_Mailscanner are as below process=MailScanner bindir=/usr/sbin libdir=/usr/lib/MailScanner config=/etc/MailScanner/MailScanner.conf pid=`/bin/ps axww | /bin/grep '[ ]'$bindir/$process | /bin/awk '{ print $1 }'` if [ "$pid" = "" ]; then # Quietly try to set the open_files limit ulimit -n 2000 >/dev/null 2>&1 # Restart it PATH=${bindir}:$PATH echo Starting MailScanner... cd $libdir $process $config else echo MailScanner running with pid $pid fi I never made any changes to this file. any help ??????? Thanks xcel -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From P.G.M.Peters at utwente.nl Tue May 4 11:12:13 2004 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:25:00 2006 Subject: Html forms In-Reply-To: References: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> Message-ID: On Tue, 4 May 2004 03:54:26 -0500, you wrote: >It looks like a fair number of legit messages have HTML forms in them. > >Any suggestions about whether to block these across the board, allow them, >or make rules? We have decided to disarm all those nasty html-tags. Most users don't use the forms in those messages. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue May 4 11:11:29 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:00 2006 Subject: Html forms In-Reply-To: Message-ID: <200405041006.i44A6RWT030531@monitor.blacknight.ie> Bill You might want to simply use "disarm" rather than blocking them. This way the mail will get through and users won't be upset. If you want to allow on a domain basis you would need to create a ruleset for it, which might be a pain to administer if you handle a lot of domains. HTH Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Sholar - WebGusto Sent: 04 May 2004 09:54 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Html forms It looks like a fair number of legit messages have HTML forms in them. Any suggestions about whether to block these across the board, allow them, or make rules? Forgive my ignorance, but if we create a rule allowing html forms in messages from xyz.com, how does MailScanner determine the actual sender is xyz.com? Thanks -- Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Tue May 4 11:28:27 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's In-Reply-To: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> Message-ID: <200405041028.i44ASEs09560@mx1.mailsecurity.net.au> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Tuesday, 4 May 2004 6:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Read Reciept Signing & PDF's > > At 00:17 04/05/2004, you wrote: > >Hi Julian, > > > >It would appear that read reciepts are still being signed, abeit a lot > >more gracefully, and PDF's are still being corrupted in the 4.30.3-1 > >version of MailScanner. > > It should now only be signing text/html and text/plain message parts. Can > you check the MIME headers in a message that has been corrupted? If the > PDF > has been put in a text/plain, then there ain't much I can do :-( > Hi Julian, Full message source at http://www.platformhosting.com/pdf/corrupted.txt Regards, David Hooton Senior Partner Platform Networks www.platformnetworks.net ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue May 4 11:37:39 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's In-Reply-To: <200405041028.i44ASEs09560@mx1.mailsecurity.net.au> References: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041028.i44ASEs09560@mx1.mailsecurity.net.au> Message-ID: <6.0.1.1.2.20040504113632.04250118@imap.ecs.soton.ac.uk> At 11:28 04/05/2004, you wrote: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Julian Field > > Sent: Tuesday, 4 May 2004 6:07 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Read Reciept Signing & PDF's > > > > At 00:17 04/05/2004, you wrote: > > >Hi Julian, > > > > > >It would appear that read reciepts are still being signed, abeit a lot > > >more gracefully, and PDF's are still being corrupted in the 4.30.3-1 > > >version of MailScanner. > > > > It should now only be signing text/html and text/plain message parts. Can > > you check the MIME headers in a message that has been corrupted? If the > > PDF > > has been put in a text/plain, then there ain't much I can do :-( > > > >Hi Julian, > >Full message source at http://www.platformhosting.com/pdf/corrupted.txt But having taken a look at that message, the PDF attachment has not been signed at all. Only the original text and HTML inline bodies were signed, the PDF file wasn't. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Tue May 4 11:51:28 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D01@pascal.priv.bmrb.co.uk> >>> Full message source at >http://www.platformhosting.com/pdf/corrupted.txt >But having taken a look at that message, the PDF attachment has not been >signed at all. Only the original text and HTML inline bodies were >signed, the PDF file wasn't. It is however encoded as quoted printable, I vaguely remember someone mentioning that as a problem before... BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Tue May 4 11:57:25 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's In-Reply-To: <6.0.1.1.2.20040504113632.04250118@imap.ecs.soton.ac.uk> Message-ID: <200405041057.i44AvCs16917@mx1.mailsecurity.net.au> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Tuesday, 4 May 2004 8:38 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Read Reciept Signing & PDF's > > At 11:28 04/05/2004, you wrote: > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Julian Field > > > Sent: Tuesday, 4 May 2004 6:07 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Read Reciept Signing & PDF's > > > > > > At 00:17 04/05/2004, you wrote: > > > >Hi Julian, > > > > > > > >It would appear that read reciepts are still being signed, abeit a > lot > > > >more gracefully, and PDF's are still being corrupted in the 4.30.3-1 > > > >version of MailScanner. > > > > > > It should now only be signing text/html and text/plain message parts. > Can > > > you check the MIME headers in a message that has been corrupted? If > the > > > PDF > > > has been put in a text/plain, then there ain't much I can do :-( > > > > > > >Hi Julian, > > > >Full message source at http://www.platformhosting.com/pdf/corrupted.txt > > But having taken a look at that message, the PDF attachment has not been > signed at all. Only the original text and HTML inline bodies were signed, > the PDF file wasn't. Correct, The PDFs work fine prior to being handed to MailScanner however. This is a replicable problem I've uploaded a PDF for you at http://www.platformhosting.com/pdf/pdf.pdf The issue happens when sending from Outlook 2003, not with Mozilla. The PDF is encoded using Acrobat 6. I personally couldn't see a signing issue either :( Regards, David Hooton Senior Partner Platform Networks www.platformnetworks.net ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pmb1 at YORK.AC.UK Tue May 4 11:55:36 2004 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:25:00 2006 Subject: [URGENT] How to intercept a copy of virus-infected message? In-Reply-To: <40921E11.4020704@solid-state-logic.com> References: <40921E11.4020704@solid-state-logic.com> Message-ID: Greetings - Many thanks to those who offered advice about intercepting the possibly-unknown virus I was after. I knew of the existence of MailScanner's quarantining but had hoped it might be possible to only trap messages failing filename-based rules instead of also trapping those positively identified as viruses by Sophos. I'd hoped it might be possible to do this selective quarantining using rulesets somehow but couldn't see how: hence my question. In the end I used regular quarantining and spent most of the day trying to keep up with the influx of quarantined material. Unfortunately I only had one other 'strange' message come in that triggered the filename-based rules, which turned out to be one from a mailing list that had carefully removed the virus-infective payload and replaced it with boilerplate text ... unfortunately it had left the attachment's associated filename unchanged and so Sophos said the message was clean but its ".exe" named attachment triggered the filename-based rules. I suspect that was also the cause of the outbreak earlier in the day. Many thanks again, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue May 4 12:00:52 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's In-Reply-To: <6.0.1.1.2.20040504113632.04250118@imap.ecs.soton.ac.uk> References: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041028.i44ASEs09560@mx1.mailsecurity.net.au> <6.0.1.1.2.20040504113632.04250118@imap.ecs.soton.ac.uk> Message-ID: <6.0.1.1.2.20040504115236.04039f70@imap.ecs.soton.ac.uk> At 11:37 04/05/2004, you wrote: >At 11:28 04/05/2004, you wrote: >> > -----Original Message----- >> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> > Behalf Of Julian Field >> > Sent: Tuesday, 4 May 2004 6:07 PM >> > To: MAILSCANNER@JISCMAIL.AC.UK >> > Subject: Re: Read Reciept Signing & PDF's >> > >> > At 00:17 04/05/2004, you wrote: >> > >Hi Julian, >> > > >> > >It would appear that read reciepts are still being signed, abeit a lot >> > >more gracefully, and PDF's are still being corrupted in the 4.30.3-1 >> > >version of MailScanner. >> > >> > It should now only be signing text/html and text/plain message parts. Can >> > you check the MIME headers in a message that has been corrupted? If the >> > PDF >> > has been put in a text/plain, then there ain't much I can do :-( >> > >> >>Hi Julian, >> >>Full message source at http://www.platformhosting.com/pdf/corrupted.txt > >But having taken a look at that message, the PDF attachment has not been >signed at all. Only the original text and HTML inline bodies were signed, >the PDF file wasn't. Have you got the original message from before it went into MailScanner? Or can you re-create the problem? I think it's an end-of-line sequence problem. Fundamentally Outlook shouldn't have sent the file as quoted-printable in the first place. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue May 4 12:20:53 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's In-Reply-To: <6.0.1.1.2.20040504115236.04039f70@imap.ecs.soton.ac.uk> References: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041028.i44ASEs09560@mx1.mailsecurity.net.au> <6.0.1.1.2.20040504113632.04250118@imap.ecs.soton.ac.uk> <6.0.1.1.2.20040504115236.04039f70@imap.ecs.soton.ac.uk> Message-ID: <6.0.1.1.2.20040504121408.03c24718@imap.ecs.soton.ac.uk> At 12:00 04/05/2004, you wrote: >At 11:37 04/05/2004, you wrote: >>At 11:28 04/05/2004, you wrote: >>> > -----Original Message----- >>> > At 00:17 04/05/2004, you wrote: >>> > >It would appear that read reciepts are still being signed, abeit a lot >>> > >more gracefully, and PDF's are still being corrupted in the 4.30.3-1 >>> > >version of MailScanner. >>> > >>> > It should now only be signing text/html and text/plain message parts. Can >>> > you check the MIME headers in a message that has been corrupted? If the >>> > PDF >>> > has been put in a text/plain, then there ain't much I can do :-( >>> >>>Full message source at http://www.platformhosting.com/pdf/corrupted.txt >> >>But having taken a look at that message, the PDF attachment has not been >>signed at all. Only the original text and HTML inline bodies were signed, >>the PDF file wasn't. > >Have you got the original message from before it went into MailScanner? Or >can you re-create the problem? I think it's an end-of-line sequence >problem. Fundamentally Outlook shouldn't have sent the file as >quoted-printable in the first place. The plot thickens. Outlook actually changes the file on its way out. It sends it as quoted-printable, but changes the end-of-line sequence in 1 or 2 places. Most notable is after the first bit of binary header right at the top of the file. In the original PDF file, there are a string of binary characters ending in \r\n. The quoted-printable file output by Outlook drops the \r leaving only \n. If you take this file from Outlook and load it into Acrobat, it notes that the file is damaged but is fixing it for you. This is assuming that my understanding of quoted-printable is roughly right. :-( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Tue May 4 12:28:21 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:25:00 2006 Subject: Read Reciept Signing & PDF's In-Reply-To: <6.0.1.1.2.20040504115236.04039f70@imap.ecs.soton.ac.uk> Message-ID: <200405041128.i44BS8s26431@mx1.mailsecurity.net.au> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Tuesday, 4 May 2004 9:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Read Reciept Signing & PDF's > > Have you got the original message from before it went into MailScanner? Yes, the message in "Sent Items" opens fine. > can you re-create the problem? Yes, every time. Send an Acrobat 6 encoded PDF using Outlaw 2003. > I think it's an end-of-line sequence > problem. Fundamentally Outlook shouldn't have sent the file as > quoted-printable in the first place. I'm certainly not arguing with you on that :) We have about 3 customers who seem to have this combination of software, all of them have the same issue, I've only just managed to find a copy of Acrobat 6 to replicate it with. Regards, Dave ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From xcelent at WOL.NET.PK Tue May 4 12:34:04 2004 From: xcelent at WOL.NET.PK (xcelent) Date: Thu Jan 12 21:25:00 2006 Subject: strange error In-Reply-To: <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> References: <011701c43164$d9e2da30$0d01a8c0@DAVID> <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> Message-ID: <200405041634040961.014528B5@smtp.khi.wol.net.pk> no help so far, we are in real hurry ... ***********xcelent's mail *********** On 5/4/2004 at 2:50 PM xcelent wrote: Hi, Im getting a strange error when starting Mailscanner. /usr/sbin/check_Mailscanner: line 56: 31931 segmentation fault $Process $config and entries in /usr/sbin/check_Mailscanner are as below process=MailScanner bindir=/usr/sbin libdir=/usr/lib/MailScanner config=/etc/MailScanner/MailScanner.conf pid=`/bin/ps axww | /bin/grep '[ ]'$bindir/$process | /bin/awk '{ print $1 }'` if [ "$pid" = "" ]; then # Quietly try to set the open_files limit ulimit -n 2000 >/dev/null 2>&1 # Restart it PATH=${bindir}:$PATH echo Starting MailScanner... cd $libdir $process $config else echo MailScanner running with pid $pid fi I never made any changes to this file. any help ??????? Thanks xcel -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html ***********End of xcelent's mail *********** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Tue May 4 12:55:46 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:25:00 2006 Subject: strange error In-Reply-To: <200405041634040961.014528B5@smtp.khi.wol.net.pk> Message-ID: <200405041155.i44BtXs00789@mx1.mailsecurity.net.au> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of xcelent > Sent: Tuesday, 4 May 2004 9:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: strange error > > no help so far, we are in real hurry ... Possibly better ways of asking for help from non paid support people have existed... However: - What operating system are you running? - What perl version are you running? - What MailScanner version are you running? - What have you tried so far to rectify the issue? - What were the results of those attempts? Feed us some more information and we'll do our best to help you. Believe it or not, most of those who have read your message in the 1 1/2 hours since you sent it probably don't know what the problem is with the limited information you've provided. Cheers! Dave ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue May 4 12:51:35 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:00 2006 Subject: OT Re: tao Linux In-Reply-To: <200405040104.i44146WT001562@monitor.blacknight.ie> References: <4096CE02.5030104@ucgbook.com> <200405040104.i44146WT001562@monitor.blacknight.ie> Message-ID: Michele Neylon :: Blacknight Solutions wrote: > Peter > > Apologies if it seemed completely OT, but there was a very valid reason for > bringing this up. > As you know RH are no longer supporting RH9 and so the choice is to either > switch distros entirely, move to RHE or look at alternatives. Ther is another very good option. The Fedora Legacy Project is taking over the responsibility of updates for old RH versions, for about 1.5 years after EOL. http://fedoralegacy.org/ They're upgrading their servers right now, so they don't offer RH9 updates yet, but they will soon(according to a page that I can't find anymore...). There is also progeny, who offers similar support, but is is not free. There might be some updates at Fedora Extras as well www.fedora.us > A lot of people on this list use RH or a derivative thereof, which is why I > asked here. > Sorry if this bothered you :) > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From admin at WEBGUSTO.COM Tue May 4 13:03:12 2004 From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto) Date: Thu Jan 12 21:25:00 2006 Subject: Html forms In-Reply-To: <200405041006.i44A6RWT030531@monitor.blacknight.ie> Message-ID: Thanks -- I tried it and found that it hangs my version of MailScanner from late last year. Time to update... Bill -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Tuesday, May 04, 2004 5:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Html forms Bill You might want to simply use "disarm" rather than blocking them. This way the mail will get through and users won't be upset. If you want to allow on a domain basis you would need to create a ruleset for it, which might be a pain to administer if you handle a lot of domains. HTH Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Sholar - WebGusto Sent: 04 May 2004 09:54 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Html forms It looks like a fair number of legit messages have HTML forms in them. Any suggestions about whether to block these across the board, allow them, or make rules? Forgive my ignorance, but if we create a rule allowing html forms in messages from xyz.com, how does MailScanner determine the actual sender is xyz.com? Thanks -- Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ryan at MARINOCRANE.COM Tue May 4 13:19:46 2004 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:25:00 2006 Subject: Spam Actions Question In-Reply-To: References: <40969F94.80008@marinocrane.com> Message-ID: <40978A62.9070301@marinocrane.com> I have tried setting the "High Scoring Spam Action" option to "forward bob@bob.com" as noted below, although the spam still gets delivered to the orginal addressee. (It also gets forwarded to the address listed) Can anyone else test this and see if they have the same issue. Thanks Ryan Pitt Ugo Bellavance wrote: > Ryan Pitt wrote: > >> Currently, I have MailScanner set up to *delete* high scoring spam. >> I would like to have the option to forward those high scoring messages >> to a different machine for testing purposes. >> I have tried the *forward* option (Shown Below), which does work, >> although it also delivers the messages to the originally intended users. >> *High Scoring Spam Actions = delete forward bob@bob.com* > > > try: > High Scoring Spam Actions = forward bob@bob.com > > What probably happens in your case is that the message is deleted before > it is forwarded. > >> I would like to forward these messages to another machine, but also have >> them NOT delievered (deleted) to the original addressees! >> >> Any ideas? >> >> Than you >> Ryan Pitt >> > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clive at SERENDIPITA.COM Tue May 4 13:11:55 2004 From: clive at SERENDIPITA.COM (Clive Eisen) Date: Thu Jan 12 21:25:00 2006 Subject: strange error In-Reply-To: <200405041634040961.014528B5@smtp.khi.wol.net.pk> References: <011701c43164$d9e2da30$0d01a8c0@DAVID> <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> <200405041634040961.014528B5@smtp.khi.wol.net.pk> Message-ID: <4097888B.3080808@serendipita.com> Two things I don't have a check_Mailscanner I have a check_mailscanner The file you sent doesn't have 56 lines - I don't think that's the whole file or it's not the check_[Mm]ailscanner that you are actually running. xcelent wrote: >no help so far, we are in real hurry ... > >***********xcelent's mail *********** > >On 5/4/2004 at 2:50 PM xcelent wrote: > >Hi, > >Im getting a strange error when starting Mailscanner. > >/usr/sbin/check_Mailscanner: line 56: 31931 segmentation fault $Process >$config > >and entries in /usr/sbin/check_Mailscanner are as below > >process=MailScanner >bindir=/usr/sbin >libdir=/usr/lib/MailScanner >config=/etc/MailScanner/MailScanner.conf > >pid=`/bin/ps axww | > /bin/grep '[ ]'$bindir/$process | > /bin/awk '{ print $1 }'` >if [ "$pid" = "" ]; then > # Quietly try to set the open_files limit > ulimit -n 2000 >/dev/null 2>&1 > # Restart it > PATH=${bindir}:$PATH > echo Starting MailScanner... > cd $libdir > $process $config >else > echo MailScanner running with pid $pid >fi > > > > >I never made any changes to this file. >any help ??????? > >Thanks > >xcel > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >***********End of xcelent's mail *********** > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Tue May 4 13:41:10 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:25:00 2006 Subject: MailScanner question and add-ons References: <5.2.1.1.0.20040503154721.02c5bb80@pop.courtesymortgage.com> Message-ID: <00b201c431d5$159507e0$7601a8c0@cnpapers.net> I use the MailWatch mailing list. It is a very responsive, well maintained list. I highly recommend it. The replies are usually right on the money. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Jason Williams" To: Sent: Monday, May 03, 2004 6:49 PM Subject: MailScanner question and add-ons > Not sure if this is politically correct to ask this here, but I know a lot > of people use Mailwatch here. I was curious if those people use the > mailwatch mailing list to answer and ask questions? > > Everything has gone well in my setup of the Mailwatch and Mailscanner and > now im just tweaking things a bit and making them right. > > Just wanted to know where the best place is to get mailwatch info. > > I apologize if this is inappropriate. > > >Will you ever go live? ;-) No one prepped as much as you. That's a good > >thing of course. :-) > > >-- > >/Peter Bonivart > > Hopefully. :) Management keeps finding things they want and they change > their mind. They saw mailwatch and were awed by the eye-candy...so I spent > the weekend getting it up and ready for tonight. :) > > Cheers, > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From xcelent at WOL.NET.PK Tue May 4 13:40:01 2004 From: xcelent at WOL.NET.PK (xcelent) Date: Thu Jan 12 21:25:00 2006 Subject: strange error In-Reply-To: <4097888B.3080808@serendipita.com> References: <011701c43164$d9e2da30$0d01a8c0@DAVID> <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> <200405041634040961.014528B5@smtp.khi.wol.net.pk> <4097888B.3080808@serendipita.com> Message-ID: <200405041740010290.0181871E@smtp.khi.wol.net.pk> we are using Linux 7.3, MailScanner 4.11, Perl 5.6.0 when i run command MailScanner it says "segmentation fault. xcel ***********Clive Eisen's mail *********** On 5/4/2004 at 1:11 PM Clive Eisen wrote: Two things I don't have a check_Mailscanner I have a check_mailscanner The file you sent doesn't have 56 lines - I don't think that's the whole file or it's not the check_[Mm]ailscanner that you are actually running. xcelent wrote: >no help so far, we are in real hurry ... > >***********xcelent's mail *********** > >On 5/4/2004 at 2:50 PM xcelent wrote: > >Hi, > >Im getting a strange error when starting Mailscanner. > >/usr/sbin/check_Mailscanner: line 56: 31931 segmentation fault $Process >$config > >and entries in /usr/sbin/check_Mailscanner are as below > >process=MailScanner >bindir=/usr/sbin >libdir=/usr/lib/MailScanner >config=/etc/MailScanner/MailScanner.conf > >pid=`/bin/ps axww | > /bin/grep '[ ]'$bindir/$process | > /bin/awk '{ print $1 }'` >if [ "$pid" = "" ]; then > # Quietly try to set the open_files limit > ulimit -n 2000 >/dev/null 2>&1 > # Restart it > PATH=${bindir}:$PATH > echo Starting MailScanner... > cd $libdir > $process $config >else > echo MailScanner running with pid $pid >fi > > > > >I never made any changes to this file. >any help ??????? > >Thanks > >xcel > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >***********End of xcelent's mail *********** > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html ***********End of Clive Eisen's mail *********** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gebhard at EPOST.DE Tue May 4 11:01:33 2004 From: gebhard at EPOST.DE (Holger Gebhard) Date: Thu Jan 12 21:25:00 2006 Subject: Problem with Rulefiles Message-ID: Nobody knows where is the Problem???? On Fri, 30 Apr 2004 10:39:57 +0100, Holger Gebhard wrote: >Hi Julian, hi Group... > >I have a Problem with some Rulefiles. >In Example with a Ruleset for "Allow Password-Protected Archives": > >I tried to add some rules: > >To: user@domain.com yes >To: @domain.com no >FromOrTo: default no > >When a Email is send to user123@domain.com the Attachment is blocked. > >Thats Ok... > >But when I send a Mail to user@domain.com the Attachment is also blocked. >Why? > >I tested some other Rulesets like "Warning Is Attachment", or "Inline HTML >Warning". The same Problem... > >Other Rulesets, like Filenamerules for Example, still working with the this >Configuration. > > > >Thanks for Help > >Holger > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From tal at MUSICGENOME.COM Tue May 4 14:16:12 2004 From: tal at MUSICGENOME.COM (Tal Kelrich) Date: Thu Jan 12 21:25:00 2006 Subject: strange error In-Reply-To: <200405041634040961.014528B5@smtp.khi.wol.net.pk> References: <011701c43164$d9e2da30$0d01a8c0@DAVID> <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> <200405041634040961.014528B5@smtp.khi.wol.net.pk> Message-ID: <20040504161612.1a576f95@johnny5> On Tue, 4 May 2004 16:34:04 +0500 xcelent wrote: > Hi, > > Im getting a strange error when starting Mailscanner. > > /usr/sbin/check_Mailscanner: line 56: 31931 segmentation fault > $Process $config Do you have Spamassasin installed/enabled? -- Tal Kelrich PGP fingerprint: 3EDF FCC5 60BB 4729 AB2F CAE6 FEC1 9AAC 12B9 AA69 Key Available at: http://www.hasturkun.com/pub.txt ---- Delta: The kids will love our inflatable slides. -- David Letterman ---- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040504/c5d0087d/attachment.bin From john.clancy at BUSINESSANDFINANCE.IE Tue May 4 14:10:02 2004 From: john.clancy at BUSINESSANDFINANCE.IE (John Clancy) Date: Thu Jan 12 21:25:00 2006 Subject: [work] Re: strange error References: <011701c43164$d9e2da30$0d01a8c0@DAVID> <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> <200405041634040961.014528B5@smtp.khi.wol.net.pk> <4097888B.3080808@serendipita.com> <200405041740010290.0181871E@smtp.khi.wol.net.pk> Message-ID: <026201c431d9$1c40f5a0$666078c1@businessandfinance.ie> ----- Original Message ----- From: "xcelent" To: Sent: 04 May 2004 13:40 Subject: [work] Re: strange error > we are using Linux 7.3, MailScanner 4.11, Perl 5.6.0 > > when i run command MailScanner it says "segmentation fault. > > > xcel > Hi xcel, I assume you mean RedHat Linux 7.3 and MailScanner 4.11 with Perl 5.6.0. If so you should update your MailScanner installation as it is now up to MailScanner 4.30 with many tweaks and fixes along the way :-) In addition you should make sure to use the script/tool Julian provides (thank you Julian !!!). It will be in /usr/sbin/upgrade_MailScanner_conf if you are using the RPM install. This tool vastly simplifies the job of merging your old MailScanner.conf settings with the new settings in the version of the MailScanner.conf file in the rpm. JC -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From xcelent at WOL.NET.PK Tue May 4 14:10:59 2004 From: xcelent at WOL.NET.PK (xcelent) Date: Thu Jan 12 21:25:00 2006 Subject: strange error In-Reply-To: <20040504161612.1a576f95@johnny5> References: <011701c43164$d9e2da30$0d01a8c0@DAVID> <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> <200405041450330149.00E65FD1@smtp.khi.wol.net.pk> <200405041634040961.014528B5@smtp.khi.wol.net.pk> <20040504161612.1a576f95@johnny5> Message-ID: <200405041810590242.019DE0BE@smtp.khi.wol.net.pk> no I dont have spamassasin installed ***********Tal Kelrich's mail *********** On 5/4/2004 at 4:16 PM Tal Kelrich wrote: On Tue, 4 May 2004 16:34:04 +0500 xcelent wrote: > Hi, > > Im getting a strange error when starting Mailscanner. > > /usr/sbin/check_Mailscanner: line 56: 31931 segmentation fault > $Process $config Do you have Spamassasin installed/enabled? -- Tal Kelrich PGP fingerprint: 3EDF FCC5 60BB 4729 AB2F CAE6 FEC1 9AAC 12B9 AA69 Key Available at: http://www.hasturkun.com/pub.txt ---- Delta: The kids will love our inflatable slides. -- David Letterman ---- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAl5ed/sGarBK5qmkRArTOAJ47uhJftOKnzediW2niuej3mSI0awCgmFq8 cf5QUZd92g1KHQDQ0VZ0J9g= =0rQd -----END PGP SIGNATURE----- ***********End of Tal Kelrich's mail *********** -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Tue May 4 14:11:37 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:00 2006 Subject: OT Re: tao Linux In-Reply-To: Message-ID: <200405041306.i44D6YWT022106@monitor.blacknight.ie> Still way OT, but worth the read: http://www.redhat.com/archives/fedora-devel-list/2004-May/msg00104.html Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: 04 May 2004 12:52 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] OT Re: tao Linux Michele Neylon :: Blacknight Solutions wrote: > Peter > > Apologies if it seemed completely OT, but there was a very valid reason for > bringing this up. > As you know RH are no longer supporting RH9 and so the choice is to either > switch distros entirely, move to RHE or look at alternatives. Ther is another very good option. The Fedora Legacy Project is taking over the responsibility of updates for old RH versions, for about 1.5 years after EOL. http://fedoralegacy.org/ They're upgrading their servers right now, so they don't offer RH9 updates yet, but they will soon(according to a page that I can't find anymore...). There is also progeny, who offers similar support, but is is not free. There might be some updates at Fedora Extras as well www.fedora.us > A lot of people on this list use RH or a derivative thereof, which is why I > asked here. > Sorry if this bothered you :) > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > http://www.blacknight.ie/ > Tel. +353 59 9137101 > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Tue May 4 14:38:30 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:25:00 2006 Subject: Blocking from my own forged domain Message-ID: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> I was hoping that the spam.assassin.prefs.conf whitelist/blacklist config options would provide an answer, but answers from the list showed me I still have a problem. I am getting email to users at our domains with forged From: addresses. These From: addresses are valid email addresses. Since I have our domains whitelisted, they pass right on through. The maillog of one looks like this: May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: from=, size=983, class=0, nrcpts=1, msgid=, proto= SMTP, daemon=Daemon0, relay=mailgw2.cnpapers.net [216.30.205.19] May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: to= , delay=00:00:00, mailer=virtual, pri=30983, stat=queued May 3 18:47:56 kanawha MailScanner[443]: Message i43MluL16091 from 216.30.205.19 (userfrom@wvgazette.com) is whitelisted May 3 18:48:03 kanawha sendmail[16121]: i43MluL16091: to= , delay=00:00:07, xdelay=00:00:00, mailer=virtual, pri=120983, relay=wvgazette.com , dsn=2.0.0, stat=Sent The headers look like: Return-Path: Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19]) by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091 for ; Mon, 3 May 2004 18:47:56 -0400 Received: from Default.org ([24.196.186.68]) by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id M2004050318500904054 for ; Mon, 03 May 2004 18:50:12 -0400 Date: Mon, 03 May 2004 18:56:21 -0500 To: "Katelong" From: "Flipside" Subject: Protected message Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------tczhvztzqbrmhhiumsom" The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for now). It is our MX for the domain and forwards to the MS/Sendmail box. I have wvgazette.com whitelisted. Obviously, moving the mailgw2 machine inside a firewall would allow me to block IP 24.196.186.68, but until I do, which could take some time, is there anything obvious to anyone that would allow me to block any of the above message types? "userto" and "userfrom" are real addresses. Blocking the IP address, if it is forged, though, would not solve the problem at a firewall. They could just change the IP and beat us up all over again. I'm thinking whitelisting IP addresses instead of domain names, but does this need to be set up in the CustomFunctions or can I just add this into my spam.whitelist.rules, and would this work as below? From: 111.222.333.444 yes Any solid solutions or ideas would be appreciated, as well as any failings of this idea of IP blocking being brought forth and pointed out to me Steve Campbell campbell@cnpapers.com Charleston Newspapers -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From david at PLATFORMHOSTING.COM Tue May 4 14:47:26 2004 From: david at PLATFORMHOSTING.COM (David Hooton) Date: Thu Jan 12 21:25:00 2006 Subject: Blocking from my own forged domain In-Reply-To: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> Message-ID: <200405041347.i44DlFs01251@mx1.mailsecurity.net.au> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephe Campbell > Sent: Tuesday, 4 May 2004 11:39 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Blocking from my own forged domain > > I was hoping that the spam.assassin.prefs.conf whitelist/blacklist config > options would provide an answer, but answers from the list showed me I > still > have a problem. > > I am getting email to users at our domains with forged From: addresses. > These From: addresses are valid email addresses. Since I have our domains > whitelisted, they pass right on through. The maillog of one looks like > this: > > May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: > from= m>, size=983, class=0, nrcpts=1, > msgid=, > proto= > SMTP, daemon=Daemon0, relay=mailgw2.cnpapers.net [216.30.205.19] > May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: > to= > , delay=00:00:00, mailer=virtual, pri=30983, stat=queued > May 3 18:47:56 kanawha MailScanner[443]: Message i43MluL16091 from > 216.30.205.19 > (userfrom@wvgazette.com) is whitelisted > May 3 18:48:03 kanawha sendmail[16121]: i43MluL16091: > to= > , delay=00:00:07, xdelay=00:00:00, mailer=virtual, pri=120983, > relay=wvgazette.com > , dsn=2.0.0, stat=Sent > > The headers look like: > > Return-Path: > Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19]) > by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091 > for ; Mon, 3 May 2004 18:47:56 -0400 > Received: from Default.org ([24.196.186.68]) > by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id > M2004050318500904054 > for ; Mon, 03 May 2004 18:50:12 -0400 > Date: Mon, 03 May 2004 18:56:21 -0500 > To: "Katelong" > From: "Flipside" > Subject: Protected message > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------tczhvztzqbrmhhiumsom" > > The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for > now). It is our MX for the domain and forwards to the MS/Sendmail box. I > have wvgazette.com whitelisted. Obviously, moving the mailgw2 machine > inside > a firewall would allow me to block IP 24.196.186.68, but until I do, which > could take some time, is there anything obvious to anyone that would allow > me to block any of the above message types? "userto" and "userfrom" are > real > addresses. > > Blocking the IP address, if it is forged, though, would not solve the > problem at a firewall. They could just change the IP and beat us up all > over > again. I'm thinking whitelisting IP addresses instead of domain names, but > does this need to be set up in the CustomFunctions or can I just add this > into my spam.whitelist.rules, and would this work as below? > > From: 111.222.333.444 yes > > Any solid solutions or ideas would be appreciated, as well as any failings > of this idea of IP blocking being brought forth and pointed out to me How about a spamassassin rule? Are there any commonalities between all the message bodies, headers & subjects? You could create a meta rule that if more than X number of meta rules are hit, a high score is added to the message. We have had a few similar issues with joe jobbed customers, however it took a very large sample of messages for us to develop a good ruleset. Cheers, Dave ======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ======================================================================== -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dwinkler at ALGORITHMICS.COM Tue May 4 14:45:44 2004 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:25:00 2006 Subject: Problem with Rulefiles Message-ID: <20CEA27AF49D7F4691F02E7ADC5D4ECD01171B92@tormail2.algorithmics.com> How about including some log entries for the test messages and the relevant config options? We're not miracle workers. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Holger Gebhard > Sent: Tuesday, May 04, 2004 6:02 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with Rulefiles > > > Nobody knows where is the Problem???? > > > On Fri, 30 Apr 2004 10:39:57 +0100, Holger Gebhard > wrote: > > >Hi Julian, hi Group... > > > >I have a Problem with some Rulefiles. > >In Example with a Ruleset for "Allow Password-Protected Archives": > > > >I tried to add some rules: > > > >To: user@domain.com yes > >To: @domain.com no > >FromOrTo: default no > > > >When a Email is send to user123@domain.com the Attachment is blocked. > > > >Thats Ok... > > > >But when I send a Mail to user@domain.com the Attachment is > also blocked. > >Why? > > > >I tested some other Rulesets like "Warning Is Attachment", > or "Inline HTML > >Warning". The same Problem... > > > >Other Rulesets, like Filenamerules for Example, still > working with the > this > >Configuration. > > > > > > > >Thanks for Help > > > >Holger > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Tue May 4 14:51:45 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:00 2006 Subject: Problem with Rulefiles In-Reply-To: References: Message-ID: <1083678705.3309.24.camel@bach.kevinspicer.co.uk> On Tue, 2004-05-04 at 11:01, Holger Gebhard wrote: > >I tried to add some rules: > > > >To: user@domain.com yes > >To: @domain.com no > >FromOrTo: default no Have you tried *@domain.com instead of @domain.com ? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rcooper at DWFORD.COM Tue May 4 15:16:30 2004 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:25:01 2006 Subject: Blocking from my own forged domain In-Reply-To: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> Message-ID: If I am getting this right userfrom@wvgazette.com is a valid user@domain handled by mailgw2.cnpapers.net for kanawha.cnpapers.net which are your mail servers? Wouldn't it be prudent to block this at the mail server rather than allow it in the first place? I assume sendmail (I use exim) has the facility to compare sender hosts address to some kind of list of local address to make sure they are valid within your address space(s). I would also recommend require authenticated sending from within your domain(s) only, that would pretty much stop this as well. I basically allow authenticated senders (verify recipient) and then deny local sender domains not from local (our address space(s)) host addresses. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Stephe Campbell > Sent: Tuesday, May 04, 2004 8:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Blocking from my own forged domain > > > I was hoping that the spam.assassin.prefs.conf whitelist/blacklist config > options would provide an answer, but answers from the list showed > me I still > have a problem. > > I am getting email to users at our domains with forged From: addresses. > These From: addresses are valid email addresses. Since I have our domains > whitelisted, they pass right on through. The maillog of one looks > like this: > > May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: > from= m>, size=983, class=0, nrcpts=1, > msgid=, > proto= > SMTP, daemon=Daemon0, relay=mailgw2.cnpapers.net [216.30.205.19] > May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: > to= > , delay=00:00:00, mailer=virtual, pri=30983, stat=queued > May 3 18:47:56 kanawha MailScanner[443]: Message i43MluL16091 from > 216.30.205.19 > (userfrom@wvgazette.com) is whitelisted > May 3 18:48:03 kanawha sendmail[16121]: i43MluL16091: > to= > , delay=00:00:07, xdelay=00:00:00, mailer=virtual, pri=120983, > relay=wvgazette.com > , dsn=2.0.0, stat=Sent > > The headers look like: > > Return-Path: > Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19]) > by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091 > for ; Mon, 3 May 2004 18:47:56 -0400 > Received: from Default.org ([24.196.186.68]) > by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id > M2004050318500904054 > for ; Mon, 03 May 2004 18:50:12 -0400 > Date: Mon, 03 May 2004 18:56:21 -0500 > To: "Katelong" > From: "Flipside" > Subject: Protected message > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------tczhvztzqbrmhhiumsom" > > The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for > now). It is our MX for the domain and forwards to the MS/Sendmail box. I > have wvgazette.com whitelisted. Obviously, moving the mailgw2 > machine inside > a firewall would allow me to block IP 24.196.186.68, but until I do, which > could take some time, is there anything obvious to anyone that would allow > me to block any of the above message types? "userto" and > "userfrom" are real > addresses. > > Blocking the IP address, if it is forged, though, would not solve the > problem at a firewall. They could just change the IP and beat us > up all over > again. I'm thinking whitelisting IP addresses instead of domain names, but > does this need to be set up in the CustomFunctions or can I just add this > into my spam.whitelist.rules, and would this work as below? > > From: 111.222.333.444 yes > > Any solid solutions or ideas would be appreciated, as well as any failings > of this idea of IP blocking being brought forth and pointed out to me > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From r.brown at LAWSON-HIS.CO.UK Tue May 4 15:16:22 2004 From: r.brown at LAWSON-HIS.CO.UK (Richard Brown) Date: Thu Jan 12 21:25:01 2006 Subject: Blocking from my own forged domain References: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> Message-ID: Stephe Campbell wrote: > Return-Path: > Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19]) > by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091 > for ; Mon, 3 May 2004 18:47:56 -0400 > Received: from Default.org ([24.196.186.68]) > by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id > M2004050318500904054 for ; Mon, 03 May 2004 18:50:12 > -0400 Date: Mon, 03 May 2004 18:56:21 -0500 > > The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for > now). It is our MX for the domain and forwards to the MS/Sendmail box. I > have wvgazette.com whitelisted. Obviously, moving the mailgw2 machine > inside a firewall would allow me to block IP 24.196.186.68, but until I > do, which could take some time, is there anything obvious to anyone that > would allow me to block any of the above message types? "userto" and > "userfrom" are real addresses. > > > Any solid solutions or ideas would be appreciated, as well as any failings > of this idea of IP blocking being brought forth and pointed out to me > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers Why have you whitelisted the domain (wvgazette.com) and not the valid IP's your users can send from? You can put the IP addresses in a ruleset such as spam.check.rules or spam.whitelist.rules. Regards, -- Richard Brown http://www.lawson-his.co.uk 0870 99 070 52 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Tue May 4 15:53:33 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:01 2006 Subject: problems with bitdefender Message-ID: On Monday, May 03, 2004 11:56 PM Pete wrote: > No output :( had asked Julian for a bit of help but he > concludes that something is not quite right with linux > compatability - i guess its because the enviornment variables > requires to run stuff in linux isnt the same as with BSD - is > this worth looking into further? This might interest you. I just got reply from the BitDefender support: > A BitDefender version for FreeBSD will be soon available. > In this moment we are testing it and if everything will > be OK it will be available very soon. Sounds ok. Let's wait! Regards. Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer / COO -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue May 4 15:59:49 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:01 2006 Subject: problems with bitdefender In-Reply-To: Message-ID: Hi! > This might interest you. I just got reply from the BitDefender support: > > > A BitDefender version for FreeBSD will be soon available. > > In this moment we are testing it and if everything will > > be OK it will be available very soon. > > Sounds ok. Let's wait! The FreeBDS wont be a free version however. Just kidding, i have no idea :) Just teasing :) Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Tue May 4 16:09:49 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:01 2006 Subject: problems with bitdefender Message-ID: On Tuesday, May 04, 2004 5:00 PM Raymond Dijkxhoorn wrote: > The FreeBDS wont be a free version however. > > Just kidding, i have no idea :) Just teasing :) Since most people are using FreeBSD for real (life) systems you might be right! :-) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Tue May 4 16:37:45 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:25:01 2006 Subject: Blocking from my own forged domain References: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> Message-ID: <006601c431ed$bf18cbe0$7601a8c0@cnpapers.net> Mr. Brown, I guess that's what I was asking about. I have followed this list for quite some time, and every once in so often, I read conflicting answers. In this case, I had the impression that blocking by IP required the CustomConfig.pm stuff, but after reviewing it, I see the IPBlock stuff is part of another set of functions (I don't do or read Perl very well, but am getting better since installing MS). Why not, then, replace wvgazette.com with IPs in spam.whitelist.com? Is this the equivalent of what you are saying? Thanks very much. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Richard Brown" To: Sent: Tuesday, May 04, 2004 10:16 AM Subject: Re: Blocking from my own forged domain Stephe Campbell wrote: > Return-Path: > Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19]) > by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091 > for ; Mon, 3 May 2004 18:47:56 -0400 > Received: from Default.org ([24.196.186.68]) > by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id > M2004050318500904054 for ; Mon, 03 May 2004 18:50:12 > -0400 Date: Mon, 03 May 2004 18:56:21 -0500 > > The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for > now). It is our MX for the domain and forwards to the MS/Sendmail box. I > have wvgazette.com whitelisted. Obviously, moving the mailgw2 machine > inside a firewall would allow me to block IP 24.196.186.68, but until I > do, which could take some time, is there anything obvious to anyone that > would allow me to block any of the above message types? "userto" and > "userfrom" are real addresses. > > > Any solid solutions or ideas would be appreciated, as well as any failings > of this idea of IP blocking being brought forth and pointed out to me > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers Why have you whitelisted the domain (wvgazette.com) and not the valid IP's your users can send from? You can put the IP addresses in a ruleset such as spam.check.rules or spam.whitelist.rules. Regards, -- Richard Brown http://www.lawson-his.co.uk 0870 99 070 52 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From r.brown at LAWSON-HIS.CO.UK Tue May 4 16:57:22 2004 From: r.brown at LAWSON-HIS.CO.UK (Richard Brown) Date: Thu Jan 12 21:25:01 2006 Subject: Blocking from my own forged domain References: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> <006601c431ed$bf18cbe0$7601a8c0@cnpapers.net> Message-ID: Stephe Campbell wrote: > Mr. Brown, > > I guess that's what I was asking about. I have followed this list for > quite some time, and every once in so often, I read conflicting answers. > In this case, I had the impression that blocking by IP required the > CustomConfig.pm stuff, but after reviewing it, I see the IPBlock stuff is > part of another set of functions (I don't do or read Perl very well, but > am getting better since installing MS). > > Why not, then, replace wvgazette.com with IPs in spam.whitelist.com? Is > this the equivalent of what you are saying? > > Thanks very much. Yes, essentially. The way my setup works is thus: In MailScanner.conf I have Spam Checks = /etc/MailScanner/rules/spam.check.rules In spam.check.rules I have From: 192.168. no FromOrTo: default yes This prevents any spam checking on my local IP address range, which all my users are on. If your IP address range is more complex you can use CIDR notation, not sure if there's a faq on CIDR, but Ugo has written one here http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/248.html on this subject in general that should help you. The difference between "Spam Checks" and "Spam Whitelist" is that emails that are whitelisted are still scanned, by MailScanner doing it's rbl checks and by SpamAssassin, which can be quite time consuming. I've not used the IPBlock myself, but I believe from the discussion when it was first implemented it will create an access map for sendmail that blocks persistent senders of spam/viruses from delivering the mail to sendmail. I use similar functionality in mailstats/vispan to block broadband zombies. If your MailScanner server is not the mx for your domain(s) you'd need to do a bit of tweaking to get the access map installed on the right server. HTH, -- Richard Brown http://www.lawson-his.co.uk 0870 99 070 52 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Tue May 4 17:21:44 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) Message-ID: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> So far so good it appears. I'll be hovering over the maillogs for a better part of the day. Besides putting missing a part of the access file (whoops) all is well. Love how it is working so far. I know it is going to take a couple of weeks to really fine tune it correctly. I just want to thank everyone for their help and support. I may be stopping by here this week frequently to ask questions and adivce. Thanks Julian for providing such a great product. Cheers everyone, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dnsadmin at 1BIGTHINK.COM Tue May 4 17:29:25 2004 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:25:01 2006 Subject: OT Re: tao Linux In-Reply-To: <200405041306.i44D6YWT022106@monitor.blacknight.ie> References: <200405041306.i44D6YWT022106@monitor.blacknight.ie> Message-ID: <6.1.0.6.0.20040504122515.062ab848@mail.1bigthink.com> At 09:11 AM 5/4/2004, you wrote: >Still way OT, but worth the read: >http://www.redhat.com/archives/fedora-devel-list/2004-May/msg00104.html > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >http://www.blacknight.ie/ >Tel. +353 59 9137101 > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Ugo Bellavance >Sent: 04 May 2004 12:52 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: [MAILSCANNER] OT Re: tao Linux > >Michele Neylon :: Blacknight Solutions wrote: > > Peter > > > > Apologies if it seemed completely OT, but there was a very valid reason >for > > bringing this up. > > As you know RH are no longer supporting RH9 and so the choice is to either > > switch distros entirely, move to RHE or look at alternatives. > > >Ther is another very good option. The Fedora Legacy Project is taking >over the responsibility of updates for old RH versions, for about 1.5 >years after EOL. http://fedoralegacy.org/ I found this topic very enlightening and am evaluating two of the mentioned OSs as a result: CentOS and Whitebox. I have been using RedHat and need to move on to another production quality OS, but cannot afford the RedHat Enterprise support levels. I am also looking at FreeBSD and Debian. I will evaluate all four and maybe report back if there is interest? I have run Fedora Core 1 and liked it, but the development cycle is too short for me to justify this OS on a production machine. Excellent desktop OS, however! Cheers! Glenn -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From campbell at CNPAPERS.COM Tue May 4 17:32:27 2004 From: campbell at CNPAPERS.COM (Stephe Campbell) Date: Thu Jan 12 21:25:01 2006 Subject: Blocking from my own forged domain References: Message-ID: <009001c431f5$64064ea0$7601a8c0@cnpapers.net> Mr. Cooper, You re right in your evaluation of the first paragraph below. Again, you are right in thinking that blocking at the mail server would be more effective. Unfortunately, I use linuxconf to maintain my virtual email domains, and it is limited in some aspects of its Sendmail functions. I am not sure if I can block based on sender host address compared to local address. As far as authentication goes, I'm not sure how to set up sender authentication, and this may be one of the limitations of linuxconf sendmail. I have started looking at some sendmail stubs that work with linuxconf. If you have the time someday, you might point out what you could on this subject. In the mean time, I will explore this on my own. Thank you very much. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Rick Cooper" To: Sent: Tuesday, May 04, 2004 10:16 AM Subject: Re: Blocking from my own forged domain If I am getting this right userfrom@wvgazette.com is a valid user@domain handled by mailgw2.cnpapers.net for kanawha.cnpapers.net which are your mail servers? Wouldn't it be prudent to block this at the mail server rather than allow it in the first place? I assume sendmail (I use exim) has the facility to compare sender hosts address to some kind of list of local address to make sure they are valid within your address space(s). I would also recommend require authenticated sending from within your domain(s) only, that would pretty much stop this as well. I basically allow authenticated senders (verify recipient) and then deny local sender domains not from local (our address space(s)) host addresses. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Stephe Campbell > Sent: Tuesday, May 04, 2004 8:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Blocking from my own forged domain > > > I was hoping that the spam.assassin.prefs.conf whitelist/blacklist config > options would provide an answer, but answers from the list showed > me I still > have a problem. > > I am getting email to users at our domains with forged From: addresses. > These From: addresses are valid email addresses. Since I have our domains > whitelisted, they pass right on through. The maillog of one looks > like this: > > May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: > from= m>, size=983, class=0, nrcpts=1, > msgid=, > proto= > SMTP, daemon=Daemon0, relay=mailgw2.cnpapers.net [216.30.205.19] > May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: > to= > , delay=00:00:00, mailer=virtual, pri=30983, stat=queued > May 3 18:47:56 kanawha MailScanner[443]: Message i43MluL16091 from > 216.30.205.19 > (userfrom@wvgazette.com) is whitelisted > May 3 18:48:03 kanawha sendmail[16121]: i43MluL16091: > to= > , delay=00:00:07, xdelay=00:00:00, mailer=virtual, pri=120983, > relay=wvgazette.com > , dsn=2.0.0, stat=Sent > > The headers look like: > > Return-Path: > Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19]) > by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091 > for ; Mon, 3 May 2004 18:47:56 -0400 > Received: from Default.org ([24.196.186.68]) > by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id > M2004050318500904054 > for ; Mon, 03 May 2004 18:50:12 -0400 > Date: Mon, 03 May 2004 18:56:21 -0500 > To: "Katelong" > From: "Flipside" > Subject: Protected message > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------tczhvztzqbrmhhiumsom" > > The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for > now). It is our MX for the domain and forwards to the MS/Sendmail box. I > have wvgazette.com whitelisted. Obviously, moving the mailgw2 > machine inside > a firewall would allow me to block IP 24.196.186.68, but until I do, which > could take some time, is there anything obvious to anyone that would allow > me to block any of the above message types? "userto" and > "userfrom" are real > addresses. > > Blocking the IP address, if it is forged, though, would not solve the > problem at a firewall. They could just change the IP and beat us > up all over > again. I'm thinking whitelisting IP addresses instead of domain names, but > does this need to be set up in the CustomFunctions or can I just add this > into my spam.whitelist.rules, and would this work as below? > > From: 111.222.333.444 yes > > Any solid solutions or ideas would be appreciated, as well as any failings > of this idea of IP blocking being brought forth and pointed out to me > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Tue May 4 17:38:30 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> Message-ID: <49735.194.70.180.170.1083688710.squirrel@net.themarshalls.co.uk> Jason Williams said: > So far so good it appears. I'll be hovering over the maillogs for a better > part of the day. > > Besides putting missing a part of the access file (whoops) all is well. > > Love how it is working so far. > I know it is going to take a couple of weeks to really fine tune it > correctly. > > I just want to thank everyone for their help and support. I may be > stopping > by here this week frequently to ask questions and adivce. > > Thanks Julian for providing such a great product. > > Cheers everyone, > > Jason Congratulations! For one moment I thought this day would never come :-) Now just let Bayes fill with some nice Spam, a few final tweeks to ensure a good Spam catch rate and Robert is your mother's brother :-D Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From denis at CROOMBS.ORG Tue May 4 19:07:39 2004 From: denis at CROOMBS.ORG (Denis Croombs) Date: Thu Jan 12 21:25:01 2006 Subject: Mailscanner + Kolab Message-ID: <026b01c43202$b0fd2500$85b8fea9@Laptop> Hi Has anyone tried using MailScanner with the Kolab groupware server system http://kolab.org/ any commenst good or bad very welcome. Thanks Denis Croombs -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Marvin the E-Mail scanner -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at DASLWEB.COM Tue May 4 16:52:36 2004 From: ronnie at DASLWEB.COM (Ronnie Regev) Date: Thu Jan 12 21:25:01 2006 Subject: Mail header received from question Message-ID: Thats been fixed. thanks for the hint. cheers. ronnie Regev Sys Admin Daslweb.com On Tue, 4 May 2004 10:03:53 +0200, Peter Peters wrote: >On Mon, 3 May 2004 22:06:26 +0200, you wrote: > >>Ronnie Regev wrote: >>> Received: from filter.daslweb.ca (filter.daslweb.ca.224.39.65.in- addr.arpa >>> [65.39.224.201] (may be forged)) >> >> From Sendmail FAQ: >> >>--> >>Q3.38 -- What does "may be forged" mean? >>Date: November 12, 2001 >> >>After sendmail does a hostname look-up on the IP address of the >>connecting client, the IP addresses of that hostname are looked up. If >>the client IP address does not appear in that list, then the may be >>forged tag is added. >><-- > >When you look at the reverse address filter(...)arpa it looks like in >the zone-file for 224.39.65.in-addr.arpa there is a PTR record wrong. >Probably a dot is missing: > >201 IN PTR filter.daslweb.ca > >instead of > >201 IN PTR filter.daslweb.ca. > >Ask your nameserver administrator to check it's files. > >-- >Peter Peters, senior netwerkbeheerder >Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) >Universiteit Twente, Postbus 217, 7500 AE Enschede >telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at DASLWEB.COM Tue May 4 16:54:22 2004 From: ronnie at DASLWEB.COM (Ronnie Regev) Date: Thu Jan 12 21:25:01 2006 Subject: Spam Actions config Message-ID: Any ideas on why this is happening? >I have set up the following in mailscanner.conf: >Spam Actions = %rules-dir%/spam.actions > >And spam.actions as follows: >To: example.com delete >To: regev.ca delete >FromOrTo: Default deliver > >When I send a GTUBE test to ronnie@regev.ca, it is identified as spam, >however, the message is still delivered to the mailbox. >All other spam is still being delivered to mailboxes. thanks. Ronnie Regev Sys Admin Daslweb.com On Mon, 3 May 2004 15:24:32 -0400, Ronnie Regev wrote: >I have set up the following in mailscanner.conf: >Spam Actions = %rules-dir%/spam.actions > >And spam.actions as follows: >To: example.com delete >To: regev.ca delete >FromOrTo: Default deliver > >When I send a GTUBE test to ronnie@regev.ca, it is identified as spam, >however, the message is still delivered to the mailbox. >All other spam is still being delivered to mailboxes. > >Any ideas? >Thanks. >Ronnie Regev >System Administrator >Microsoft Certified Professional MCP >Daslweb Inc. >514-874-9809 >ronnie@daslweb.com > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Mariano Absatz >Sent: Monday, May 03, 2004 2:25 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] Spam Actions config > >IIRC, the proper way to do what you want is > >To: exception.com deliver >FromOrTo: Default delete > > > >El 3 May 2004 a las 14:21, Ronnie Regev escribi?: > >> Thanks for the info. >> Would the following be correct: >> >> To: *@*.* delete >> To: exception.com deliver >> >> The purpose being to delete, or whatever action, by default, and then a >> secondary action for specific domains, in this case, to deliver. >> >> Thanks. >> >> Ronnie Regev >> System Administrator >> Microsoft Certified Professional MCP >> Daslweb Inc. >> ronnie@daslweb.com >> >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf >> Of Julian Field >> Sent: Monday, May 03, 2004 2:13 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] Spam Actions config >> >> At 18:38 03/05/2004, you wrote: >> >Hi, >> >I have noticed that Spam Actions setting can also be the filename of a >> >ruleset. What would the structure of the filename be if I wanted to >> >accomplish the following: >> > >> >Example1.com bounce >> >Example2.com deliver store >> >Example3.com forward joe@example.com >> >> To: Example1.com bounce >> To: Example2.com deliver store >> To: Example3.com forward joe@example.com >> >> >> >I.e.: different actions for different domains. >> >I am running mailscanner-4.29.7-1. >> > >> >Thanks. >> > >> >Ronnie Regev >> >System Administrator >> >Microsoft Certified Professional MCP >> >Daslweb Inc. >> >ronnie@daslweb.com >> > >> >-------------------------- MailScanner list ---------------------- >> >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> >Before posting, please see the Most Asked Questions at >> >http://www.mailscanner.biz/maq/ and the archives at >> >http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> -- >> Julian Field >> www.MailScanner.info >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >Daddy, why doesn't this magnet pick up this floppy disk? > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Tue May 4 19:23:07 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <49735.194.70.180.170.1083688710.squirrel@net.themarshalls. co.uk> References: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> >Congratulations! >For one moment I thought this day would never come :-) Now just let Bayes >fill with some nice Spam, a few final tweeks to ensure a good Spam catch >rate and Robert is your mother's brother :-D Feels good. Just a couple of questions.... As im monitoring the server here, as far as resources, what should I be keeping on eye on? For instance, right now, I see the following: Load Avg: 0.0.3 0.0.7 0.0.2 (highest I saw was 0.22) Memory: size: 2gb Free: 1.48gb Used: 525mb Just babysitting things right now. I appreciate the help. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue May 4 19:22:50 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:01 2006 Subject: Spam Actions config In-Reply-To: References: Message-ID: Ronnie Regev wrote: > Any ideas on why this is happening? > > >>I have set up the following in mailscanner.conf: >>Spam Actions = %rules-dir%/spam.actions >> >>And spam.actions as follows: >>To: example.com delete >>To: regev.ca delete >>FromOrTo: Default deliver >> >>When I send a GTUBE test to ronnie@regev.ca, it is identified as spam, >>however, the message is still delivered to the mailbox. >>All other spam is still being delivered to mailboxes. I think your rules file must end by .rules. You might want to try that. > > > thanks. > > Ronnie Regev > Sys Admin > Daslweb.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kodak at FRONTIERHOMEMORTGAGE.COM Tue May 4 19:37:07 2004 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> Message-ID: <004101c43206$cdbdff30$0501a8c0@darkside> >0.0.3 0.0.7 0.0.2 (highest I saw was 0.22) OH MY GOD CALL THE FIRE DEPARTMENT, THAT BABY'S 'BOUT TO A-SPLODE! Seriously. :) I think you're going to be fine. What's your expected messages per day? How many users are you serving? --J(K) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dwinkler at ALGORITHMICS.COM Tue May 4 19:38:11 2004 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) Message-ID: <20CEA27AF49D7F4691F02E7ADC5D4ECD01171B96@tormail2.algorithmics.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jason Williams > Sent: Tuesday, May 04, 2004 2:23 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Finally: I'm live... :) > > > >Congratulations! > >For one moment I thought this day would never come :-) Now > just let Bayes > >fill with some nice Spam, a few final tweeks to ensure a > good Spam catch > >rate and Robert is your mother's brother :-D > > Feels good. > > Just a couple of questions.... > > As im monitoring the server here, as far as resources, what > should I be > keeping on eye on? That mail is getting delivered. :-) > > For instance, right now, I see the following: > > Load Avg: > > 0.0.3 0.0.7 0.0.2 (highest I saw was 0.22) > > Memory: > > size: 2gb > Free: 1.48gb > Used: 525mb > > Just babysitting things right now. > > I appreciate the help. > > Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Tue May 4 10:53:27 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:01 2006 Subject: Html forms In-Reply-To: References: <6.0.1.1.2.20040504090539.0820c3d8@imap.ecs.soton.ac.uk> Message-ID: <6.0.1.1.2.20040504105301.082d01b0@imap.ecs.soton.ac.uk> At 09:54 04/05/2004, you wrote: >Forgive my ignorance, but if we create a rule allowing html forms in >messages from xyz.com, how does MailScanner determine the actual sender is >xyz.com? It uses the envelope sender address (often put into the Return-Path: header in the message). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue May 4 19:38:24 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <49735.194.70.180.170.1083688710.squirrel@net.themarshalls. co.uk> <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> Message-ID: Jason Williams wrote: >> Congratulations! >> For one moment I thought this day would never come :-) Now just let Bayes >> fill with some nice Spam, a few final tweeks to ensure a good Spam catch >> rate and Robert is your mother's brother :-D > > > Feels good. > > Just a couple of questions.... > > As im monitoring the server here, as far as resources, what should I be > keeping on eye on? > > For instance, right now, I see the following: > > Load Avg: > > 0.0.3 0.0.7 0.0.2 (highest I saw was 0.22) > > Memory: > > size: 2gb > Free: 1.48gb > Used: 525mb > > Just babysitting things right now. Yeah, and the baby is rather calm. Uptime and memory usage gives you a very good idea of your systems, health. You can check for delay as well, but it should be ok. You can keep a terminal window open with a top open in it... For diagnosis, you'll look a the vmstat command. Good to learn how to interpret its output now if you've got some time, and write down some procedures... > > I appreciate the help. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jbreeden at PLUMHALL.COM Tue May 4 19:43:57 2004 From: jbreeden at PLUMHALL.COM (John Breeden) Date: Thu Jan 12 21:25:01 2006 Subject: Blocking from my own forged domain (smtp+spf) In-Reply-To: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> References: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> Message-ID: <4097E46D.10508@plumhall.com> I'm assuming that cnpapers.net is your domain. If so you might want to check out smtp+spf at http://spf.pobox.com/ jb Hawaii Stephe Campbell wrote: >I was hoping that the spam.assassin.prefs.conf whitelist/blacklist config >options would provide an answer, but answers from the list showed me I still >have a problem. > >I am getting email to users at our domains with forged From: addresses. >These From: addresses are valid email addresses. Since I have our domains >whitelisted, they pass right on through. The maillog of one looks like this: > >May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: >from=m>, size=983, class=0, nrcpts=1, msgid=, >proto= >SMTP, daemon=Daemon0, relay=mailgw2.cnpapers.net [216.30.205.19] >May 3 18:47:56 kanawha sendmail[16091]: i43MluL16091: >to= >, delay=00:00:00, mailer=virtual, pri=30983, stat=queued >May 3 18:47:56 kanawha MailScanner[443]: Message i43MluL16091 from >216.30.205.19 >(userfrom@wvgazette.com) is whitelisted >May 3 18:48:03 kanawha sendmail[16121]: i43MluL16091: >to= >, delay=00:00:07, xdelay=00:00:00, mailer=virtual, pri=120983, >relay=wvgazette.com >, dsn=2.0.0, stat=Sent > >The headers look like: > >Return-Path: >Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19]) >by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091 >for ; Mon, 3 May 2004 18:47:56 -0400 >Received: from Default.org ([24.196.186.68]) >by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id M2004050318500904054 >for ; Mon, 03 May 2004 18:50:12 -0400 >Date: Mon, 03 May 2004 18:56:21 -0500 >To: "Katelong" >From: "Flipside" >Subject: Protected message >Message-ID: >MIME-Version: 1.0 >Content-Type: multipart/mixed; >boundary="--------tczhvztzqbrmhhiumsom" > >The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for >now). It is our MX for the domain and forwards to the MS/Sendmail box. I >have wvgazette.com whitelisted. Obviously, moving the mailgw2 machine inside >a firewall would allow me to block IP 24.196.186.68, but until I do, which >could take some time, is there anything obvious to anyone that would allow >me to block any of the above message types? "userto" and "userfrom" are real >addresses. > >Blocking the IP address, if it is forged, though, would not solve the >problem at a firewall. They could just change the IP and beat us up all over >again. I'm thinking whitelisting IP addresses instead of domain names, but >does this need to be set up in the CustomFunctions or can I just add this >into my spam.whitelist.rules, and would this work as below? > >From: 111.222.333.444 yes > >Any solid solutions or ideas would be appreciated, as well as any failings >of this idea of IP blocking being brought forth and pointed out to me > >Steve Campbell >campbell@cnpapers.com >Charleston Newspapers > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue May 4 20:14:48 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> Message-ID: <4097EBA8.6060303@ucgbook.com> Jason Williams wrote: > As im monitoring the server here, as far as resources, what should I be > keeping on eye on? Any abnormal CPU, disk and memory usages are of course interesting but I like to keep an eye on the delay time, that is the time a message takes to pass your server. That's a good performance measure. Example from the web, this message took 2 seconds from it was received until it was delivered: Aug 6 13:55:49 vader sendmail[28771]: h76HtlCD028769: to=, delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=138581, relay=smtp-server.carolina.rr.com. [24.93.67.141], dsn=2.0.0, stat=Sent (h76Ha888021010 Message accepted for delivery) Vispan has a graph for this. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Tue May 4 20:34:22 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> Message-ID: <4097F03E.4010803@themarshalls.co.uk> Jason Williams wrote: >> Congratulations! >> For one moment I thought this day would never come :-) Now just let >> Bayes >> fill with some nice Spam, a few final tweeks to ensure a good Spam catch >> rate and Robert is your mother's brother :-D > > > Feels good. > > Just a couple of questions.... > > As im monitoring the server here, as far as resources, what should I be > keeping on eye on? > > For instance, right now, I see the following: > > Load Avg: > > 0.0.3 0.0.7 0.0.2 (highest I saw was 0.22) > So your not pushing your box much then :-) Those look pretty good. As far as things to look for I always keep an eye on delivery delays, as Peter (I think?) said earlier, it's a good indicator and over view of system & network performance. If an area starts to under perform you will see the delays increase (For example if Razor starts to time out while doing network checks, not a problem that you have much direct control over but it might start to cause queue increases). If I want to keep an eye on things and the server is not too busy, I will tail the mail log for a while just monitoring message delivery speeds. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Tue May 4 20:40:34 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <4097F03E.4010803@themarshalls.co.uk> References: <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040504123631.02a35d70@corpmail.courtesymortgage.com> >So your not pushing your box much then :-) Those look pretty good. As >far as things to look for I always keep an eye on delivery delays, as >Peter (I think?) said earlier, it's a good indicator and over view of >system & network performance. If an area starts to under perform you >will see the delays increase (For example if Razor starts to time out >while doing network checks, not a problem that you have much direct >control over but it might start to cause queue increases). I know I know. I tend to be cautions. Better safe than sorry has always been my motto. :) As far as delays, the highest I have seen so far is: (on the mail gateway with MS) delay=00:00:05, xdelay=00:00:00, Granted, I have considered putting on a caching name server on the box to speed up results. What I find interesting though is when email from my internal server goes out, there is a slight delay. Not horrible, but could be better. Any recommendations? >If I want to keep an eye on things and the server is not too busy, I >will tail the mail log for a while just monitoring message delivery speeds. > >Drew Right now, im watching the logs, just seeing how things are going...everything appears to be running smoothly. Doing some tweaks here and tweaks there, but so far so good. I am super amped right now though, so im trying to just chill out a bit..:) Tuning and tweaking as I go...reading over the MAQ's, FAQ's and anything else I can get my hands on. I appreciate everyones help...again. :) Best, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ccampbell at BRUEGGERS.COM Tue May 4 20:52:43 2004 From: ccampbell at BRUEGGERS.COM (Christian Campbell) Date: Thu Jan 12 21:25:01 2006 Subject: Virus not caught Message-ID: <3BAD5B387A137442B69B2704F49D9A05872C@ares.brueggers.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm running MS 4.28.6-1 on RH8 with ClamAV .70 and F-Prot (4.41 program / 3.14.11 engine / 3 May 2004 Defs) in front of my Exchange 5.5 server running Symantec AV. MS and AV scanners have been catching all my viruses for 6 months or more on my MS server, never letting any through to my Symantec AV on Exchange. Recently, I have been receiving virus warnings that Symantec has caught Netsky.Q@mm.enc on my Exchange server. While I'm glad Symantec caught it...I'm troubled as to why it's getting past MS and AV scanners on my RH8 box. Running MailWatch reveals that F-Prot is catching W32/Netsky.Q@mm , however I don't always trust that AV vendors name the variants consistently amongst themselves. Any suggestions on how I should proceed in troubleshooting this issue? Is anyone experiencing the same? Thanks in advance, Christian Christian Campbell Systems Engineer, Sair LCP, A+, N+, i-Net+ Bruegger's Enterprises Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "We all know Linux is great... It does infinite loops in 5 seconds." -Linus Torvalds -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10 iD8DBQFAl/UpbedHH5VEUwcRAo4SAKDb1jZ71qNsJkr06E7i2vFvHFGQMgCg1HQ8 QJadMy0Rwb6L/YcMzxYv8Hk= =ktt4 -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040504/74b51b0f/attachment.html From raymond at PROLOCATION.NET Tue May 4 20:59:41 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:01 2006 Subject: Virus not caught In-Reply-To: <3BAD5B387A137442B69B2704F49D9A05872C@ares.brueggers.com> Message-ID: Hi! > glad Symantec caught it...I'm troubled as to why it's getting > past MS and AV scanners on my RH8 box. > > Running MailWatch reveals that F-Prot is catching > W32/Netsky.Q@mm , however I don't always trust that > AV vendors > name the variants consistently amongst themselves. > > Any suggestions on how I should proceed in troubleshooting this > issue? Is anyone experiencing the same? Can you mail me some samples in a password protected zip ? Thanks, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Tue May 4 21:00:40 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:25:01 2006 Subject: Virus not caught Message-ID: <91A5926EFF44D3118B1200104B7276EB02C57003@hart-exchange.hartwellcorp.com> Christian Campbell wrote: > I'm running MS 4.28.6-1 on RH8 with ClamAV .70 and F-Prot (4.41 > program / 3.14.11 engine / 3 May 2004 Defs) in front of my > Exchange 5.5 server running Symantec AV. MS and AV scanners > have been catching all my viruses for 6 months or more on my MS > server, never letting any through to my Symantec AV on Exchange. > Recently, I have been receiving virus warnings that Symantec > has caught Netsky.Q@mm.enc on my Exchange server. While I'm > glad Symantec caught it...I'm troubled as to why it's getting > past MS and AV scanners on my RH8 box. > > Running MailWatch reveals that F-Prot is catching > W32/Netsky.Q@mm, however I don't always trust that AV vendors > name the variants consistently amongst themselves. > > Any suggestions on how I should proceed in troubleshooting this > issue? Is anyone experiencing the same? First, check to make sure that you are still automatically downloading the updated signature files for ClamAV. If you are then submit the infected file on the ClamAV web page: http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi Be sure to indicate the name of the virus and that it was caught by Symantec. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bpumphrey at WOODMACLAW.COM Tue May 4 21:13:23 2004 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) Message-ID: Sounds like you have a beefy server, especially for 30 to 70 users. I have 75 users and don't have a beefy server: 500mhz 384RAM Here are a few mail log entries: REGULAR DELAY FOR ME: May 2 04:04:17 MailScanner sendmail[19765]: i42942m4019765: to=, delay=00:00:01, mailer=esmtp, pri=30263, stat=queued May 2 04:04:32 MailScanner sendmail[19769]: i4294Rm4019769: to=, delay=00:00:01, mailer=esmtp, pri=30552, stat=queued HI DELAY: I'm guessing that its high here because of the connection refused by, which I don't know what that means. May 2 04:10:36 MailScanner sendmail[19923]: i428lEm4019071: to=, delay=00:23:22, xdelay=00:00:00, mailer=esmtp, pri=300394, relay=[10.1.1.2], dsn=4.0.0, stat=Deferred: Connection refused by [10.1.1.2] May 2 04:10:39 MailScanner sendmail[19923]: i428LVm4018713: to=, delay=00:49:06, xdelay=00:00:00, mailer=esmtp, pri=480812, relay=[10.1.1.2], dsn=4.0.0, stat=Deferred: Connection refused by [10.1.1.2] I have no idea why, but my log is full of connection refused like the above. Hhmmm... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams Sent: Tuesday, May 04, 2004 2:41 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Finally: I'm live... :) >So your not pushing your box much then :-) Those look pretty good. As >far as things to look for I always keep an eye on delivery delays, as >Peter (I think?) said earlier, it's a good indicator and over view of >system & network performance. If an area starts to under perform you >will see the delays increase (For example if Razor starts to time out >while doing network checks, not a problem that you have much direct >control over but it might start to cause queue increases). I know I know. I tend to be cautions. Better safe than sorry has always been my motto. :) As far as delays, the highest I have seen so far is: (on the mail gateway with MS) delay=00:00:05, xdelay=00:00:00, Granted, I have considered putting on a caching name server on the box to speed up results. What I find interesting though is when email from my internal server goes out, there is a slight delay. Not horrible, but could be better. Any recommendations? >If I want to keep an eye on things and the server is not too busy, I >will tail the mail log for a while just monitoring message delivery speeds. > >Drew Right now, im watching the logs, just seeing how things are going...everything appears to be running smoothly. Doing some tweaks here and tweaks there, but so far so good. I am super amped right now though, so im trying to just chill out a bit..:) Tuning and tweaking as I go...reading over the MAQ's, FAQ's and anything else I can get my hands on. I appreciate everyones help...again. :) Best, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Tue May 4 21:28:53 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) References: <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504092003.00a8eaa0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> Message-ID: <4097FD05.DBF8CD5B@ucsc.edu> Jason Williams wrote: > > As im monitoring the server here, as far as resources, what should I be > keeping on eye on? > The size of your queue's. (at our site, this is by far the most important thing to monitor on our mailscanner mail servers) What I do is a really basic/cheesy report that basically just does a "ls $QUEUE/qf* | wc -l" for each queue (for me, that's /var/spool/mqueue.in and /var/spool/mqueue). I run it via inet, and then I have a process on my workstation ("mqc" - mail queue counts) that polls each of my mailservers every 30 seconds, and displays the output in "waterfall" type format: cats-mx1(in:m) cats-mx2(in:m) cats-mx3(in:m) cats-mx4(in:m) 39:726 53:550 37:452 19:544 30:717 68:549 19:453 19:544 26:705 91:548 26:450 19:543 22:711 96:556 38:450 39:543 13:715 103:549 46:450 53:545 11:711 75:582 42:452 57:546 7:699 89:553 58:452 142:543 8:703 92:553 63:452 151:543 4:701 84:564 64:457 149:543 18:701 79:569 60:453 142:543 43:697 97:555 35:463 145:544 ("in" is the number of messages in mqueue.in, and "m" is the number of messages in the outgoing/regular mqueue; the report repeats the header line every 20 lines, so that it never completely scrolls off the window) So, you can see here that cats-mx4 has had a little bit of extra traffic kick in recently. And cats-mx2 had a small peak there as well. On a typical day, I see low hundreds's most of the time. When I get hit by a virus or a mass mailing, they'll shoot up. If an mqueue.in gets above 1200 I get nervous. If it goes over 3000, I'm pretty sure that it wont get back to normal without outside intervention (it is my experience that during normal day operations, if I add to that enough traffic to get up to the 3000 range, then it wont go back below that during business hours, so if I need to get it back under that level, I need to do something about it). 1200-1600 is in the "15 minutes from SMTP receipt to SMTP relay/Local delivery" threshold, which is our service level agreement with the rest of campus, so that's why I start getting nervous around there ... if we're in that range too long, then I also need to figure out what I'm going to do about it. This also helps me see problems as they're forming. For example: There's a virus that makes some of our resnet (students in the dorms) computers into spam generators, and they'll send messages at a VERY high rate: tens of thousands per hour. Having a background window with that cascade running lets me see those as they're building up in momentum, and then I have a script ("qstat") that will rip through the qf files and identify which host (via the $_ relay line of the qf file) has the most traffic waiting in mqueue.in. Usually, if I see one host that has more than 100 submissions, or more than 10% if it's over 1000, then that's a bad thing. You can then look at the qf and df file for some of those messages (if that's legal at your site ... here the law basically restricts me to analyzing the qf file only) and verify that it's something negative. Once I'm confident it's an attack of some sort, I usually: a) kill mailscanner (so that new messages from that host aren't leaking through while I clean up; but I don't kill sendmail because I don't want to interrupt service, from a user perspective) b) add that host to my sendmail access file for blocking c) push that access file out to all of my mail servers (and that process includes doing loading/converting the access file into the access database) d) run a script that removes every queue file whose qf file $_ matches the host ("qflush") (this part can take a long time) e) restart mailscanner If anyone wants to see the scripts (the inetd.conf scripts, mqc, qstat and qflush) I'd be happy to share them. Some of it (mqc in particular) might be overkill if you're just running one server with 2 queues, but still, it's good to see the health of your queues over time. The inetd.conf scripts are also used by our bigbrother / bigsister server to throw warnings when different thresholds are met. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed May 5 00:32:20 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:25:01 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200405042332.i44NWK3v002239@seer.ecs.soton.ac.uk> New Guestbook-Entry from Ross Great job guy\'\'s but why are you blocking other companies antivirus detection and removal tools? (see following message)Our virus detector has just been triggered by a message you sent:-

To: sa.pe@spartners.com.au (I have changed the address for confidentiality)

Subject: Re: Fw: Slow Internet ...

Date: Wed May 5 09:15:24 2004



One or more of the attachments (stinger.exe) are on

the list of unacceptable attachments for this site and will not have

been delivered.



Consider renaming the files or putting them into a \"zip\" file to avoid

this constraint.



The virus detector said this about the message:

Report: Executable DOS/Windows programs are dangerous in email (stinger.exe)

--

MailScanner

Email Virus Scanner

www.mailscanner.info

MailScanner thanks transtec Computers for their support From mailscanner at ISLANDB.COM Wed May 5 01:46:28 2004 From: mailscanner at ISLANDB.COM (Brooks Weisblat) Date: Thu Jan 12 21:25:01 2006 Subject: Rule to filter "true" From: address....? Message-ID: <54191.64.118.232.46.1083717988.squirrel@www.islandb.com> I have a ruleset that alerts admins if a person from a certain domain name sends an email with a virus.... the problem is that some of these rampant email viruses forge the "From:" addresses..... causing the admins to get alerted when they shouldn't.... Is there any way to create a ruleset that would be used based on the real From jwilliams at COURTESYMORTGAGE.COM Tue May 4 19:44:53 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:01 2006 Subject: Finally: I'm live... :) In-Reply-To: <004101c43206$cdbdff30$0501a8c0@darkside> References: <5.2.1.1.0.20040504112032.00a91cc0@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040504114133.00a04530@corpmail.courtesymortgage.com> At 01:37 PM 5/4/2004 -0500, you wrote: >OH MY GOD CALL THE FIRE DEPARTMENT, THAT BABY'S 'BOUT TO A-SPLODE! 911 911 On they way! :) >Seriously. :) > >I think you're going to be fine. What's your expected messages >per day? How many users are you serving? Right, serving about 35 users, give or take a few. That could jump to 50-70 by the end of the year. As it stands, looking at the total for the day: 494 - 4.9mb I tend to be overly cautious as I can not afford to be reckless. :) I appreciate your help guys... Best, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Tue May 4 21:50:10 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:02 2006 Subject: Finally: I'm live... :) In-Reply-To: References: Message-ID: Billy A. Pumphrey wrote: > Sounds like you have a beefy server, especially for 30 to 70 users. > > I have 75 users and don't have a beefy server: > 500mhz > 384RAM > > Here are a few mail log entries: > > REGULAR DELAY FOR ME: > > > May 2 04:04:17 MailScanner sendmail[19765]: i42942m4019765: > to=, delay=00:00:01, mailer=esmtp, pri=30263, > stat=queued > > May 2 04:04:32 MailScanner sendmail[19769]: i4294Rm4019769: > to=, delay=00:00:01, mailer=esmtp, pri=30552, > stat=queued > > HI DELAY: > I'm guessing that its high here because of the connection refused by, > which I don't know what that means. > May 2 04:10:36 MailScanner sendmail[19923]: i428lEm4019071: > to=, delay=00:23:22, xdelay=00:00:00, mailer=esmtp, > pri=300394, relay=[10.1.1.2], dsn=4.0.0, stat=Deferred: Connection > refused by [10.1.1.2] > > May 2 04:10:39 MailScanner sendmail[19923]: i428LVm4018713: > to=, delay=00:49:06, xdelay=00:00:00, mailer=esmtp, > pri=480812, relay=[10.1.1.2], dsn=4.0.0, stat=Deferred: Connection > refused by [10.1.1.2] > > I have no idea why, but my log is full of connection refused like the > above. Hhmmm... > What is 10.1.1.2? Your internal mail server? It means that this server isn't responding to a connection request on smtp (25) server. This usually means that the mail service is down, overwhelmed or the server itself is down. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Tue May 4 22:08:00 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:02 2006 Subject: RBL checking Message-ID: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> Well im back... Just out of curiosity, I have setup a couple of RBL checks to be done by sendmail. The three I use are: list.dsbl.org sbl.spamhaus.org relays.ordb.org What I was curious about is that I have seen quite a few rejections by spamhaus.org. mail# grep Rejected /var/log/maillog |wc -l 157 Just wanted to see what people thought about the various RBL's. Which ones are good, which are bad etc. Also, I'm working on a script of some sort (command even) that will parse my logs and be able to sort out some statistics to see the stats on how many rejections each specific RBL is doing... Be nice to get a print out of some sort to see a nice break down... I apprecate the feedback. Can't say enough about MS as well. Cheers, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Tue May 4 22:08:55 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:25:02 2006 Subject: Spam Actions config In-Reply-To: Message-ID: <20040504210846.DKMQ27329.tomts35-srv.bellnexxia.net@ronniepc> Unfortunately that did not work. Any other ideas as to how I can accomplish this? Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. ronnie@daslweb.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Tuesday, May 04, 2004 2:23 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Spam Actions config Ronnie Regev wrote: > Any ideas on why this is happening? > > >>I have set up the following in mailscanner.conf: >>Spam Actions = %rules-dir%/spam.actions >> >>And spam.actions as follows: >>To: example.com delete >>To: regev.ca delete >>FromOrTo: Default deliver >> >>When I send a GTUBE test to ronnie@regev.ca, it is identified as spam, >>however, the message is still delivered to the mailbox. >>All other spam is still being delivered to mailboxes. I think your rules file must end by .rules. You might want to try that. > > > thanks. > > Ronnie Regev > Sys Admin > Daslweb.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Tue May 4 22:20:21 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:02 2006 Subject: Spam Actions config In-Reply-To: <20040504210846.DKMQ27329.tomts35-srv.bellnexxia.net@ronniepc> References: <20040504210846.DKMQ27329.tomts35-srv.bellnexxia.net@ronniepc> Message-ID: <1083705621.3300.64.camel@bach.kevinspicer.co.uk> On Tue, 2004-05-04 at 22:08, Ronnie Regev wrote: > Unfortunately that did not work. > Any other ideas as to how I can accomplish this? The Gtube test will trigger the high scoring spam actions. Did you make sure to use the ruleset for High Scoring Spam Actions as well? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Tue May 4 22:41:55 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:02 2006 Subject: Finally: I'm live... :) In-Reply-To: <4097FD05.DBF8CD5B@ucsc.edu> Message-ID: <20040504214206.9932D21C2D9@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John Rudd > Sent: Tuesday, May 04, 2004 4:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Finally: I'm live... :) > > Jason Williams wrote: > > > > As im monitoring the server here, as far as resources, what should I be > > keeping on eye on? > > > > > The size of your queue's. (at our site, this is by far the most > important thing to monitor on our mailscanner mail servers) > > > What I do is a really basic/cheesy report that basically just does a "ls > $QUEUE/qf* | wc -l" for each queue (for me, that's /var/spool/mqueue.in > and /var/spool/mqueue). I run it via inet, and then I have a process on > my workstation ("mqc" - mail queue counts) that polls each of my > mailservers every 30 seconds, and displays the output in "waterfall" > type format: > > cats-mx1(in:m) cats-mx2(in:m) cats-mx3(in:m) cats-mx4(in:m) > 39:726 53:550 37:452 19:544 > 30:717 68:549 19:453 19:544 > 26:705 91:548 26:450 19:543 > 22:711 96:556 38:450 39:543 > 13:715 103:549 46:450 53:545 > 11:711 75:582 42:452 57:546 > 7:699 89:553 58:452 142:543 > 8:703 92:553 63:452 151:543 > 4:701 84:564 64:457 149:543 > 18:701 79:569 60:453 142:543 > 43:697 97:555 35:463 145:544 > > ("in" is the number of messages in mqueue.in, and "m" is the number of > messages in the outgoing/regular mqueue; the report repeats the header > line every 20 lines, so that it never completely scrolls off the window) > > So, you can see here that cats-mx4 has had a little bit of extra traffic > kick in recently. And cats-mx2 had a small peak there as well. On a > typical day, I see low hundreds's most of the time. When I get hit by a > virus or a mass mailing, they'll shoot up. If an mqueue.in gets above > 1200 I get nervous. If it goes over 3000, I'm pretty sure that it wont > get back to normal without outside intervention (it is my experience > that during normal day operations, if I add to that enough traffic to > get up to the 3000 range, then it wont go back below that during > business hours, so if I need to get it back under that level, I need to > do something about it). > > 1200-1600 is in the "15 minutes from SMTP receipt to SMTP relay/Local > delivery" threshold, which is our service level agreement with the rest > of campus, so that's why I start getting nervous around there ... if > we're in that range too long, then I also need to figure out what I'm > going to do about it. > > This also helps me see problems as they're forming. For example: > There's a virus that makes some of our resnet (students in the dorms) > computers into spam generators, and they'll send messages at a VERY high > rate: tens of thousands per hour. Having a background window with that > cascade running lets me see those as they're building up in momentum, > and then I have a script ("qstat") that will rip through the qf files > and identify which host (via the $_ relay line of the qf file) has the > most traffic waiting in mqueue.in. Usually, if I see one host that has > more than 100 submissions, or more than 10% if it's over 1000, then > that's a bad thing. You can then look at the qf and df file for some of > those messages (if that's legal at your site ... here the law basically > restricts me to analyzing the qf file only) and verify that it's > something negative. Once I'm confident it's an attack of some sort, I > usually: > > a) kill mailscanner (so that new messages from that host aren't leaking > through while I clean up; but I don't kill sendmail because I don't want > to interrupt service, from a user perspective) > b) add that host to my sendmail access file for blocking > c) push that access file out to all of my mail servers (and that process > includes doing loading/converting the access file into the access > database) > d) run a script that removes every queue file whose qf file $_ matches > the host ("qflush") (this part can take a long time) > e) restart mailscanner > > > If anyone wants to see the scripts (the inetd.conf scripts, mqc, qstat > and qflush) I'd be happy to share them. Some of it (mqc in particular) > might be overkill if you're just running one server with 2 queues, but > still, it's good to see the health of your queues over time. It's a nice and simple system. I'm sure that many on the list would be interested. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > The inetd.conf scripts are also used by our bigbrother / bigsister > server to throw warnings when different thresholds are met. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From cparker at SWATGEAR.COM Tue May 4 22:44:22 2004 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:25:02 2006 Subject: Finally: I'm live... :) Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B89D9@ati-ex-01.ati.local> John Rudd on Tuesday, May 04, 2004 1:29 PM said: > If anyone wants to see the scripts (the inetd.conf scripts, mqc, qstat > and qflush) I'd be happy to share them. Some of it (mqc in > particular) might be overkill if you're just running one server with > 2 queues, but still, it's good to see the health of your queues over > time. interesting read john! i've got one server with 64mb of ram and i get nervous when i start seeing 5-10 emails in the incoming queue!! :) i'd be very interested in hearing more about your mqc script. chris. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ed at ESSON.NET Tue May 4 22:38:43 2004 From: ed at ESSON.NET (Ed Kasky) Date: Thu Jan 12 21:25:02 2006 Subject: RBL checking In-Reply-To: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgag e.com> References: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> Message-ID: <6.0.0.22.2.20040504142026.01b930d8@mail.esson.net> At 02:08 PM Tuesday, 5/4/2004, jason wrote -=> >Just wanted to see what people thought about the various RBL's. Which ones >are good, which are bad etc. > >Also, I'm working on a script of some sort (command even) that will parse >my logs and be able to sort out some statistics to see the stats on how >many rejections each specific RBL is doing... > >Be nice to get a print out of some sort to see a nice break down... As you can tell by the mail volume, we have a small business with one mail server. Since 4 am Sunday, 843 emails were rejected either by an rbl, a virus detection or an entry in the access.db. That's nearly half of the email. Of what does get through, slightly less than 10% is spam. SpamAssassin Results: spam: 73 clean: 796 skipped: 0 total: 869 processed: 869 ========================================= Blocked by access.db and rbl's: open relay: 83 bad domain: 21 isp ignores spam reports: 9 failed ip name lookup: 3 can't report to postmaster: 40 no authentication: 17 access denied: 69 spamhaus: 85 spamcop: 168 maps rbl+: 174 dsbl.org: 11 njabl.org: 44 total rejected: 724 **Virus trapped: 19 ========================================= What I did was to take Rich Puhek's script and add to it based on my setup: http://users.2z.net/rpuhek/scripts_public/spamd/spam-stats I continue to build the access.db with results from collected spam using some scripts that were written by one of the developers of SpamAssassin. Ed . . . . . . . . Bad day: Spouse is reading a new book : "Celibacy. The Secret Weapon." -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue May 4 22:53:17 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:02 2006 Subject: RBL checking In-Reply-To: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> Message-ID: <409810CD.2030609@ucgbook.com> Jason Williams wrote: > Just out of curiosity, I have setup a couple of RBL checks to be done by > sendmail. The three I use are: In your case with a low volume server with no load at all I think it's a big risk to use RBLs in Sendmail. You should have them in SA instead for more accurate results. Only with a higher load you need to cut spam earlier in the process. > Also, I'm working on a script of some sort (command even) that will parse > my logs and be able to sort out some statistics to see the stats on how > many rejections each specific RBL is doing... Weren't you looking into Vispan? It sorts all SA traps, including RBLs. Spamcop and SBL-XBL are my two best ones. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue May 4 23:02:56 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:02 2006 Subject: {Dangerous Filename?} Re: Virus not caught In-Reply-To: <3BAD5B387A137442B69B2704F49D9A05872C@ares.brueggers.com> Message-ID: Warning: This message has had one or more attachments removed Warning: (msg21841.pif). Warning: Please read the "ECS-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" is on the list of unacceptable attachments for this site and has been replaced by this warning message. If you wish to receive a copy of the original attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Tue May 4 23:03:51 2004 the virus scanner said: MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (msg21841.pif) No programs allowed (msg21841.pif) Note to Help Desk: Look on jackdaw in /var/spool/MailScanner/quarantine/20040504 (message i44M3b4r025423). -- Postmaster MailScanner thanks transtec Computers for their support From bpumphrey at WOODMACLAW.COM Tue May 4 23:13:47 2004 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:25:02 2006 Subject: Connection Refused by... Message-ID: I'm starting a new topic on this one. (came from another topic) Yes, 10.1.1.2 is a exchange server that the mail goes to after mailscanner. I suppose it's a setting or something on the exchange server or something but I wouldn't even know where to start. Billy A. Pumphrey wrote: > Sounds like you have a beefy server, especially for 30 to 70 users. > > I have 75 users and don't have a beefy server: > 500mhz > 384RAM > > Here are a few mail log entries: > > REGULAR DELAY FOR ME: > > > May 2 04:04:17 MailScanner sendmail[19765]: i42942m4019765: > to=, delay=00:00:01, mailer=esmtp, pri=30263, > stat=queued > > May 2 04:04:32 MailScanner sendmail[19769]: i4294Rm4019769: > to=, delay=00:00:01, mailer=esmtp, pri=30552, > stat=queued > > HI DELAY: > I'm guessing that its high here because of the connection refused by, > which I don't know what that means. > May 2 04:10:36 MailScanner sendmail[19923]: i428lEm4019071: > to=, delay=00:23:22, xdelay=00:00:00, mailer=esmtp, > pri=300394, relay=[10.1.1.2], dsn=4.0.0, stat=Deferred: Connection > refused by [10.1.1.2] > > May 2 04:10:39 MailScanner sendmail[19923]: i428LVm4018713: > to=, delay=00:49:06, xdelay=00:00:00, mailer=esmtp, > pri=480812, relay=[10.1.1.2], dsn=4.0.0, stat=Deferred: Connection > refused by [10.1.1.2] > > I have no idea why, but my log is full of connection refused like the > above. Hhmmm... > What is 10.1.1.2? Your internal mail server? It means that this server isn't responding to a connection request on smtp (25) server. This usually means that the mail service is down, overwhelmed or the server itself is down. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Tue May 4 23:16:45 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:25:02 2006 Subject: {Dangerous File Type?} Re: [MAILSCANNER] Virus not caught In-Reply-To: References: Message-ID: <4098164D.1050803@themarshalls.co.uk> Well it didn't like it here :-P Raymond Dijkxhoorn wrote: >Warning: This message has had one or more attachments removed >Warning: (msg21841.pif). >Warning: Please read the "TheMarshalls-Attachment-Warning.txt" attachment(s) for more information. > >This is a message from the MailScanner E-Mail Virus Protection Service >---------------------------------------------------------------------- >The original e-mail attachment "the entire message" >is on the list of unacceptable attachments for this site and has been >replaced by this warning message. > >If you wish to receive a copy of the original attachment, please >e-mail the helpdesk (helpdesk@themarshalls.co.uk) and include the >whole of this message in your request. > >At Tue May 4 23:03:00 2004 the virus scanner said: > MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (msg21841.pif) > No programs allowed (msg21841.pif) > >Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine/20040504 (message 36C7D9B408). > > -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mark at TIPPINGMAR.COM Tue May 4 23:18:59 2004 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:25:02 2006 Subject: TNEF wish list Message-ID: <4097B463.15715.4334D8A2@localhost> We are receiving more TNEF junk all the time even though most of our users don't use Outlook and so can't deal with it (we mostly use Pegasus mail). The only time this causes a problem is when the receiver is expecting a file attachment and it is wrapped up in the "winmail.dat" mess in such a way that they can't get at it. Since MailScanner knows how to decode TNEF, would it be possible for MailScanner to extract real files and re-attach them in a standard sort of way? Or is there another server-based way of doing this? -- Mark W. Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave, Berkeley, CA 94704 visit our website at http://www.tippingmar.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Tue May 4 23:21:31 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:02 2006 Subject: {Dangerous File Type?} Re: [MAILSCANNER] Virus not caught In-Reply-To: <4098164D.1050803@themarshalls.co.uk> Message-ID: Hi! > Well it didn't like it here :-P > > Raymond Dijkxhoorn wrote: > >The original e-mail attachment "the entire message" > >is on the list of unacceptable attachments for this site and has been > >replaced by this warning message. > > > >If you wish to receive a copy of the original attachment, please > >e-mail the helpdesk (helpdesk@themarshalls.co.uk) and include the > >whole of this message in your request. Sure, since you reject .pif's :) Not much to do with a virus however this time. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From drew at THEMARSHALLS.CO.UK Tue May 4 23:33:10 2004 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:25:02 2006 Subject: {Dangerous File Type?} Re: [MAILSCANNER] Virus not caught In-Reply-To: References: Message-ID: <40981A26.7040708@themarshalls.co.uk> Raymond Dijkxhoorn wrote: >Not much to do with a virus however this time. > > Oh. Did I miss anything exciting? I need something to remove the boredom of telling people who didn't bother patching their M$ systems and now have a nice copy of the Sasser worm why their systems keep falling over. -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Tue May 4 23:36:01 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:02 2006 Subject: Connection Refused by... In-Reply-To: References: Message-ID: <40981AD1.6030502@ucgbook.com> Billy A. Pumphrey wrote: > I'm starting a new topic on this one. (came from another topic) > > Yes, 10.1.1.2 is a exchange server that the mail goes to after > mailscanner. I suppose it's a setting or something on the exchange > server or something but I wouldn't even know where to start. I guess you don't run the Exchange server too but can you confirm with those who do that they didn't have problems at those times? I deliver to Exchange servers too and they go down several times a week and I see it immediately in my stats and always report how many retries I did and how much mail was queued and stuff like that. The Microsoft guys squirms in their chairs because they have no clue what happened, they just rebooted. :-) >>REGULAR DELAY FOR ME: >> >>May 2 04:04:17 MailScanner sendmail[19765]: i42942m4019765: >>to=, delay=00:00:01, mailer=esmtp, pri=30263, >>stat=queued Don't look at these since it's the receiving end (stat=queued), not the delivering one. >>HI DELAY: >>I'm guessing that its high here because of the connection refused by, >>which I don't know what that means. >>May 2 04:10:36 MailScanner sendmail[19923]: i428lEm4019071: >>to=, delay=00:23:22, xdelay=00:00:00, > > mailer=esmtp, > >>pri=300394, relay=[10.1.1.2], dsn=4.0.0, stat=Deferred: Connection >>refused by [10.1.1.2] These are the ones you should look at for delay times (stat=sent or stat=deferred). This (deferred) just means that they need to reboot it again. It's not a problem at your end. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From William.Burns at AEROFLEX.COM Tue May 4 23:40:37 2004 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:25:02 2006 Subject: Blocking from my own forged domain (smtp+spf) In-Reply-To: <4097E46D.10508@plumhall.com> References: <000f01c431dd$1654b4c0$7601a8c0@cnpapers.net> <4097E46D.10508@plumhall.com> Message-ID: <40981BE5.7090100@aeroflex.com> John Breeden wrote: > I'm assuming that cnpapers.net is your domain. If so you might want to > check out smtp+spf at http://spf.pobox.com/ > John: That (SPF) sounds like the best general solution to me. > Stephe Campbell wrote: > >> Any solid solutions or ideas would be appreciated, as well as any >> failings >> of this idea of IP blocking being brought forth and pointed out to me >> But... Stephe: The downside is that some companies will have home users and/or road-warrior types. The home user could have his mail browser configured to use the SMTP server of his ISP. (otherwise, "said" company has to deal w/ relaying for random users on the internet) If the home user also has his "From: " address set to the company e-mail address, then you've got to find out what SMTP server he's using, and add that to your SPF config. If you've got a couple "smart" home users, who might configure their own e-mail settings, or switch between ISPs, then you have to worry about their SMTP servers changing to something that's not on your SPF list and accidentally bouncing their mail. Richard Brown wrote: >I've not used the IPBlock myself, but I believe from the discussion when it >was first implemented it will create an access map for sendmail that blocks >persistent senders of spam/viruses from delivering the mail to sendmail. > It does? http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/234.html Wow. It does! Now... There's gotta be a way to combine this w/ the greylist solution... IPBlock addresses that have lots of hits on the greylist. Yea.... -Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Wed May 5 00:08:05 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:02 2006 Subject: Whitelisting...I know how to do it...question on one rule Message-ID: <5.2.1.1.0.20040504160253.02a3f708@corpmail.courtesymortgage.com> Yes whitelisting...I know how to do it. I searched the archives before I came here. Here is my question. Since I do not want to scan outgoing mail for spam, I made the following changes: Spam Checks = /usr/local/etc/MailScanner/rules/spam.rules spam.rules contains: From: 192.168.1.165 no FromOrTo: default yes 192.168.1.165 -- is my internal mail server that sends out through Mail Server. So that stops all mail coming from 192.168.1.165 from being scanned for spam. Now, if I want to start whitelisting some domains and email addresses, I was going to edit: spam.whitelist.rules My main question is I only need to specify From: and not FromOrTo: correct? From: obviously is any incoming mail into the server from the outside. To: Would be any email being sent to a certain address or domain Now, since i've already whitelisted my internal mail server, From: is all I would need, correct? If I used FromOrTo: that would be overkill? Just thought i'd clarify here. Cheers, Jas -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james_gray at OCS.COM Tue May 4 22:57:49 2004 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:25:02 2006 Subject: All children die of old age - none respawned Message-ID: <200405050757.49266.james_gray@ocs.com> Greetings All, We have a FreeBSD 4.6+MailScanner 4.29-7[1]+SA 2.63+NAI VirusScan server running on some very capable hardware[2] in our data centre. However, twice in the last two weeks it has failed in a strange way. The parent "MailScanner" process will be running but there are no child workers (I know child labour is banned under UN provisions, but this is a bit extreme :P). The last few entries by MailScanner in the log simply say the children are dying due to old age, but there are no new children spawned to replace them. These are interspersed with some processing but basically the situation is that over about a 20 minute period all the children die due to old age but none are respawned. Children are configured to have a 4 hour life cycle on our system and normally this isn't a problem. When we have no mail flowing though users will scream (like they do) - this gateway box serves our global mail system. Our company has offices in APAC, Europe and the USA, so 4 hours without mail is a killer :( Last night a well-meaning but unqualified engineer decided rebooting the entire server was a good idea in trying to get the mail flowing again and nuked my 361 days of uptime! ARGH!! :( The last time this 'no children' problem occurred giving the MailScanner parent the HUP signal fixed it. I'll be upgrading to MS-4.30-2[1] today but does anyone here have any other ideas where to look? Is this a "known" problem that's been fixed in the new version? This server has been running MailScanner for about 8 months without a problem apart from these two recent outages. :( Regards, James [1] Tar ball version, NOT the FreeBSD"ports" version. [2] Compaq Proliant 380-G2, 1 x P3 1.2GHz, 1GB RAM, 76GB SCSI-U160 15K RPM hardware RAID-5 with 128MB cache, 2 x 1Gbps ethernet (1 internet, the other LAN) and /var/spool/MailScanner/incoming mounted in tmpfs. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james_gray at OCS.COM Tue May 4 23:17:43 2004 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:25:02 2006 Subject: spam.assassin.prefs.conf ruleset In-Reply-To: <4096955E.28004.FF6FF4B@localhost> References: <4096955E.28004.FF6FF4B@localhost> Message-ID: <200405050817.43284.james_gray@ocs.com> On Tue, 4 May 2004 07:54 am, Mariano Absatz wrote: > Hi, > > one of the setups I have is an old MS 4.23-11 with SpamAssassin 2.63. > > It works quite nice, but I had a request from a group of people to use a > special set of SA scores with some (only some) of the scores changed from > the default 50_scores.cf. > > That seemed like a fit situation for rulesets, so I copied my > spam.assasssin.prefs.conf to spam.assassin.prefs-other.conf and made a > simple ruleset named spam.assassin.prefs.rules that says: > > To: someone@example.com spam.assassin.prefs-other.conf > To: anotherone@example.com spam.assassin.prefs-other.conf > FromOrTo: default spam.assassin.prefs.rules You could implement this in a single SpamAssassin rule file using meta rules. You have said there are only a few rules that you are changing the score of so try this: header __TO_CUST_SCORE1 To =~ /someone\@example\.com/i header __TO_CUST_SCORE2 To =~ /anotherone\@example\.com/i meta CUST_SCORE1 (__TO_CUST_SCORE1 && SA_TEST_NAME) meta CUST_SCORE2 (__TO_CUST_SCORE2 && SA_TEST_NAME) describe CUST_SCORE1 Custom score for someone@example.com describe CUST_SCORE2 Custom score for anotherone@example.com score CUST_SCORE1 x.y score CUST_SCORE2 a.b You get the idea? the problem is that if you had 3 users who wanted the score of 3 rules changed that would (at worst) result in 9 separate rules and scores :( You can combine common rules/users with the OR operator which is two vertical bars (||) and the NOT operator (!) can be combined to negate rules like this: meta FOO (RULE_1 && !RULE_2) returns true if RULE_1 is true and RULE_2 is false. meta FOO (!RULE_1 || RULE_2) returns true is RULE_1 is false or RULE_2 is true. By prefixing a rule with two underscores like __FOO_RULE tells spamassassin not to associate a score with it. Useful for "meta" rules which combine a number of matches (rules) to create a more complex rule that combines body/header/uri/subject elements etc. All this stuff is in the spamassassin.conf documentation :) Good luck. James -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ssl at AHSC.ARIZONA.EDU Wed May 5 01:27:53 2004 From: ssl at AHSC.ARIZONA.EDU (shanna leonard) Date: Thu Jan 12 21:25:02 2006 Subject: RBL checking In-Reply-To: <6.0.0.22.2.20040504142026.01b930d8@mail.esson.net> References: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> <6.0.0.22.2.20040504142026.01b930d8@mail.esson.net> Message-ID: <40983509.6060501@ahsc.arizona.edu> Ed Kasky wrote: > At 02:08 PM Tuesday, 5/4/2004, jason wrote -=> > >> Just wanted to see what people thought about the various RBL's. Which >> ones >> are good, which are bad etc. >> >> Also, I'm working on a script of some sort (command even) that will >> parse >> my logs and be able to sort out some statistics to see the stats on how >> many rejections each specific RBL is doing... >> >> Be nice to get a print out of some sort to see a nice break down... > per advice on this list, I am using sbl-xbl spamhaus list for reject via sendmail. (it is apparently more conservative than some) I am bouncing about 3.5k messages a day thru rbl rejects using xbl+sbl and dul.dnsbl.sorbs.net in sendmail (all but about 700 of those are from xbl+sbl)- I have not yet had a false positive report from these. (not saying it hasnt happened, just that I havent heard :) - by contrast MailScanner identifies approx 700 spams and 450 viruses a day. I use other RBLs to contribute to SA score. here are my tweaks in spam.assassin.prefs.conf - not saying to follow my example necessarily. score RCVD_IN_BL_SPAMCOP_NET 2.5 score RCVD_IN_DSBL 1.0 score RCVD_IN_DYNABLOCK 2.2 score RCVD_IN_NJABL .4 score RCVD_IN_NJABL_PROXY 1.0 score RCVD_IN_NJABL_RELAY 1.0 score RCVD_IN_NJABL_DIALUP 2.2 score RCVD_IN_OPM 4.3 score RCVD_IN_SORBS .7 score RCVD_IN_SORBS_WEB 1.0 score RCVD_IN_SORBS_SPAM .5 score RCVD_IN_RFCI 0.5 score DNS_FROM_RFCI_DSN 1.5 score NO_DNS_FOR_FROM 2.0 -- ---- MHO --- shanna leonard arizona health sciences library 626-2923 ---------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed May 5 01:37:14 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:02 2006 Subject: Connection Refused by... In-Reply-To: <40981AD1.6030502@ucgbook.com> References: <40981AD1.6030502@ucgbook.com> Message-ID: Peter Bonivart wrote: > Billy A. Pumphrey wrote: > >> I'm starting a new topic on this one. (came from another topic) >> >> Yes, 10.1.1.2 is a exchange server that the mail goes to after >> mailscanner. I suppose it's a setting or something on the exchange >> server or something but I wouldn't even know where to start. > > > I guess you don't run the Exchange server too ==> I think he is... from the way he writes and from the priate IP address of the exchange server. >but can you confirm with > those who do that they didn't have problems at those times? I deliver to > Exchange servers too and they go down several times a week and I see it > immediately in my stats and always report how many retries I did and how > much mail was queued and stuff like that. The Microsoft guys squirms in > their chairs because they have no clue what happened, they just > rebooted. :-) > >>> REGULAR DELAY FOR ME: >>> >>> May 2 04:04:17 MailScanner sendmail[19765]: i42942m4019765: >>> to=, delay=00:00:01, mailer=esmtp, pri=30263, >>> stat=queued > > > Don't look at these since it's the receiving end (stat=queued), not the > delivering one. > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed May 5 01:37:52 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:02 2006 Subject: Connection Refused by... In-Reply-To: References: Message-ID: Billy A. Pumphrey wrote: > I'm starting a new topic on this one. (came from another topic) > > Yes, 10.1.1.2 is a exchange server that the mail goes to after > mailscanner. I suppose it's a setting or something on the exchange > server or something but I wouldn't even know where to start. > does the system gets most of the mail delivered? Do you see this message often? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Wed May 5 02:23:43 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:02 2006 Subject: RBL checking In-Reply-To: <409810CD.2030609@ucgbook.com> References: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040504182225.02a34c80@corpmail.courtesymortgage.com> >In your case with a low volume server with no load at all I think it's a >big risk to use RBLs in Sendmail. You should have them in SA instead for >more accurate results. Only with a higher load you need to cut spam >earlier in the process. What about using RBL checks within MS? I know it is in between MTA and SA. Does MS log the RBL checks if it receives a bad one? >Weren't you looking into Vispan? It sorts all SA traps, including RBLs. >Spamcop and SBL-XBL are my two best ones. I saw that. Quite like it really. I'm looking to possibly put on mrtg graphs here for a little bit more information... SO many things...I need more mail servers to play with. Jas -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed May 5 02:33:19 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:02 2006 Subject: RBL checking In-Reply-To: <5.2.1.1.0.20040504182225.02a34c80@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> <5.2.1.1.0.20040504140445.02a537b8@corpmail.courtesymortgage.com> <409810CD.2030609@ucgbook.com> <5.2.1.1.0.20040504182225.02a34c80@corpmail.courtesymortgage.com> Message-ID: Jason Williams wrote: >> In your case with a low volume server with no load at all I think it's a >> big risk to use RBLs in Sendmail. You should have them in SA instead for >> more accurate results. Only with a higher load you need to cut spam >> earlier in the process. > > > What about using RBL checks within MS? I know it is in between MTA and SA. > Does MS log the RBL checks if it receives a bad one? When you get a positive RBL check in MS, it is tagged as regular spam. You can configure it to be high-scoring spam when you get x number of positives RBL checks for a message. > > > >> Weren't you looking into Vispan? It sorts all SA traps, including RBLs. >> Spamcop and SBL-XBL are my two best ones. > > > I saw that. Quite like it really. I'm looking to possibly put on mrtg > graphs here for a little bit more information... Installing mailscanner-mrtg is quite easy. > > SO many things...I need more mail servers to play with. Install one at home :). That's what I did. > > Jas > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Wed May 5 03:34:10 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:02 2006 Subject: MS 4.30.3 can't count?? Message-ID: Julian, I upgraded to 4.30.3 this morning, and later on noticed in my syslogs: SpamAssassin timed out and was killed, failure -156 of 20 with random negative numbers in there. Later on, probably after a four-hour restart, it started counting correctly again. Maybe a counter isn't initialized at startup? (Setup: MS 4.303, SA 2.63, Sol 9, Sun V1280, razor, perl 5.8.3, threaded) Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From andrew at DONEHUE.NET Wed May 5 04:46:27 2004 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:25:02 2006 Subject: separate queue per domain Message-ID: <40986393.5000207@donehue.net> Hi All, I am trying to seperate the outgoing queues based on domain name (and with a default) - how do I go about creating a seperate file for this? - ie instead of - Outgoing Queue Dir = /var/spool/mqueue.exim/input I wanted to have - domain1 = /var/spool/mqueue.exim.domain1.input domain2 = /var/spool/mqueue.exim.domain2.input default = /var/spool/mqueue.exim.default Many Thanks, Andrew. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed May 5 10:10:12 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:02 2006 Subject: separate queue per domain In-Reply-To: <40986393.5000207@donehue.net> References: <40986393.5000207@donehue.net> Message-ID: <6.0.1.1.2.20040505100840.03c59c78@imap.ecs.soton.ac.uk> At 04:46 05/05/2004, you wrote: >Hi All, > >I am trying to seperate the outgoing queues based on domain name (and >with a default) - how do I go about creating a seperate file for this? - > >ie instead of - >Outgoing Queue Dir = /var/spool/mqueue.exim/input > >I wanted to have - >domain1 = /var/spool/mqueue.exim.domain1.input >domain2 = /var/spool/mqueue.exim.domain2.input >default = /var/spool/mqueue.exim.default It's our old favourite "use a ruleset" answer again :-) Set Outgoing Queue Dir = /etc/MailScanner/rules/outgoing.queue.rules And then in that file put To: domain1.com /var/spool/mqueue.exim.domain1.input To: domain2.com /var/spool/mqueue.exim.domain2.input FromOrTo: default /var/spool/mqueue.exim.default Please read the MAQ, the location of which is at the bottom of this posting. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed May 5 10:07:51 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:02 2006 Subject: MS 4.30.3 can't count?? In-Reply-To: References: Message-ID: <6.0.1.1.2.20040505100707.03c107a8@imap.ecs.soton.ac.uk> Can you try this patch to SA.pm please: -----SNIP----- --- SA.pm.old 2004-05-05 10:11:37.000000000 +0100 +++ SA.pm 2004-05-05 10:12:10.000000000 +0100 @@ -469,6 +469,7 @@ # Roll the queue along one $SAsuccessqsum += (shift @SAsuccessqueue)?1:-1 if @SAsuccessqueue>$queuelength; + $SAsuccessqsum = 0 if $SAsuccessqsum<0; }; alarm 0; # Workaround for bug in perl shipped with Solaris 9, @@ -510,6 +511,7 @@ # Roll the queue along one $SAsuccessqsum += (shift @SAsuccessqueue)?1:-1 if @SAsuccessqueue>$queuelength; + $SAsuccessqsum = 0 if $SAsuccessqsum<0; if ($SAsuccessqsum>$maxfailures && @SAsuccessqueue>=$queuelength) { MailScanner::Log::WarnLog("SpamAssassin timed out (with no network" . -----SNIP----- If that fixes it, I'll apply it to the RBL checking counter code as well. At 03:34 05/05/2004, you wrote: >Julian, > I upgraded to 4.30.3 this morning, and later on noticed in >my syslogs: > >SpamAssassin timed out and was killed, failure -156 of 20 > >with random negative numbers in there. Later on, probably >after a four-hour restart, it started counting correctly >again. Maybe a counter isn't initialized at startup? >(Setup: MS 4.303, SA 2.63, Sol 9, Sun V1280, razor, perl 5.8.3, >threaded) > >Jeff Earickson >Colby College > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From andrew at DONEHUE.NET Wed May 5 12:09:29 2004 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:25:02 2006 Subject: separate queue per domain In-Reply-To: <6.0.1.1.2.20040505100840.03c59c78@imap.ecs.soton.ac.uk> References: <40986393.5000207@donehue.net> <6.0.1.1.2.20040505100840.03c59c78@imap.ecs.soton.ac.uk> Message-ID: <4098CB69.3050506@donehue.net> Thankyou, I didn't see it - I prefer the docs to asking :) Many thanks, Andrew. Julian Field wrote: > At 04:46 05/05/2004, you wrote: > >> Hi All, >> >> I am trying to seperate the outgoing queues based on domain name (and >> with a default) - how do I go about creating a seperate file for this? - >> >> ie instead of - >> Outgoing Queue Dir = /var/spool/mqueue.exim/input >> >> I wanted to have - >> domain1 = /var/spool/mqueue.exim.domain1.input >> domain2 = /var/spool/mqueue.exim.domain2.input >> default = /var/spool/mqueue.exim.default > > > It's our old favourite "use a ruleset" answer again :-) > > Set > Outgoing Queue Dir = /etc/MailScanner/rules/outgoing.queue.rules > > And then in that file put > To: domain1.com /var/spool/mqueue.exim.domain1.input > To: domain2.com /var/spool/mqueue.exim.domain2.input > FromOrTo: default /var/spool/mqueue.exim.default > > Please read the MAQ, the location of which is at the bottom of this > posting. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From newsgroup2 at SPACELINK.COM.AU Wed May 5 12:18:13 2004 From: newsgroup2 at SPACELINK.COM.AU (Stuart Clark) Date: Thu Jan 12 21:25:02 2006 Subject: Please Help me reading sendmail logs Message-ID: <200405051118.i45BIHj09200@mail022.syd.optusnet.com.au> Hi all Can someone please explain what is happening below? Mailscanner is running on a secondary MX server Which part tells me where it is coming from? It looks like the relay is attempting to contact outside servers. I can't understand why this is happening when my relay-domains file dosen't have any of the below domain included. Regards Stuart May 5 21:07:51 proxy sendmail[3973]: i423mYrx014053: to=, delay=3+07:19:14, xdelay=00:00:00, mailer=esmtp, pri=28023458, relay=222.47.94.18., dsn=4.0.0, stat=Deferred: Connection refused by 222.47.94.18. May 5 21:08:51 proxy sendmail[3973]: i421Y931009986: to=, delay=3+09:34:42, xdelay=00:01:00, mailer=esmtp, pri=28380382, relay=pop.dq06.net. [64.94.218.249], dsn=4.0.0, stat=Deferred: Connection timed out with pop.dq06.net. May 5 21:08:52 proxy sendmail[3973]: i422DiUD011254: to=, delay=3+08:55:07, xdelay=00:00:00, mailer=esmtp, pri=28652924, relay=222.47.94.18., dsn=4.0.0, stat=Deferred: Connection refused by 222.47.94.18. May 5 21:08:52 proxy sendmail[3973]: i42206oX010732: to=, delay=3+09:08:46, xdelay=00:00:00, mailer=esmtp, pri=28742866, relay=222.47.94.18., dsn=4.0.0, stat=Deferred: Connection refused by 222.47.94.18. May 5 21:09:12 proxy sendmail[5059]: i436lBwN032733: to=, delay=2+04:21:56, xdelay=00:10:00, mailer=esmtp, pri=16954712, relay=mail.reportedblond.com., dsn=4.0.0, stat=Deferred May 5 21:09:13 proxy sendmail[5059]: i43A551K007009: to=, delay=2+01:04:08, xdelay=00:00:01, mailer=esmtp, pri=17402621, relay=ondagrupera.com. [208.38.59.182], dsn=4.0.0, stat=Deferred: Connection refused by ondagrupera.com. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Wed May 5 12:26:48 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:02 2006 Subject: Please Help me reading sendmail logs Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D10@pascal.priv.bmrb.co.uk> Stuart Clark wrote: > Hi all > > Can someone please explain what is happening below? > > Mailscanner is running on a secondary MX server > > > Which part tells me where it is coming from? > > It looks like the relay is attempting to contact outside servers. I > can't understand why this is happening when my relay-domains file > dosen't have any of the below domain included. It will be relaying _for_ those domains, in other words these are probably outgoing from one of the relay domains. If you want to pass these to a specific server you need to specify a smarthost. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Wed May 5 13:30:19 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:25:02 2006 Subject: spam.assassin.prefs.conf ruleset In-Reply-To: <200405050817.43284.james_gray@ocs.com> References: <4096955E.28004.FF6FF4B@localhost> Message-ID: <4098B42B.2878.183F731F@localhost> Hi James, thanx for your answer... the problem is that I have to be able to add/remove rules and users to this 'differentiated set' with some ease (that is, I have to train a not-so-skilled sysadmin to do this), so creating and modifying rules and meta-rules is kinda out of the question... I'll keep looking for an alternative. Thank you again. El 5 May 2004 a las 8:17, James Gray escribi?: > On Tue, 4 May 2004 07:54 am, Mariano Absatz wrote: > > Hi, > > > > one of the setups I have is an old MS 4.23-11 with SpamAssassin 2.63. > > > > It works quite nice, but I had a request from a group of people to use a > > special set of SA scores with some (only some) of the scores changed from > > the default 50_scores.cf. > > > > That seemed like a fit situation for rulesets, so I copied my > > spam.assasssin.prefs.conf to spam.assassin.prefs-other.conf and made a > > simple ruleset named spam.assassin.prefs.rules that says: > > > > To: someone@example.com spam.assassin.prefs-other.conf > > To: anotherone@example.com spam.assassin.prefs-other.conf > > FromOrTo: default spam.assassin.prefs.rules > > You could implement this in a single SpamAssassin rule file using meta rules. > You have said there are only a few rules that you are changing the score of > so try this: > > header __TO_CUST_SCORE1 To =~ /someone\@example\.com/i > header __TO_CUST_SCORE2 To =~ /anotherone\@example\.com/i > meta CUST_SCORE1 (__TO_CUST_SCORE1 && SA_TEST_NAME) > meta CUST_SCORE2 (__TO_CUST_SCORE2 && SA_TEST_NAME) > describe CUST_SCORE1 Custom score for someone@example.com > describe CUST_SCORE2 Custom score for anotherone@example.com > score CUST_SCORE1 x.y > score CUST_SCORE2 a.b > > You get the idea? the problem is that if you had 3 users who wanted the score > of 3 rules changed that would (at worst) result in 9 separate rules and > scores :( > > You can combine common rules/users with the OR operator which is two vertical > bars (||) and the NOT operator (!) can be combined to negate rules like this: > > meta FOO (RULE_1 && !RULE_2) > returns true if RULE_1 is true and RULE_2 is false. > > meta FOO (!RULE_1 || RULE_2) > returns true is RULE_1 is false or RULE_2 is true. > > By prefixing a rule with two underscores like __FOO_RULE tells spamassassin > not to associate a score with it. Useful for "meta" rules which combine a > number of matches (rules) to create a more complex rule that combines > body/header/uri/subject elements etc. > > All this stuff is in the spamassassin.conf documentation :) > > Good luck. > > James -- Mariano Absatz El Baby ---------------------------------------------------------- Hard work has a future payoff. Laziness pays off now. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at LISTS.COM.AR Wed May 5 13:30:12 2004 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:25:02 2006 Subject: Rule to filter "true" From: address....? In-Reply-To: <54191.64.118.232.46.1083717988.squirrel@www.islandb.com> Message-ID: <4098B424.11114.183F5637@localhost> Hi Brooks, there's no such thing as 'the real from address' in plain smtp world :-( As you probably know, there are two 'from addresses' in a message that are often confused. One is the one you see in the headers as: From: Brooks Weisblat In this case, 'mailscanner@islandb.com' is the 'header from' or 'RFC 822 from'. This is, "in theory", the human responsible for this message. The message transmision system, including MailScanner, ignore this address. Then you have the 'envelope from' address. This is the one used by the message transmission system in their SMTP protocol dialogs. Usually, the mail server responsible for final disposal of the message (e.g. your own mail server that puts the message in your mailbox for you to pick via POP3, IMAP, webmail or whatever) is kind enough to put this address in a header you can see: 'Return-Path:'. In the case of your message, it arrived with: Return-Path: owner-mailscanner@jiscmail.ac.uk That is, I suppose that, when you originated the message, the envelope from was also 'mailscanner@islandb.com', however, the list server at jiscmail.ac.uk replaced it, probably so it can handle bounces and be able to unsubscribe or suspend bouncing addresses, and you don't have to receive them. The point is that there's no guarantee that NONE of these two 'from's isn't fake. I can _very_ easily send you a message where BOTH froms are fake (e.g. your own)... I can even send that to the list and the list server wouldn't be able to tell that I'm not you. You could use SMTP AUTHentication, but then, you can only trust users authenticated thru your mail servers or mail servers that authenticate into yours (hardly any). We've developed a patch that allows us to identify our users authenticated via SMTP AUTH into our MailScanner server and automatically bounce them things, but it only works for OUR own users authenticated into OUR own servers, and only with ZMailer (no Sendmail, Exim or Postfix). We're trying this thing out and will send it to Julian so that if someone is able to do the same with the other MTAs, it come become a part of the standard MailScanner... but I don't think this would solve your problem. Regards. El 4 May 2004 a las 20:46, Brooks Weisblat escribi?: > I have a ruleset that alerts admins if a person from a certain domain name > sends an email with a virus.... > > the problem is that some of these rampant email viruses forge the "From:" > addresses..... causing the admins to get alerted when they shouldn't.... > > Is there any way to create a ruleset that would be used based on the real > From address? > > am I better off using an IP based rule? the problem with an IP based > rule, is that it wouldn't apply to users on the road, logging in from the > outside... > > thanks for any guidance.... -- Mariano Absatz El Baby ---------------------------------------------------------- I don't care to belong to a club that accepts people like me as members. -- Groucho Marx -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike-sender-1ed4e7 at zanker.org Wed May 5 13:40:27 2004 From: mike-sender-1ed4e7 at zanker.org (Mike Zanker) Date: Thu Jan 12 21:25:02 2006 Subject: Exim 4.33 Released (fwd) Message-ID: <95D65470DE506B07952AB6F7@mallard.open.ac.uk> For info... ---------- Forwarded Message ---------- Date: 05 May 2004 11:16 +0100 From: Philip Hazel To: exim-users@exim.org, exim-announce@exim.org Subject: [Exim] Exim 4.33 Released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just put Exim release 4.33 on the primary ftp site: ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.33.tar.gz ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.33.tar.bz2 - ----------------------------------------------------------------------- -------- This release fixes some bugs and adds some new facilities. As usual, all changes are in the doc/ChangeLog file and new features are described in the doc/NewStuff file. See also the README.UPDATING file for changes that might impact on some installations. The manual has *not* been updated. - ----------------------------------------------------------------------- -------- The primary ftp server is in Cambridge, England. There is a list of mirrors in: ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Mirrors The distribution files are signed with Philip Hazel's GPG key; the signature files are in the same directory. The MD5 hash codes for the distribution files are: 0925144a0bc555a561aa181db750f018 exim-4.33.tar.gz 8514c800172e4ab4e9cb90553605e1f2 exim-4.33.tar.bz2 The distribution contains an ASCII copy of the 4.30 manual and other documents. Other formats of the documentation are also available: ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-html-4.30.ta r.gz ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-pdf-4.30.tar .gz ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-postscript-4 .30.tar.gz ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-texinfo-4.30 .tar.gz The .bz2 versions of these tarbundles are also available. The HTML documentation contains the FAQ and configuration samples. These are also available separately in HTML or txt format from the ftp site: ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/FAQ-html.tar.gz ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/FAQ.txt.gz ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/config.samples.ta r.gz The ChangeLog for this, and several previous releases, is included in the distribution. Individual change log files are also available on the ftp site, the current one being: ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ChangeLogs/ChangeLog-4. 33 ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ChangeLogs/ChangeLog-4. 33.gz Documentation for new features that have not yet been included in the manual is available in the NewStuff file in the distribution. Individual NewStuff files are also available on the ftp site, the current one being: ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ChangeLogs/NewStuff-4.33 ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ChangeLogs/NewStuff-4.3 3.gz Enjoy. - -- Philip Hazel University of Cambridge Computing Service, ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iQEVAwUBQJi+Xpdm4IT7D0PYAQLmcgf/W+jhDY183HIOddSOEFehM7x38NrRisu7 AnKF4omV+Tm5SECwWjnInr+qBvXLK3PZFCd3quYKjf30iXdK4gt18cIsnerYpgeh 4zJmgbvEY2Z7ulqww2rh+blmPmg38erg8/9uttsjrsmIamPKXMatd7Z5eumpzaj1 w+x0ZXbgP48NvFWy0VuXBFnUhqq46KDP1/FgSVZJ9d9Zlle0jcQdztQ0T6irzem2 rVsGzDhYldsb2Eubm8b7uJDtjwCNfIMDkiRGYXzKDJZHhht5cFUy2A+eZ4JBKkP4 kPOuHErsbVQqQ0RVoX2wPjPYdFHp6AbXYUBrtDWxxmtwY2/d7MBWkQ== =Qgca -----END PGP SIGNATURE----- -- ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim ## details at http://www.exim.org/ ## ---------- End Forwarded Message ---------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Wed May 5 14:09:10 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:02 2006 Subject: MS 4.30.3 can't count?? In-Reply-To: <6.0.1.1.2.20040505100707.03c107a8@imap.ecs.soton.ac.uk> References: <6.0.1.1.2.20040505100707.03c107a8@imap.ecs.soton.ac.uk> Message-ID: Julian, Patch in place, monitoring the syslogs, stay tuned. Jeff On Wed, 5 May 2004, Julian Field wrote: > Date: Wed, 5 May 2004 10:07:51 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MS 4.30.3 can't count?? > > Can you try this patch to SA.pm please: > > -----SNIP----- > --- SA.pm.old 2004-05-05 10:11:37.000000000 +0100 > +++ SA.pm 2004-05-05 10:12:10.000000000 +0100 > @@ -469,6 +469,7 @@ > # Roll the queue along one > $SAsuccessqsum += (shift @SAsuccessqueue)?1:-1 > if @SAsuccessqueue>$queuelength; > + $SAsuccessqsum = 0 if $SAsuccessqsum<0; > }; > alarm 0; > # Workaround for bug in perl shipped with Solaris 9, > @@ -510,6 +511,7 @@ > # Roll the queue along one > $SAsuccessqsum += (shift @SAsuccessqueue)?1:-1 > if @SAsuccessqueue>$queuelength; > + $SAsuccessqsum = 0 if $SAsuccessqsum<0; > > if ($SAsuccessqsum>$maxfailures && @SAsuccessqueue>=$queuelength) { > MailScanner::Log::WarnLog("SpamAssassin timed out (with no network" . > -----SNIP----- > > If that fixes it, I'll apply it to the RBL checking counter code as well. > > At 03:34 05/05/2004, you wrote: > >Julian, > > I upgraded to 4.30.3 this morning, and later on noticed in > >my syslogs: > > > >SpamAssassin timed out and was killed, failure -156 of 20 > > > >with random negative numbers in there. Later on, probably > >after a four-hour restart, it started counting correctly > >again. Maybe a counter isn't initialized at startup? > >(Setup: MS 4.303, SA 2.63, Sol 9, Sun V1280, razor, perl 5.8.3, > >threaded) > > > >Jeff Earickson > >Colby College > > > >-------------------------- MailScanner list ---------------------- > >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > >Before posting, please see the Most Asked Questions at > >http://www.mailscanner.biz/maq/ and the archives at > >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Wed May 5 14:24:14 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:02 2006 Subject: FreeBSD port of Vispan Message-ID: Hi, I just wanted to let you know that I created a FreeBSD port of Vispan. I just submitted the port. Let's see how fast the FreeBSD guys are committing it. Regards, Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer / COO -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lists at TRCINTL.COM Wed May 5 14:39:54 2004 From: lists at TRCINTL.COM (Kyle Harris) Date: Thu Jan 12 21:25:02 2006 Subject: BitDefender for Linux Licensing Message-ID: I was following another thread here lately that briefly discussed the fact that BitDefender now states on their web site that they have a free version for Linux. Skeptic that I am, I contacted the company to verify that this statement wasn't a mistake. I thought I would share the e-mail conversation with everyone (with their permission of course). As you can see, it is no mistake! By the way, I had to make two changes to get it to work properly on my MailScanner v4.28.6 1. I had to change the bitdefender entry in virus.scanners.conf from /usr/local/bd7 to /opt/bdc 2. I had to change line 32 in the bitdefender.wrapper file. It was PackageDir=$1/shared. I changed it to PackageDir=$1 (removed /shared from the end). Here is the e-mail transaction with a contact from BitDefender: Dear Kyle, Indeed I haven't explained myself clearly enough. You can install this free version, BitDefender Linux Edition v7, on a server as well. Also, you can post this information to the newsgroup. Please let me know if I can be of further assistance. Best Regards, Mihaela --------------------------------------------------- Mihaela PAUN BitDefender Channel Account Manager SOFTWIN Data Security Division --------------------------------------------------- ________________________________ e-mail: mpaun@bitdefender.com tel: (+40) 21 233.07.80 fax: (+40) 21 233.07.63 Bucharest, ROMANIA http://www.bitdefender.com http://www.softwin.ro ------------------------------------------------- secure your every bit ------------------------------------------------- The content of this message and attachments are confidential and are classified as SOFTWIN's Proprietary Information. The content of this message is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action based on this information are strictly prohibited and may be precluded by law. If you have received this message in error, please notify us immediately and then delete it from your system. SOFTWIN Romania is neither liable for the proper and complete transmission of the information contained in this message nor for any delay in its receipt. -----Original Message----- From: Kyle Harris [mailto:xxxx@xxxx.xxx] Sent: Tuesday, May 04, 2004 7:11 PM To: Mihaela Paun Subject: RE: Clarification of Licensing terms for Linux BitDefender Please excuse me for asking one more question regarding this, however I want to make sure I completely understand. You say below " You can install the Linux product for desktop . . .", however I would like to install this on a server. I checked the link again and it doesn't say that it is specifically for desktops? Is that still free if it is on a server? Actually, I have one more question. I would like to post this e-mail transaction to a newsgroup, however I want to abide by the terms of your e- mail disclaimer below. May I have permission to post this? Thanks again. -----Original Message----- From: Mihaela Paun [mailto:mpaun@bitdefender.com] Sent: Tuesday, May 04, 2004 10:41 AM To: Kyle Harris Subject: RE: Clarification of Licensing terms for Linux BitDefender Dear Kyle, Thank you for your e-mail. You can install the Linux product for desktop, which is a freeware product, at your company. There is no mistake in that affirmation :-) Please let me know if I can be of further assistance. Best Regards, Mihaela --------------------------------------------------- Mihaela PAUN BitDefender Key Account Manager SOFTWIN Data Security Division --------------------------------------------------- ________________________________ e-mail: mpaun@bitdefender.com tel: (+40) 21 233.07.80 fax: (+40) 21 233.07.63 Bucharest, ROMANIA http://www.bitdefender.com http://www.softwin.ro ------------------------------------------------- secure your every bit ------------------------------------------------- The content of this message and attachments are confidential and are classified as SOFTWIN's Proprietary Information. The content of this message is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action based on this information are strictly prohibited and may be precluded by law. If you have received this message in error, please notify us immediately and then delete it from your system. SOFTWIN Romania is neither liable for the proper and complete transmission of the information contained in this message nor for any delay in its receipt. -----Original Message----- From: Kyle Harris [mailto:xxxx@xxxx.xxx] Sent: Monday, May 03, 2004 11:05 PM To: sales@bitdefender.com Subject: Clarification of Licensing terms for Linux BitDefender I am researching Linux antivirus solutions for use in a corporate environment and I ran across the following page on your web site: http://www.bitdefender.com/bd/site/products.php?p_id=16 In particular, the following line caught my attention from the above linked page, and I quote "BitDefender Linux Edition v7 is a freeware product, which doesn't require a license to be used." Can you please verify that this is not some type of mistake and that BitDefender Linux Edition v7 is indeed a freeware product and OK for free use within a corporate environment with no additional licenses required? I know that statement seems pretty explanatory, but I thought it was worth an e-mail to verify. If it is true, you are certainly about to get your name established well in the Linux/Unix community. Thank you for your time. Kyle Harris -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Uwe.Krause at FEP.FRAUNHOFER.DE Wed May 5 15:32:29 2004 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Krause, Uwe) Date: Thu Jan 12 21:25:02 2006 Subject: ACE Archives ? Message-ID: <8DDE8CA53DC5F24DA4B7D074DDE8109F08C134@midgard.fep.fhg.de> Hello, this is what i found in the log : MailScanner[29477]: /var/spool/MailScanner/incoming/29477/i44Hx2N00651/Lm122.ace->LMMsgTrans.dll Not scanned (unsupported compression method) MailScanner[29477]: /var/spool/MailScanner/incoming/29477/i44Hx2N00651/Lm122.ace->lm122.exe Not scanned (unsupported compression method) MailScanner[29477]: /var/spool/MailScanner/incoming/29477/i44Hx2N00651/Lm122.ace->LogoManager.exe Not scanned (unsupported compression method) MailScanner[29477]: /var/spool/MailScanner/incoming/29477/i44Hx2N00651/Lm122.ace->patch_lm122final\vzx_lm122final.exe Not scanned (unsupported compression method) MailScanner[29477]: /var/spool/MailScanner/incoming/29477/i44Hx2N00651/Lm122.ace->GSMFree.txt Not scanned (unsupported compression method) How can i scan this files ? Mailscanner 4.30.3/Linux thanks Uwe -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Wed May 5 15:38:50 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:02 2006 Subject: ACE Archives ? In-Reply-To: <8DDE8CA53DC5F24DA4B7D074DDE8109F08C134@midgard.fep.fhg.de> Message-ID: Hi! > MailScanner[29477]: > /var/spool/MailScanner/incoming/29477/i44Hx2N00651/Lm122.ace->LMMsgTrans.dll > Not scanned (unsupported compression method) Get a scanner that supports ACE ? Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jpabuyer at TECNOERA.COM Wed May 5 15:48:28 2004 From: jpabuyer at TECNOERA.COM (Juan Pablo Abuyeres) Date: Thu Jan 12 21:25:02 2006 Subject: [OT] Re: Please Help me reading sendmail logs In-Reply-To: <200405051118.i45BIHj09200@mail022.syd.optusnet.com.au> References: <200405051118.i45BIHj09200@mail022.syd.optusnet.com.au> Message-ID: <1083768508.26349.41.camel@blackbird.tecnoera.com> try something like grep i423mYrx014053 maillog On Wed, 2004-05-05 at 07:18, Stuart Clark wrote: > Hi all > > Can someone please explain what is happening below? > > Mailscanner is running on a secondary MX server > > > Which part tells me where it is coming from? > > It looks like the relay is attempting to contact outside servers. I can't > understand why this is happening when my relay-domains file dosen't have any > of the below domain included. > > Regards > Stuart > > > > May 5 21:07:51 proxy sendmail[3973]: i423mYrx014053: > to=, delay=3+07:19:14, xdelay=00:00:00, > mailer=esmtp, pri=28023458, relay=222.47.94.18., dsn=4.0.0, stat=Deferred: > Connection refused by 222.47.94.18. > May 5 21:08:51 proxy sendmail[3973]: i421Y931009986: > to=, delay=3+09:34:42, xdelay=00:01:00, mailer=esmtp, > pri=28380382, relay=pop.dq06.net. [64.94.218.249], dsn=4.0.0, stat=Deferred: > Connection timed out with pop.dq06.net. > May 5 21:08:52 proxy sendmail[3973]: i422DiUD011254: > to=, delay=3+08:55:07, xdelay=00:00:00, mailer=esmtp, > pri=28652924, relay=222.47.94.18., dsn=4.0.0, stat=Deferred: Connection > refused by 222.47.94.18. > May 5 21:08:52 proxy sendmail[3973]: i42206oX010732: > to=, delay=3+09:08:46, xdelay=00:00:00, mailer=esmtp, > pri=28742866, relay=222.47.94.18., dsn=4.0.0, stat=Deferred: Connection > refused by 222.47.94.18. > May 5 21:09:12 proxy sendmail[5059]: i436lBwN032733: > to=, delay=2+04:21:56, xdelay=00:10:00, > mailer=esmtp, pri=16954712, relay=mail.reportedblond.com., dsn=4.0.0, > stat=Deferred > May 5 21:09:13 proxy sendmail[5059]: i43A551K007009: > to=, delay=2+01:04:08, xdelay=00:00:01, > mailer=esmtp, pri=17402621, relay=ondagrupera.com. [208.38.59.182], > dsn=4.0.0, stat=Deferred: Connection refused by ondagrupera.com. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -- Juan Pablo Abuyeres -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Wed May 5 15:58:16 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:02 2006 Subject: ACE Archives ? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D13@pascal.priv.bmrb.co.uk> Krause, Uwe wrote: > Hello, > > this is what i found in the log : > > MailScanner[29477]: > /var/spool/MailScanner/incoming/29477/i44Hx2N00651/Lm122.ace-> > LMMsgTrans.dll Not scanned (unsupported compression method) Install clamav (if you've not done so already). Install unace. Uncomment the unace line in clamav-wrapper. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Wed May 5 15:58:09 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:02 2006 Subject: BitDefender for Linux Licensing In-Reply-To: Message-ID: <20040505145809.31E8221C28A@mail.fsl.com> Jason, BitDefender also has a free version of their virus scanner available for Linux. I would add this to the list of programs that we would install. Regards, Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Kyle Harris > Sent: Wednesday, May 05, 2004 9:40 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: BitDefender for Linux Licensing > > I was following another thread here lately that briefly discussed the fact > that BitDefender now states on their web site that they have a free > version > for Linux. Skeptic that I am, I contacted the company to verify that this > statement wasn't a mistake. I thought I would share the e-mail > conversation with everyone (with their permission of course). As you can > see, it is no mistake! > > By the way, I had to make two changes to get it to work properly on my > MailScanner v4.28.6 > > 1. I had to change the bitdefender entry in virus.scanners.conf > from /usr/local/bd7 to /opt/bdc > 2. I had to change line 32 in the bitdefender.wrapper file. It was > PackageDir=$1/shared. I changed it to PackageDir=$1 (removed /shared from > the end). > > Here is the e-mail transaction with a contact from BitDefender: > > > Dear Kyle, > > Indeed I haven't explained myself clearly enough. You can install this > free > version, BitDefender Linux Edition v7, on a server as well. > > Also, you can post this information to the newsgroup. > > Please let me know if I can be of further assistance. > > Best Regards, > > Mihaela > --------------------------------------------------- > Mihaela PAUN > BitDefender Channel Account Manager > SOFTWIN > Data Security Division > --------------------------------------------------- > ________________________________ > e-mail: mpaun@bitdefender.com > tel: (+40) 21 233.07.80 > fax: (+40) 21 233.07.63 > Bucharest, ROMANIA > http://www.bitdefender.com > http://www.softwin.ro > ------------------------------------------------- > secure your every bit > ------------------------------------------------- > > The content of this message and attachments are confidential and are > classified as SOFTWIN's Proprietary Information. The content of this > message is intended solely for the use of the individual or entity to whom > it is addressed and others authorized to receive it. If you are not the > intended recipient you are hereby notified that any disclosure, copying, > distribution or taking any action based on this information are strictly > prohibited and may be precluded by law. If you have received this message > in error, please notify us immediately and then delete it from your > system. > SOFTWIN Romania is neither liable for the proper and complete transmission > of the information contained in this message nor for any delay in its > receipt. > > > > -----Original Message----- > From: Kyle Harris [mailto:xxxx@xxxx.xxx] > Sent: Tuesday, May 04, 2004 7:11 PM > To: Mihaela Paun > Subject: RE: Clarification of Licensing terms for Linux BitDefender > > > Please excuse me for asking one more question regarding this, however I > want to make sure I completely understand. You say below " You can > install > the Linux product for desktop . . .", however I would like to install this > on a server. I checked the link again and it doesn't say that it is > specifically for desktops? Is that still free if it is on a server? > > Actually, I have one more question. I would like to post this e-mail > transaction to a newsgroup, however I want to abide by the terms of your > e- > mail disclaimer below. May I have permission to post this? > > Thanks again. > > -----Original Message----- > From: Mihaela Paun [mailto:mpaun@bitdefender.com] > Sent: Tuesday, May 04, 2004 10:41 AM > To: Kyle Harris > Subject: RE: Clarification of Licensing terms for Linux BitDefender > > > Dear Kyle, > > Thank you for your e-mail. > > You can install the Linux product for desktop, which is a freeware > product, > at your company. There is no mistake in that affirmation :-) > > Please let me know if I can be of further assistance. > > Best Regards, > Mihaela > --------------------------------------------------- > Mihaela PAUN > BitDefender Key Account Manager > SOFTWIN > Data Security Division > --------------------------------------------------- > ________________________________ > e-mail: mpaun@bitdefender.com > tel: (+40) 21 233.07.80 > fax: (+40) 21 233.07.63 > Bucharest, ROMANIA > http://www.bitdefender.com > http://www.softwin.ro > ------------------------------------------------- > secure your every bit > ------------------------------------------------- > > The content of this message and attachments are confidential and are > classified as SOFTWIN's Proprietary Information. The content of this > message is intended solely for the use of the individual or entity to whom > it is addressed and others authorized to receive it. If you are not the > intended recipient you are hereby notified that any disclosure, copying, > distribution or taking any action based on this information are strictly > prohibited and may be precluded by law. If you have received this message > in error, please notify us immediately and then delete it from your > system. > SOFTWIN Romania is neither liable for the proper and complete transmission > of the information contained in this message nor for any delay in its > receipt. > > > > > -----Original Message----- > From: Kyle Harris [mailto:xxxx@xxxx.xxx] > Sent: Monday, May 03, 2004 11:05 PM > To: sales@bitdefender.com > Subject: Clarification of Licensing terms for Linux BitDefender > > > I am researching Linux antivirus solutions for use in a corporate > environment and I ran across the following page on your web site: > http://www.bitdefender.com/bd/site/products.php?p_id=16 > > In particular, the following line caught my attention from the above > linked > page, and I quote "BitDefender Linux Edition v7 is a freeware product, > which doesn't require a license to be used." > > Can you please verify that this is not some type of mistake and that > BitDefender Linux Edition v7 is indeed a freeware product and OK for free > use within a corporate environment with no additional licenses required? > > I know that statement seems pretty explanatory, but I thought it was worth > an e-mail to verify. If it is true, you are certainly about to get your > name established well in the Linux/Unix community. Thank you for your > time. > > Kyle Harris > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Uwe.Krause at FEP.FRAUNHOFER.DE Wed May 5 16:00:59 2004 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Krause, Uwe) Date: Thu Jan 12 21:25:02 2006 Subject: AW: ACE Archives ? Message-ID: <8DDE8CA53DC5F24DA4B7D074DDE8109F08C136@midgard.fep.fhg.de> >Get a scanner that supports ACE ? Using sophos ....... Uwe -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From William.Burns at AEROFLEX.COM Wed May 5 16:05:24 2004 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:25:02 2006 Subject: separate queue per domain In-Reply-To: <6.0.1.1.2.20040505100840.03c59c78@imap.ecs.soton.ac.uk> References: <40986393.5000207@donehue.net> <6.0.1.1.2.20040505100840.03c59c78@imap.ecs.soton.ac.uk> Message-ID: <409902B4.2050601@aeroflex.com> Julian: Sorry if I'm missing something here but... I've been trying to figure out how to have MailScanner read from multiple inbound queue directories, and then output to multiple outbound queues, where the name of the outbound queue directory would be determined by the name of the inbound queue directory. The inbound part is already documented in MailScanner.conf: > Incoming Queue Dir = /var/spool/mqueue.in/* So far, Kevin has had the most helpful advice: http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0404&L=mailscanner&P=R94234&I=-1 http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0404&L=mailscanner&P=R94809&I=-1 I *think* that all I need is to find a variable containing the name of the incoming queue dir that each piece of mail was read from. Then (assuming that variable can be accessed from a custom function) I should be able to write a function to set the "Outgoing Queue Dir" based on that. What's the name of this variable? -Bill Julian Field wrote: > At 04:46 05/05/2004, you wrote: > >> Hi All, >> >> I am trying to seperate the outgoing queues based on domain name (and >> with a default) - how do I go about creating a seperate file for this? - >> >> ie instead of - >> Outgoing Queue Dir = /var/spool/mqueue.exim/input >> >> I wanted to have - >> domain1 = /var/spool/mqueue.exim.domain1.input >> domain2 = /var/spool/mqueue.exim.domain2.input >> default = /var/spool/mqueue.exim.default > > > It's our old favourite "use a ruleset" answer again :-) > > Set > Outgoing Queue Dir = /etc/MailScanner/rules/outgoing.queue.rules > > And then in that file put > To: domain1.com /var/spool/mqueue.exim.domain1.input > To: domain2.com /var/spool/mqueue.exim.domain2.input > FromOrTo: default /var/spool/mqueue.exim.default > > Please read the MAQ, the location of which is at the bottom of this > posting. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed May 5 16:15:58 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:02 2006 Subject: separate queue per domain In-Reply-To: <409902B4.2050601@aeroflex.com> References: <40986393.5000207@donehue.net> <6.0.1.1.2.20040505100840.03c59c78@imap.ecs.soton.ac.uk> <409902B4.2050601@aeroflex.com> Message-ID: <6.0.1.1.2.20040505161524.03cc7278@imap.ecs.soton.ac.uk> At 16:05 05/05/2004, you wrote: >Julian: > >Sorry if I'm missing something here but... > >I've been trying to figure out how to have MailScanner read from >multiple inbound queue directories, and then output to multiple outbound >queues, where the name of the outbound queue directory would be >determined by the name of the inbound queue directory. > >The inbound part is already documented in MailScanner.conf: > > Incoming Queue Dir = /var/spool/mqueue.in/* > >So far, Kevin has had the most helpful advice: >http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0404&L=mailscanner&P=R94234&I=-1 >http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0404&L=mailscanner&P=R94809&I=-1 > >I *think* that all I need is to find a variable containing the name of >the incoming queue dir that each piece of mail was read from. >Then (assuming that variable can be accessed from a custom function) I >should be able to write a function to set the "Outgoing Queue Dir" based >on that. > >What's the name of this variable? In a Custom Function, $message->{store}->{dir} should give you it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bpumphrey at WOODMACLAW.COM Wed May 5 16:22:32 2004 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:25:02 2006 Subject: Connection Refused by... Message-ID: Good answers. I do have control on the exchange server, and it was probably when I had to reboot it. Here is a full log: http://www.indysmash.com/downloads/maillog To answer about seeing the error often, I was looking at that log (an older log) and it seemed to be a lot of entries in there. However after thinking, the server takes about 10-15 min to reboot and that is quite a bit of mail in 15 min so that makes sense that there might be a lot of entries in a row. Further on down the log they do stop. I read the mailscanner.info site fairly good and there is a lot of information in there (thank you), can there be a part that explains the log. I see other people ask basically how to read it. I know that some of it is simple but I don't like to assume. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Tuesday, May 04, 2004 7:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Connection Refused by... Billy A. Pumphrey wrote: > I'm starting a new topic on this one. (came from another topic) > > Yes, 10.1.1.2 is a exchange server that the mail goes to after > mailscanner. I suppose it's a setting or something on the exchange > server or something but I wouldn't even know where to start. > does the system gets most of the mail delivered? Do you see this message often? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From greyhair at GREYHAIR.NET Wed May 5 16:21:56 2004 From: greyhair at GREYHAIR.NET (greyhair) Date: Thu Jan 12 21:25:02 2006 Subject: [OT] Need Email Advice Message-ID: <40990694.20905@greyhair.net> HI. I'm a *small* time email server admin (one server that runs out of my home). I have about 400 emails per day and a max of about 20Mb per day (obviously a few very big emails). MailScanner for me is ROCK solid and a blessing!! My off topic question is: Could anyone advice me on a CHEAP secondary email service. In the past year, I have had 1 power outage for 24 hrs. Historically, 3 one day outages throughout the year. I could imagine a possible 2 day outage in the future if i were to upgrade my server. Thanks. greyhair -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sysadmin at FLEETONE.COM Wed May 5 16:25:05 2004 From: sysadmin at FLEETONE.COM (Rob Freeman) Date: Thu Jan 12 21:25:02 2006 Subject: [OT] Need Email Advice References: <40990694.20905@greyhair.net> Message-ID: <027301c432b5$242af180$45a610ac@fleetone.com> Here is what I use: www.zoneedit.com http://www.zoneedit.com/doc/faq.html#mx2 $10 a year for backup mail service. Rob ----- Original Message ----- From: "greyhair" To: Sent: Wednesday, May 05, 2004 10:21 AM Subject: [OT] Need Email Advice > HI. I'm a *small* time email server admin (one server that runs out of > my home). I have about 400 emails per day and a max of about 20Mb per > day (obviously a few very big emails). MailScanner for me is ROCK solid > and a blessing!! My off topic question is: > > Could anyone advice me on a CHEAP secondary email service. In the past > year, I have had 1 power outage for 24 hrs. Historically, 3 one day > outages throughout the year. I could imagine a possible 2 day outage in > the future if i were to upgrade my server. > > Thanks. > greyhair > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ed at ESSON.NET Wed May 5 17:56:20 2004 From: ed at ESSON.NET (Ed Kasky) Date: Thu Jan 12 21:25:02 2006 Subject: [OT] Need Email Advice In-Reply-To: <40990694.20905@greyhair.net> References: <40990694.20905@greyhair.net> Message-ID: <6.0.0.22.2.20040505095503.01bbc8c8@mail.esson.net> I have a secondary mx with the isp that holds my domain name. They spool the mail for up to 7 days if I am down. I then just telnet in and release the mail in the queue.... HTH. At 08:21 AM Wednesday, 5/5/2004, you wrote -=> >HI. I'm a *small* time email server admin (one server that runs out of >my home). I have about 400 emails per day and a max of about 20Mb per >day (obviously a few very big emails). MailScanner for me is ROCK solid >and a blessing!! My off topic question is: > >Could anyone advice me on a CHEAP secondary email service. In the past >year, I have had 1 power outage for 24 hrs. Historically, 3 one day >outages throughout the year. I could imagine a possible 2 day outage in >the future if i were to upgrade my server. Ed . . . . . . . . A woman drove me to drink and I never even had the courtesy to thank her. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ronnie at daslweb.com Wed May 5 18:58:00 2004 From: ronnie at daslweb.com (Ronnie Regev) Date: Thu Jan 12 21:25:02 2006 Subject: SpamAssassin Tests question Message-ID: <20040505175755.VJJU27329.tomts35-srv.bellnexxia.net@ronniepc> Hi, I am not sure how spamassassin actually utilizes the tests located at http://spamassassin.rediris.es/tests.html. Is a copy o the list cached somehow? Is each email scanned checked against the list posted online? An explanation as to how this works would be great, as I cant find that anywhere, or I am missing it. As well, is it possible to download a copy of the list? How could I do this? Thanks. Ronnie Regev System Administrator Microsoft Certified Professional MCP Daslweb Inc. ronnie@daslweb.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From greyhair at GREYHAIR.NET Wed May 5 19:02:37 2004 From: greyhair at GREYHAIR.NET (greyhair) Date: Thu Jan 12 21:25:02 2006 Subject: [OT] Need Email Advice In-Reply-To: <027301c432b5$242af180$45a610ac@fleetone.com> References: <40990694.20905@greyhair.net> <027301c432b5$242af180$45a610ac@fleetone.com> Message-ID: <40992C3D.8020509@greyhair.net> Rob, Thank you! greyhair Rob Freeman wrote: >Here is what I use: > >www.zoneedit.com > >http://www.zoneedit.com/doc/faq.html#mx2 > >$10 a year for backup mail service. > >Rob > >----- Original Message ----- >From: "greyhair" >To: >Sent: Wednesday, May 05, 2004 10:21 AM >Subject: [OT] Need Email Advice > > > > >>HI. I'm a *small* time email server admin (one server that runs out of >>my home). I have about 400 emails per day and a max of about 20Mb per >>day (obviously a few very big emails). MailScanner for me is ROCK solid >>and a blessing!! My off topic question is: >> >>Could anyone advice me on a CHEAP secondary email service. In the past >>year, I have had 1 power outage for 24 hrs. Historically, 3 one day >>outages throughout the year. I could imagine a possible 2 day outage in >>the future if i were to upgrade my server. >> >>Thanks. >>greyhair >> >>-------------------------- MailScanner list ---------------------- >>To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >>Before posting, please see the Most Asked Questions at >>http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Wed May 5 19:27:51 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:02 2006 Subject: Maximum Message size question Message-ID: <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> Hello everyone. Sorry but this will be a short email...hectic today... I keep seeing that MS is sending me messages with the following content: MessageID: i45IIo93024962 Report: MailScanner: Attachment is too large Looking through my .conf file, I have this; Maximum Message Size = 15000000 That should be 15mb's in size, correct? Also: Maximum Attachment Size = 10000000 I'll probably need to adjust, but just trying to fix what exactly is going on... Like I said...sorry for the russh.....crazy day already. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed May 5 19:36:54 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:02 2006 Subject: SpamAssassin Tests question In-Reply-To: <20040505175755.VJJU27329.tomts35-srv.bellnexxia.net@ronniepc> References: <20040505175755.VJJU27329.tomts35-srv.bellnexxia.net@ronniepc> Message-ID: <40993446.8020605@ucgbook.com> Ronnie Regev wrote: > I am not sure how spamassassin actually utilizes the tests located at > http://spamassassin.rediris.es/tests.html. > Is a copy o the list cached somehow? The list there is just posted as information, it's probably not up to date. I have the standard rules in /usr/share/spamassassin/ on my Mandrake Linux system and /usr/local/share/spamassassin/ on my Solaris boxes. Remember not to change anything here because it will be gone when you upgrade SA. Make your changes in spam.assassin.prefs.conf. > Is each email scanned checked against the list posted online? No. Each mail is checked against the rules in the above location and a couple of others. Run "spamassassin -D --lint" to find out where SA looks for rules and settings. Example: debug: using "/usr/share/spamassassin" for default rules dir debug: using "/etc/mail/spamassassin" for site rules dir debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: using "/root/.spamassassin" for user state dir > An explanation as to how this works would be great, as I cant find that > anywhere, or I am missing it. man Mail::SpamAssassin man Mail::SpamAssassin::Conf -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jburzenski at AMERICANHM.COM Wed May 5 19:38:23 2004 From: jburzenski at AMERICANHM.COM (Jason Burzenski) Date: Thu Jan 12 21:25:02 2006 Subject: SpamAssassin Tests question Message-ID: <9BDD6D4AD0795C46974D7D46C17883B80AEC7CFA@ahm_exchange2.americanhm.com> Those tests are the tests utilized by the latest version of SA. To see the tests your version uses, you can look in /usr/share/spamassassin/*.cf and /etc/mail/spamassassin/*.cf The files in /usr/share/spamassassin are what you see (or would have seen when your version of SA was released) on the tests URL. The /etc/mail/spamassassin/ directory is for your custom tests and rulesets. These are the usual locations for most systems, but yours may vary. > -----Original Message----- > From: Ronnie Regev [mailto:ronnie@daslweb.com] > Sent: Wednesday, May 05, 2004 1:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin Tests question > > > Hi, > I am not sure how spamassassin actually utilizes the tests > located at http://spamassassin.rediris.es/tests.html. > Is a copy o the list cached somehow? > Is each email scanned checked against the list posted online? > An explanation as to how this works would be great, as I cant > find that anywhere, or I am missing it. As well, is it > possible to download a copy of the list? How could I do this? > > Thanks. > > Ronnie Regev > System Administrator > Microsoft Certified Professional MCP > Daslweb Inc. > ronnie@daslweb.com > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040505/62cd3abd/attachment.html From jamey at teamlightning.com Wed May 5 19:37:32 2004 From: jamey at teamlightning.com (Jamey Nelson) Date: Thu Jan 12 21:25:02 2006 Subject: SpamAssassin Tests question In-Reply-To: <20040505175755.VJJU27329.tomts35-srv.bellnexxia.net@ronniepc> References: <20040505175755.VJJU27329.tomts35-srv.bellnexxia.net@ronniepc> Message-ID: <200405051437.32975.jamey@teamlightning.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doh! My previous message was incorrect, try looking in /usr/share/spamassassin . That is where my spamassassin is storing the .cf files containing the rules. - --Jamey On Wednesday 05 May 2004 13:58, Ronnie Regev wrote: > Hi, > I am not sure how spamassassin actually utilizes the tests located at > http://spamassassin.rediris.es/tests.html. > Is a copy o the list cached somehow? > Is each email scanned checked against the list posted online? > An explanation as to how this works would be great, as I cant find that > anywhere, or I am missing it. > As well, is it possible to download a copy of the list? How could I do > this? > > Thanks. > > Ronnie Regev > System Administrator > Microsoft Certified Professional MCP > Daslweb Inc. > ronnie@daslweb.com > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAmTRsNDti7INSJikRAmQMAKCOTXhFSkSeIgRbM1tjm8dgE6iWxgCfcPOS o8ktpcGB0XVJtoha6gJdrnU= =BG/7 -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jamey at teamlightning.com Wed May 5 19:35:51 2004 From: jamey at teamlightning.com (Jamey Nelson) Date: Thu Jan 12 21:25:02 2006 Subject: SpamAssassin Tests question In-Reply-To: <20040505175755.VJJU27329.tomts35-srv.bellnexxia.net@ronniepc> References: <20040505175755.VJJU27329.tomts35-srv.bellnexxia.net@ronniepc> Message-ID: <200405051435.51636.jamey@teamlightning.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronnie, I believe the rules you want are located in the spamassassin directory. On my machine it is /etc/mail/spamassassin, however, check /etc/spamassassing also. - --Jamey On Wednesday 05 May 2004 13:58, Ronnie Regev wrote: > Hi, > I am not sure how spamassassin actually utilizes the tests located at > http://spamassassin.rediris.es/tests.html. > Is a copy o the list cached somehow? > Is each email scanned checked against the list posted online? > An explanation as to how this works would be great, as I cant find that > anywhere, or I am missing it. > As well, is it possible to download a copy of the list? How could I do > this? > > Thanks. > > Ronnie Regev > System Administrator > Microsoft Certified Professional MCP > Daslweb Inc. > ronnie@daslweb.com > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAmTQHNDti7INSJikRAhHqAJ4lVGzvVdZ/Jo7q4ZxC3fq4B0xWvgCgii+x WijK2hQjD3HpvEA2ZGhRJgQ= =nlgM -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed May 5 19:41:30 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:02 2006 Subject: Maximum Message size question In-Reply-To: <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> Message-ID: <4099355A.2030000@ucgbook.com> Jason Williams wrote: > MessageID: i45IIo93024962 > Report: MailScanner: Attachment is too large > > Maximum Message Size = 15000000 > > That should be 15mb's in size, correct? Yes, but remember that MIME encoding adds like 20-30% to the size so don't expect users to be able to send 15 MB attachments with that limit. > Maximum Attachment Size = 10000000 It's this one that complains above. The default settings are 0 and -1 which turns off size checking, see comments above the options. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Wed May 5 20:15:21 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:02 2006 Subject: 4.30.3 sa counting error Message-ID: Julian, With your patch in place, what I see now is: SpamAssassin timed out and was killed, failure 0 of 20 no number higher than zero there, shouldn't it start at one? Only two instances today so far... Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alaslavic at HAVERTYS.COM Wed May 5 20:09:31 2004 From: alaslavic at HAVERTYS.COM (Alex Laslavic) Date: Thu Jan 12 21:25:02 2006 Subject: Zip Password & Virus Trigger Problem Message-ID: Quick problem. I have MailScanner set up so that all virii are quarantined, and the receiving user recieves nothing (silent virus option on). However, if the virus is also a password protected zip file, it is merely stripped from the email, and replaced with the virus warning text file. I do have "Allow Zip-Passwd = no" for all incoming email, with a few exceptions for people who actually need them. It seems to me that the "Zip-Passwd" option, which normally removes the attachment, but sends the message, is overiding the "Silent Virus" option. Anybody have a way around this. Using MailScanner 4.29.7-1, ClamAV 0.70 Thanks. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From admin at WEBGUSTO.COM Wed May 5 20:45:09 2004 From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto) Date: Thu Jan 12 21:25:03 2006 Subject: Double-scanning? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001649D13@pascal.priv.bmrb.co.uk> Message-ID: I seem to be getting every message double scanned, as I see X-Mailscanner:found to be clean, found to be clean on each message. I thought I saw something about this somewhere, but it eludes me now. Where do I look to prevent this double scanning? Thanks - Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Wed May 5 20:49:08 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:03 2006 Subject: Double-scanning? In-Reply-To: Message-ID: Hi! > I seem to be getting every message double scanned, as I see > X-Mailscanner:found to be clean, found to be clean on each message. > > I thought I saw something about this somewhere, but it eludes me now. > > Where do I look to prevent this double scanning? This can also mean that the mail is scanned elsewhere. Edit your config, you should add the %org stuff so you see what lines are added by YOUR scanning... Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From support at EAGLE-ACCESS.NET Wed May 5 21:07:46 2004 From: support at EAGLE-ACCESS.NET (Eagle Net Support) Date: Thu Jan 12 21:25:03 2006 Subject: Anyone seeing this at RBLs Message-ID: <40994992.26B46597@eagle-access.net> Anyone else timing out to RBL's? One example and there are quite a few others not listed. maillog May 5 13:53:23 saturn MailScanner[28169]: RBL Check spamhaus.org timed out and was killed, consecutive failure 2 of 7 [root@saturn joan]# ping spamhaus.org ping: unknown host spamhaus.org [root@saturn joan]# ping sbl-xbl.spamhaus.org ping: unknown host sbl-xbl.spamhaus.org [root@saturn joan]# ping sbl.spamhaus.org ping: unknown host sbl.spamhaus.org [root@saturn joan]# ping xbl.spamhaus.org ping: unknown host xbl.spamhaus.org thanks joe -- This message has been scanned for viruses and dangerous content, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From admin at WEBGUSTO.COM Wed May 5 21:13:20 2004 From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto) Date: Thu Jan 12 21:25:03 2006 Subject: Double-scanning? In-Reply-To: Message-ID: Sorry - I abbreviated my message. I have my org in it, and the message appears twice. Here is the actual header from your reply: X-MailScanner: Tested at frisco.webgusto.com and found to be clean, Tested at frisco.webgusto.com and found to be clean -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: Wednesday, May 05, 2004 2:49 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Double-scanning? Hi! > I seem to be getting every message double scanned, as I see > X-Mailscanner:found to be clean, found to be clean on each message. > > I thought I saw something about this somewhere, but it eludes me now. > > Where do I look to prevent this double scanning? This can also mean that the mail is scanned elsewhere. Edit your config, you should add the %org stuff so you see what lines are added by YOUR scanning... Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed May 5 21:53:21 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:03 2006 Subject: Anyone seeing this at RBLs In-Reply-To: <40994992.26B46597@eagle-access.net> References: <40994992.26B46597@eagle-access.net> Message-ID: <6.0.1.1.2.20040505215238.04272eb0@imap.ecs.soton.ac.uk> At 21:07 05/05/2004, you wrote: >Anyone else timing out to RBL's? One example and there are quite a few >others not listed. > >maillog > >May 5 13:53:23 saturn MailScanner[28169]: RBL Check spamhaus.org timed >out and was killed, consecutive failure 2 of 7 > > >[root@saturn joan]# ping spamhaus.org >ping: unknown host spamhaus.org >[root@saturn joan]# ping sbl-xbl.spamhaus.org >ping: unknown host sbl-xbl.spamhaus.org >[root@saturn joan]# ping sbl.spamhaus.org >ping: unknown host sbl.spamhaus.org >[root@saturn joan]# ping xbl.spamhaus.org >ping: unknown host xbl.spamhaus.org These are domain names, they aren't hosts, so you can't ping them. There is no physical computer called "xbl.spamhaus.org". -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Wed May 5 21:51:50 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:03 2006 Subject: 4.30.3 sa counting error In-Reply-To: References: Message-ID: <6.0.1.1.2.20040505214646.0438e920@imap.ecs.soton.ac.uk> At 20:15 05/05/2004, you wrote: >Julian, > With your patch in place, what I see now is: > >SpamAssassin timed out and was killed, failure 0 of 20 > >no number higher than zero there, shouldn't it start at one? >Only two instances today so far... That is theoretically possible. What I do now is run a queue which stores the last n success/failure codes. It keeps track of the total of the members of the queue. If one got put in at the same time as the last one went out, I think it could hit zero on a failure. Not 100% sure though, I admit :-) The aim was to detect RBLs and SA failing, say, 50% of the time, by setting a total timeout limit and the length of the queue. So if 10 out of 20 tests succeeded, it would know it failed 50% of the time which might be enough to kill it off if the thresholds were set to 10 out of 20. You can get RBLs, in particular, that start failing most of the time, but not all the time. So the old test for n consecutive failures wouldn't trigger, but your mail throughput slowed to a crawl. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Wed May 5 22:12:27 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:03 2006 Subject: Maximum Message size question In-Reply-To: <40995277.1000601@ucgbook.com> References: <5.2.1.1.0.20040505132600.00abcec0@corpmail.courtesymortgage.com> <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> <5.2.1.1.0.20040505132600.00abcec0@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040505140952.02b871d0@corpmail.courtesymortgage.com> >No offense but it seems you have tweaked almost every setting there is >before you went live. The default for that one is 200 to prevent wild >bouncing. I don't see the point in trying to restrict how many >attachments users can send/receive, it's the size that matters, of the >attachments that is. :-) They can just put 400 attachments in a zip >instead if they like. None taken. :) I did modify quite a few before I went live. I tried to guesstimate what I would need and not need. It's a trial and error setup right now. I realize that and knew that when I rolled this out, it was not going to be 'perfect'. It was going to need tweaks, optimization etc. In a nutshell, a learning experience... I aprpeciate everyones help here. Everyone has been very pleasant in taking the time to answer my questions...I think I jump the gun sometimes in my asking of questions...one of my little imperfections... All is well. I am super happy with how well MailScanner is working. I appreciate it, again. Best, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Wed May 5 22:07:23 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:03 2006 Subject: Problem with MailScanner and CommuniGate References: Message-ID: <4099578B.16065535@ucsc.edu> Derek Pitts wrote: > > mailscanner@jiscmail.ac.uk > > I am having a problem getting MailScanner to work > correctly with CommuniGate Pro. > > I have: > > Red Hat AS 3.0 kernel 2.4.21-9.0.3.EL > MailScanner 4.30.3-2 from RPM > ClamAV .70 compiled on the system > tested with CommuniGate Pro 4.1.8 and beta 4.2.2 > jrudd's ms2cgp and cgp2ms default configurations > > The problem I get is that mail never makes it to the users > inbox. I can watch the log file and see MailScanner start > to scan the message when it is received but it seems to > become hung somewhere in this process. It scans the > message over and over again without ever delivering it. I > can send mail from my test email server to other email > servers perfectly fine. If I attach a virus test file, > the file is scanned and identified as a virus test file. > If I attempt to send a message from another mail server > to my test server with MailScanner running I get an error > as follows > What does your server rule (that invokes cgp2ms) look like? And what headers have you set up for mailscanner to insert into the message? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dnsadmin at 1BIGTHINK.COM Wed May 5 21:20:39 2004 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:25:03 2006 Subject: Virus not caught In-Reply-To: References: <3BAD5B387A137442B69B2704F49D9A05872C@ares.brueggers.com> Message-ID: <6.1.0.6.0.20040505161832.058d2988@mail.1bigthink.com> At 03:59 PM 5/4/2004, you wrote: >Hi! > > > glad Symantec caught it...I'm troubled as to why it's getting > > past MS and AV scanners on my RH8 box. > > > > Running MailWatch reveals that F-Prot is catching > > W32/Netsky.Q@mm , however I don't always trust > that > > AV vendors > > name the variants consistently amongst themselves. > > > > Any suggestions on how I should proceed in troubleshooting this > > issue? Is anyone experiencing the same? > >Can you mail me some samples in a password protected zip ? > >Thanks, >Raymond. BTW, this one slipped through my MS 4.26 with ClamAV and F-Prot. My Norton AV picked it off on the workstation. What was it? G -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Denis.Beauchemin at USHERBROOKE.CA Wed May 5 21:19:56 2004 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:25:03 2006 Subject: IPBlock timed out... Message-ID: <40994C6C.50605@USherbrooke.ca> Julian, Looking at my log files I just noticed many entries (155 so far today) that state a time out in IPBlock: May 5 10:15:28 smtpe1 MailScanner[1035]: IPBlock: Hostname lookup for 218.5.7.87 timed out and was killed May 5 10:53:44 smtpe1 MailScanner[1035]: IPBlock: Hostname lookup for 64.28.67.162 timed out and was killed May 5 11:25:22 smtpe1 MailScanner[1433]: IPBlock: Hostname lookup for 68.119.99.27 timed out and was killed May 5 11:33:39 smtpe1 MailScanner[1124]: IPBlock: Hostname lookup for 216.38.220.151 timed out and was killed Anything to worry about? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From derek at MAIL.CHEM.TAMU.EDU Wed May 5 21:17:49 2004 From: derek at MAIL.CHEM.TAMU.EDU (Derek Pitts) Date: Thu Jan 12 21:25:03 2006 Subject: Problem with MailScanner and CommuniGate In-Reply-To: <009401c432dd$4aaa4310$92b15ba5@snapple> Message-ID: mailscanner@jiscmail.ac.uk I am having a problem getting MailScanner to work correctly with CommuniGate Pro. I have: Red Hat AS 3.0 kernel 2.4.21-9.0.3.EL MailScanner 4.30.3-2 from RPM ClamAV .70 compiled on the system tested with CommuniGate Pro 4.1.8 and beta 4.2.2 jrudd's ms2cgp and cgp2ms default configurations The problem I get is that mail never makes it to the users inbox. I can watch the log file and see MailScanner start to scan the message when it is received but it seems to become hung somewhere in this process. It scans the message over and over again without ever delivering it. I can send mail from my test email server to other email servers perfectly fine. If I attach a virus test file, the file is scanned and identified as a virus test file. If I attempt to send a message from another mail server to my test server with MailScanner running I get an error as follows ----- Transcript of session follows ----- 550 5.1.1 test@removed_real_address... User unknown With the rule for MailScanner disabled in CommuniGate messages can be sent and received from the test server to the test server and from another mail server to the test server without any problems. Any help would be appreciated. Below is a sample of the /var/log/maillog file, I replaced my test server with example.com and my production mail server with real_mail_server.com. root@example log]# tail -f maillog May 5 12:01:00 chem-178-73 update.virus.scanners: Delaying cron job up to 600 seconds May 5 13:01:00 chem-178-73 update.virus.scanners: Delaying cron job up to 600 seconds May 5 13:02:59 chem-178-73 update.virus.scanners: Found clamav installed May 5 13:02:59 chem-178-73 update.virus.scanners: Running autoupdate for clamav May 5 13:03:00 chem-178-73 ClamAV-autoupdate[18195]: ClamAV did not need updating May 5 13:33:26 chem-178-73 CommuniGatePro: Initiating CommuniGate Pro Server May 5 14:00:59 chem-178-73 update.virus.scanners: Delaying cron job up to 600 seconds May 5 14:02:29 chem-178-73 update.virus.scanners: Found clamav installed May 5 14:02:29 chem-178-73 update.virus.scanners: Running autoupdate for clamav May 5 14:02:30 chem-178-73 ClamAV-autoupdate[18465]: ClamAV did not need updating May 5 14:20:39 chem-178-73 MailScanner[30045]: New Batch: Scanning 1 messages, 692 bytes May 5 14:20:42 chem-178-73 MailScanner[30045]: Virus and Content Scanning: Starting May 5 14:20:42 chem-178-73 MailScanner[30045]: Uninfected: Delivered 1 messages May 5 14:20:42 chem-178-73 MailScanner[30045]: MailScanner child dying of old age May 5 14:20:42 chem-178-73 MailScanner[18683]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 5 14:20:43 chem-178-73 MailScanner[18683]: Using locktype = flock May 5 14:20:44 chem-178-73 sendmail[18685]: 18671: to=, delay=00:00:07, mailer=local, pri=240900, dsn=5.1.1, stat=User unknown May 5 14:20:44 chem-178-73 sendmail[18685]: STARTTLS=client, relay=real_mail_server.com.edu., version=TLSv1/SSLv3, verify=FAIL, cipher=DES-CBC3-SHA, bits=168/168 May 5 14:20:44 chem-178-73 sendmail[18685]: 18671: to=, delay=00:00:07, xdelay=00:00:00, mailer=esmtp, pri=240900, relay=real_mail_server.com.edu. [165.91.176.8], dsn=2.0.0, stat=Sent (1458891 message accepted for delivery) May 5 14:20:44 chem-178-73 sendmail[18685]: 18671: to=, delay=00:00:07, mailer=local, pri=240900, dsn=5.1.1, stat=User unknown May 5 14:20:44 chem-178-73 sendmail[18685]: 18671: i45JKiHw018685: postmaster notify: User unknown May 5 14:20:44 chem-178-73 sendmail[18685]: i45JKiHw018685: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31687, dsn=2.0.0, stat=Sent May 5 14:22:58 chem-178-73 MailScanner[18683]: New Batch: Scanning 1 messages, 1421 bytes May 5 14:23:00 chem-178-73 MailScanner[18683]: Virus and Content Scanning: Starting May 5 14:23:03 chem-178-73 MailScanner[18683]: Uninfected: Delivered 1 messages May 5 14:23:13 chem-178-73 MailScanner[18683]: New Batch: Scanning 1 messages, 1786 bytes May 5 14:23:16 chem-178-73 MailScanner[18683]: Virus and Content Scanning: Starting May 5 14:23:18 chem-178-73 MailScanner[18683]: Uninfected: Delivered 1 messages May 5 14:23:28 chem-178-73 MailScanner[18683]: New Batch: Scanning 1 messages, 2004 bytes May 5 14:23:30 chem-178-73 MailScanner[18683]: Virus and Content Scanning: Starting May 5 14:23:33 chem-178-73 MailScanner[18683]: Uninfected: Delivered 1 messages May 5 14:23:43 chem-178-73 MailScanner[18683]: New Batch: Scanning 1 messages, 2222 bytes May 5 14:23:46 chem-178-73 MailScanner[18683]: Virus and Content Scanning: Starting May 5 14:23:49 chem-178-73 MailScanner[18683]: Uninfected: Delivered 1 messages May 5 14:23:59 chem-178-73 MailScanner[18683]: New Batch: Scanning 1 messages, 2440 bytes May 5 14:24:01 chem-178-73 MailScanner[18683]: Virus and Content Scanning: Starting May 5 14:24:03 chem-178-73 MailScanner[18683]: Uninfected: Delivered 1 messages May 5 14:24:13 chem-178-73 MailScanner[18683]: New Batch: Scanning 1 messages, 2658 bytes May 5 14:24:16 chem-178-73 MailScanner[18683]: Virus and Content Scanning: Starting May 5 14:24:19 chem-178-73 MailScanner[18683]: Uninfected: Delivered 1 messages May 5 14:24:29 chem-178-73 MailScanner[18683]: New Batch: Scanning 1 messages, 2876 bytes May 5 14:24:31 chem-178-73 MailScanner[18683]: Virus and Content Scanning: Starting May 5 14:24:35 chem-178-73 MailScanner[18683]: Uninfected: Delivered 1 messages May 5 14:24:44 chem-178-73 MailScanner[30047]: New Batch: Scanning 1 messages, 3094 bytes May 5 14:24:45 chem-178-73 MailScanner[30047]: Virus and Content Scanning: Starting May 5 14:24:45 chem-178-73 MailScanner[30047]: Uninfected: Delivered 1 messages May 5 14:24:45 chem-178-73 MailScanner[30047]: MailScanner child dying of old age Derek Pitts Texas A&M University Chemistry Department derek@mail.chem.tamu.edu -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Wed May 5 21:31:48 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:03 2006 Subject: Maximum Message size question In-Reply-To: <4099355A.2030000@ucgbook.com> References: <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040505132600.00abcec0@corpmail.courtesymortgage.com> Hi Peter, >Yes, but remember that MIME encoding adds like 20-30% to the size so >don't expect users to be able to send 15 MB attachments with that limit. Ya. I am starting to notice. I am getting a lot of messages that are getting blocked because they contain too many attachments. Looking my MailScanner.conf: Maximum Attachments Per Message = 8 Now, we do receive a lot of mails containing attachments from our vendors that are important for us to receive. At the same time, I am noticing that some of the emails being blocked for too many attachments are personal emails... So right now, im trying to balance everything out here to ensure that we do receive our attachments from our vendors without getting blocked. Any suggestions? >It's this one that complains above. The default settings are 0 and -1 >which turns off size checking, see comments above the options. Hmm...not sure if I want HUGE attachments coming through. :) >-- >/Peter Bonivart > >--Unix lovers do it in the Sun > >Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, >SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 Thanks Peter!! Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed May 5 21:24:30 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:03 2006 Subject: Zip Password & Virus Trigger Problem In-Reply-To: References: Message-ID: Alex Laslavic wrote: > Quick problem. I have MailScanner set up so that all virii are > quarantined, and the receiving user recieves nothing (silent virus option > on). However, if the virus is also a password protected zip file, it is > merely stripped from the email, and replaced with the virus warning text > file. I do have "Allow Zip-Passwd = no" for all incoming email, with a few > exceptions for people who actually need them. > > It seems to me that the "Zip-Passwd" option, which normally removes the > attachment, but sends the message, is overiding the "Silent Virus" option. > Anybody have a way around this. Look at the comment of the "Slient Viruses" parameter. You'll see you can add Zip-Passwd > > Using MailScanner 4.29.7-1, ClamAV 0.70 > > Thanks. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Wed May 5 21:27:18 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:03 2006 Subject: Virus not caught In-Reply-To: <6.1.0.6.0.20040505161832.058d2988@mail.1bigthink.com> References: <3BAD5B387A137442B69B2704F49D9A05872C@ares.brueggers.com> <6.1.0.6.0.20040505161832.058d2988@mail.1bigthink.com> Message-ID: DNSAdmin wrote: > At 03:59 PM 5/4/2004, you wrote: > >> Hi! >> >> > glad Symantec caught it...I'm troubled as to why it's getting >> > past MS and AV scanners on my RH8 box. >> > >> > Running MailWatch reveals that F-Prot is catching >> > W32/Netsky.Q@mm , however I don't always trust >> that >> > AV vendors >> > name the variants consistently amongst themselves. >> > >> > Any suggestions on how I should proceed in troubleshooting this >> > issue? Is anyone experiencing the same? >> >> Can you mail me some samples in a password protected zip ? >> >> Thanks, >> Raymond. > > > BTW, this one slipped through my MS 4.26 with ClamAV and F-Prot. My Norton > AV picked it off on the workstation. What was it? From Raymond's post in the same thread : "Thanks for sending the example. This is why its not found, its no virus, its a truncated bounce..." > > G > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Wed May 5 21:45:43 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:03 2006 Subject: Maximum Message size question In-Reply-To: <5.2.1.1.0.20040505132600.00abcec0@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> <5.2.1.1.0.20040505112519.02b75008@corpmail.courtesymortgage.com> <5.2.1.1.0.20040505132600.00abcec0@corpmail.courtesymortgage.com> Message-ID: <40995277.1000601@ucgbook.com> Jason Williams wrote: > Maximum Attachments Per Message = 8 No offense but it seems you have tweaked almost every setting there is before you went live. The default for that one is 200 to prevent wild bouncing. I don't see the point in trying to restrict how many attachments users can send/receive, it's the size that matters, of the attachments that is. :-) They can just put 400 attachments in a zip instead if they like. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rzewnickie at RFA.ORG Wed May 5 21:48:01 2004 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:25:03 2006 Subject: tao Linux In-Reply-To: References: Message-ID: <20040505204801.GE29685@rfa.org> On Fri, Apr 30, 2004 at 11:25:38AM -0500, Rob Poe wrote: > If WhiteBox has achieved it's goal (and why not, it's OSS, right?) and > is 100% binary compatible to RHEL - how can it NOT be mature? > > I'm struggling right now, as Im building a new master server and don't > want to use an unsupported version of RedHat (and I'm holding out on > suse 9 until 9.1 comes out and is easily grabbable .. the new box > doesn't see the network card under Suse 9.0 (intel motherboard)). ftp://ftp.tux.org/linux/suse/i386/iso/9.1/ Some Novell guys presented at the local LUG meeting a few weeks ago. They brought along cd's of the iso's for 9.1 and said we could put them up on tux. -Eric Rz. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gebhard at EPOST.DE Wed May 5 22:25:17 2004 From: gebhard at EPOST.DE (Holger Gebhard) Date: Thu Jan 12 21:25:03 2006 Subject: Problem with Rulefiles Message-ID: >How about including some log entries for the test messages and the >relevant >config options? >We're not miracle workers. Ok... here is my Configuration: MailScanner 4.29.7 Debian 3.0 SpamAssassin 2.63 etc. My MailScanner.conf Settings are for one Feature that is not working with "Per User Rules": Allow Password Protected Archives = "Path to Rulesfile" Use Default Rule with Multiple Reciptients = no I had also tried Multiple Reciptients with yes, but then absolutely NO Feature is working with "Per User Rules" The Rulefile is Configured like the following: To: user@domain.com yes To: @domain.com no FromOrTo: default no Also tried *@domain.com... The same effect... No "Per User Check" working... (Many thanks to Kevin Spicer) I tested my Configuration with some other Rulesfiles... Filenamerules for example. In "FileName Rules" the "Per User Rules" are working perfectly with the same configuration (Use Default Rule with Multiple Reciptients = no). In "Allow Password Protected Archives" only "Per Domain Rules" and no "Per User Rules" are working... I dont know why? Thanks for help... Holger -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From derek at MAIL.CHEM.TAMU.EDU Wed May 5 22:33:09 2004 From: derek at MAIL.CHEM.TAMU.EDU (Derek Pitts) Date: Thu Jan 12 21:25:03 2006 Subject: Problem with MailScanner and CommuniGate In-Reply-To: <4099578B.16065535@ucsc.edu> Message-ID: Derek Pitts wrote: > > mailscanner@jiscmail.ac.uk > > I am having a problem getting MailScanner to work > correctly with CommuniGate Pro. > > I have: > > Red Hat AS 3.0 kernel 2.4.21-9.0.3.EL > MailScanner 4.30.3-2 from RPM > ClamAV .70 compiled on the system > tested with CommuniGate Pro 4.1.8 and beta 4.2.2 > jrudd's ms2cgp and cgp2ms default configurations > > The problem I get is that mail never makes it to the >users > inbox. I can watch the log file and see MailScanner >start > to scan the message when it is received but it seems to > become hung somewhere in this process. It scans the > message over and over again without ever delivering it. > I > can send mail from my test email server to other email > servers perfectly fine. If I attach a virus test file, > the file is scanned and identified as a virus test file. > If I attempt to send a message from another mail server > to my test server with MailScanner running I get an error > as follows > What does your server rule (that invokes cgp2ms) look like? And what headers have you set up for mailscanner to insert into the message? --snips of code Server-Wide Automated Processing Rule priority=5 "Header Field" is not "$IH:$IHV" "Execute" "[FILE]/usr/local/etc/cgp2ms" "Discard" Headers set with MailScanner.conf file residing in /etc/MailScanner/ %org-name% = Chemistry_Department Information Header = X-%org-name%-MailScanner-Information: Information Header Value = Please contact the Chemistry Helpdesk for more information I was not sure exactly what was meant by setting the headers, I assume that I did it correctly. Also I am not using the default Mailscanner start script I replaced the default script with the one from your message to Cyrille, on "Problem with latest version of Mailscanner" the shortened script. I have attached it below it resides in /etc/rc.d/init.d/ #!/bin/sh # case "$1" in 'start') /usr/sbin/check_mailscanner ;; 'stop') kill `cat /var/run/MailScanner.pid` ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 --end snip of code Thanks Derek -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Wed May 5 22:56:27 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:03 2006 Subject: Problem with MailScanner and CommuniGate References: Message-ID: <4099630B.50EDCD6A@ucsc.edu> Derek Pitts wrote: > > Derek Pitts wrote: > > > > mailscanner@jiscmail.ac.uk > > > > I am having a problem getting MailScanner to work > > correctly with CommuniGate Pro. > > > > I have: > > > > Red Hat AS 3.0 kernel 2.4.21-9.0.3.EL > > MailScanner 4.30.3-2 from RPM > > ClamAV .70 compiled on the system > > tested with CommuniGate Pro 4.1.8 and beta 4.2.2 > > jrudd's ms2cgp and cgp2ms default configurations > > > > The problem I get is that mail never makes it to the > >users > > inbox. I can watch the log file and see MailScanner > >start > > to scan the message when it is received but it seems to > > become hung somewhere in this process. It scans the > > message over and over again without ever delivering it. > > I > > can send mail from my test email server to other email > > servers perfectly fine. If I attach a virus test file, > > the file is scanned and identified as a virus test file. > > If I attempt to send a message from another mail server > > to my test server with MailScanner running I get an error > > as follows > > > > What does your server rule (that invokes cgp2ms) look > like? > And what headers have you set up for mailscanner to insert > into the > message? > > --snips of code > Server-Wide Automated Processing Rule priority=5 > "Header Field" is not "$IH:$IHV" You were too literal here. "$IH" and "$IHV" are meant to be "variables". Using the information you gave below, $IH should have been: "X-Chemistry_Department-MailScanner-Information" and $IHV should have been: " Please contact the Chemistry Helpdesk for more information" Try setting that Rule condition to: "Header Field" is not "X-Chemistry_Department-MailScanner-Information: Please contact the Chemistry Helpdesk for more information" And then things should work. > "Execute" "[FILE]/usr/local/etc/cgp2ms" > "Discard" > > Headers set with MailScanner.conf file > residing in /etc/MailScanner/ > > %org-name% = Chemistry_Department > > Information Header = X-%org-name%-MailScanner-Information: > Information Header Value = Please contact the Chemistry > Helpdesk for more information > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 00:39:07 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:03 2006 Subject: Caching name server on same box with MS...? Message-ID: <5.2.1.1.0.20040505163650.00a7eca0@corpmail.courtesymortgage.com> Any takers? Been thinking of putting on a caching name server on my gateway box in hopes of speeding up DNS checks. I've noticed that some of the delays been between 2-10 seconds day. Not horrible, but could be better... Seems like a pretty good idea. Was curiuos if anyone else has used this method and if the noticed difference in delay, after the change went through... I would use bind 9 for my setup, since I am most familar with it. Thanks, Best, Jas -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu May 6 00:57:55 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:03 2006 Subject: Caching name server on same box with MS...? In-Reply-To: <5.2.1.1.0.20040505163650.00a7eca0@corpmail.courtesymortgage.com> Message-ID: <20040505235756.05B6E21C2F7@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jason Williams > Sent: Wednesday, May 05, 2004 7:39 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Caching name server on same box with MS...? > > Any takers? You don't say what your OS is but: 1. it's definitely a good idea. 2. it's a simple rpm install if you're on an rpm based distro. NO configuration required :) Look for an nscd...rpm Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > > Been thinking of putting on a caching name server on my gateway box in > hopes of speeding up DNS checks. I've noticed that some of the delays been > between 2-10 seconds day. Not horrible, but could be better... > > Seems like a pretty good idea. > > Was curiuos if anyone else has used this method and if the noticed > difference in delay, after the change went through... > > I would use bind 9 for my setup, since I am most familar with it. > > Thanks, > > Best, > > Jas > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 01:03:59 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:03 2006 Subject: Caching name server on same box with MS...? In-Reply-To: <20040505235756.05B6E21C2F7@mail.fsl.com> References: <5.2.1.1.0.20040505163650.00a7eca0@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040505170319.00aeedb8@corpmail.courtesymortgage.com> > >You don't say what your OS is but: FreeBSD here...I was contemplating building the package on another system then adding it on my MailScanner system. Fairly straightforward I believe. >1. it's definitely a good idea. >2. it's a simple rpm install if you're on an rpm based distro. NO >configuration required :) Look for an nscd...rpm > >Steve I appreciate the help. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 02:07:13 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:03 2006 Subject: Caching name server on same box with MS...? In-Reply-To: <20040505235756.05B6E21C2F7@mail.fsl.com> References: <5.2.1.1.0.20040505163650.00a7eca0@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040505180553.00b0d6a0@corpmail.courtesymortgage.com> >1. it's definitely a good idea. >2. it's a simple rpm install if you're on an rpm based distro. NO >configuration required :) Look for an nscd...rpm Ya...I need to put up a caching server. I am seeing some pretty long delays here today...a lot longer than i saw yesterday. I'll probably try and roll out something tonight or tomorrow.... I'm hoping to see better performance, delay time once I roll out the caching server... We shall see. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Diego.Fabara at ALEGROPCS.COM Thu May 6 01:55:23 2004 From: Diego.Fabara at ALEGROPCS.COM (Diego Fabara) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner and MS Exchange !! Message-ID: I 've Fedora in my DMZ, with MailScanner, and Sendmail. My Mail Server inbound is an Exchange Server. So, my fedora forward all mail to mydomain.com ( using mailertable). My problem is: xxx@mydomain.com in not neccesary an user in my domain !! Then, How I can stop the mail for no genuine users in my domain without my Exchange receive the mails ? With whitelist ? To usergenuine1@mydomain.com yes To usergenuine2@mydomain.com yes To usergenuine3@mydomain.com yes ... .. .. To usergenuinexxx @mydomain.com yes FromorTo default no Is correct? Thanks -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040505/459317fc/attachment.html From ugob at CAMO-ROUTE.COM Thu May 6 02:24:31 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner and MS Exchange !! In-Reply-To: References: Message-ID: Diego Fabara wrote: > I ?ve Fedora in my DMZ, with MailScanner, and Sendmail. My Mail Server > inbound is an Exchange Server. > > So, my fedora forward all mail to mydomain.com ( using mailertable). > > My problem is: > > xxx@mydomain.com in not neccesary an user in > my domain !! > > Then, How I can stop the mail for no genuine users in my domain without > my Exchange receive the mails ? Please read the MAQ before posting: http://www.mailscanner.biz/maq/#whatifijust hth Ugo > > > > With whitelist ? > > > > To usergenuine1@mydomain.com yes > > To usergenuine2@mydomain.com yes > > To usergenuine3@mydomain.com yes > > ? > > .. > > .. > > To usergenuinexxx @mydomain.com > yes > > FromorTo default no > > > > > > > > Is correct? > > > > Thanks > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu May 6 03:24:34 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:03 2006 Subject: Maximum Message size question In-Reply-To: <5.2.1.1.0.20040505132600.00abcec0@corpmail.courtesymortgage.com> Message-ID: <000801c43311$47c3a040$2065e0c9@cositputer> How about using rulesets to make messages from vendor.com have a higher number of max attachments, and the default to something lower? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams Sent: Wednesday, May 05, 2004 3:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maximum Message size question Hi Peter, >Yes, but remember that MIME encoding adds like 20-30% to the size so >don't expect users to be able to send 15 MB attachments with that >limit. Ya. I am starting to notice. I am getting a lot of messages that are getting blocked because they contain too many attachments. Looking my MailScanner.conf: Maximum Attachments Per Message = 8 Now, we do receive a lot of mails containing attachments from our vendors that are important for us to receive. At the same time, I am noticing that some of the emails being blocked for too many attachments are personal emails... So right now, im trying to balance everything out here to ensure that we do receive our attachments from our vendors without getting blocked. Any suggestions? >It's this one that complains above. The default settings are 0 and -1 >which turns off size checking, see comments above the options. Hmm...not sure if I want HUGE attachments coming through. :) >-- >/Peter Bonivart > >--Unix lovers do it in the Sun > >Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, >SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 Thanks Peter!! Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040505/f4a1d5bc/smime.bin From alex at nkpanama.com Thu May 6 03:27:23 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:03 2006 Subject: Maximum Message size question In-Reply-To: <40995277.1000601@ucgbook.com> Message-ID: <001001c43311$abb912b0$2065e0c9@cositputer> I for one thing that starting somewhere around version 5 *everything* should be a ruleset... What does everybody else think? The default could be that a %rules-dir%/configitem.rules exists for everything that can be a ruleset, with the default set to whatever the actual default is. It would be a little more obvious and would probably help eliminate 80% of the "can mailscanner do..." and "how do I..." questions that get answered with "use rulesets". -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart Sent: Wednesday, May 05, 2004 3:46 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maximum Message size question Jason Williams wrote: > Maximum Attachments Per Message = 8 No offense but it seems you have tweaked almost every setting there is before you went live. The default for that one is 200 to prevent wild bouncing. I don't see the point in trying to restrict how many attachments users can send/receive, it's the size that matters, of the attachments that is. :-) They can just put 400 attachments in a zip instead if they like. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040505/2c90b042/smime.bin From alex at nkpanama.com Thu May 6 03:36:17 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner and MS Exchange !! In-Reply-To: Message-ID: <001d01c43312$ea2b9850$2065e0c9@cositputer> Actually, most of those answers in the FAQ involve setting up scripts, compiling things, fooling around with LDAP, using milters, etc. If you have a small setup (a dozen or so users, for example), the easiest way would be to put something like: usernumber1@yourdomain.com ACCEPT usernumber2@yourdomain.com ACCEPT . . . usernumber12@yourdomain.com ACCEPT yourdomain.com REJECT In your /etc/mail/access file (recompile with make -C /etc/mail after you finish). Pros: Easy and fast. Can be easily administered using webmin, for example. Cons: It gets tedious after a couple of dozen users, or if you have a lot of churn (users leaving and coming back, etc.). Besides, if you have any aliases, you also have to add them here. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Wednesday, May 05, 2004 8:25 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner and MS Exchange !! Diego Fabara wrote: > I 've Fedora in my DMZ, with MailScanner, and Sendmail. My Mail Server > inbound is an Exchange Server. > > So, my fedora forward all mail to mydomain.com ( using mailertable). > > My problem is: > > xxx@mydomain.com in not neccesary an user in > my domain !! > > Then, How I can stop the mail for no genuine users in my domain > without > my Exchange receive the mails ? Please read the MAQ before posting: http://www.mailscanner.biz/maq/#whatifijust hth Ugo > > > > With whitelist ? > > > > To usergenuine1@mydomain.com yes > > To usergenuine2@mydomain.com yes > > To usergenuine3@mydomain.com yes > > . > > .. > > .. > > To usergenuinexxx @mydomain.com > yes > > FromorTo default no > > > > > > > > Is correct? > > > > Thanks > > -------------------------- MailScanner list ---------------------- To > leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most > Asked Questions at http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040505/c1c52b19/smime.bin From pete at eatathome.com.au Thu May 6 03:42:03 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner and MS Exchange !! In-Reply-To: <001d01c43312$ea2b9850$2065e0c9@cositputer> References: <001d01c43312$ea2b9850$2065e0c9@cositputer> Message-ID: <4099A5FB.2050400@eatathome.com.au> This is EASILY automated using scripts available in the faqs/maqs .... >Actually, most of those answers in the FAQ involve setting up scripts, >compiling things, fooling around with LDAP, using milters, etc. > >If you have a small setup (a dozen or so users, for example), the easiest >way would be to put something like: > >usernumber1@yourdomain.com ACCEPT >usernumber2@yourdomain.com ACCEPT >. >. >. >usernumber12@yourdomain.com ACCEPT >yourdomain.com REJECT > >In your /etc/mail/access file (recompile with make -C /etc/mail after you >finish). > >Pros: Easy and fast. Can be easily administered using webmin, for example. >Cons: It gets tedious after a couple of dozen users, or if you have a lot >of churn (users leaving and coming back, etc.). Besides, if you have any >aliases, you also have to add them here. > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Ugo Bellavance >Sent: Wednesday, May 05, 2004 8:25 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner and MS Exchange !! > > >Diego Fabara wrote: > > >>I 've Fedora in my DMZ, with MailScanner, and Sendmail. My Mail Server >>inbound is an Exchange Server. >> >>So, my fedora forward all mail to mydomain.com ( using mailertable). >> >>My problem is: >> >>xxx@mydomain.com in not neccesary an user in >>my domain !! >> >>Then, How I can stop the mail for no genuine users in my domain >>without >>my Exchange receive the mails ? >> >> > >Please read the MAQ before posting: >http://www.mailscanner.biz/maq/#whatifijust > >hth > >Ugo > > >> >>With whitelist ? >> >> >> >>To usergenuine1@mydomain.com >> >> >yes > > >>To usergenuine2@mydomain.com >> >> >yes > > >>To usergenuine3@mydomain.com >> >> >yes > > >>. >> >>.. >> >>.. >> >>To usergenuinexxx @mydomain.com >> yes >> >>FromorTo default no >> >> >> >> >> >> >> >>Is correct? >> >> >> >>Thanks >> >>-------------------------- MailScanner list ---------------------- To >>leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most >>Asked Questions at http://www.mailscanner.biz/maq/ and the archives at >>http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Thu May 6 05:18:52 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd Message-ID: Hi people can I get the opinion of people who have used both MailScanner and Amavisd. What are the reasons for using MailScanner over Amavisd, or what are the benefits of Amavisd over MailScanner etc. I would be interested to hear these comparisons from people with experience with both. I have only had a chance to use MailScanner and I have installed it on a few servers. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu May 6 05:23:40 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd In-Reply-To: References: Message-ID: Robin M. wrote: > Hi people can I get the opinion of people who have used both MailScanner > and Amavisd. What are the reasons for using MailScanner over Amavisd, or > what are the benefits of Amavisd over MailScanner etc. > That is an interresting question, and I think many people on this list asked themselves at least once. Did you post the same question on the Amavis list? > I would be interested to hear these comparisons from people with > experience with both. > > I have only had a chance to use MailScanner and I have installed it on > a few servers. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Thu May 6 05:49:40 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd In-Reply-To: References: Message-ID: <4099C3E4.5000603@eatathome.com.au> Since i dont have a technical comparison and am a new comer to MailScanner MailScanner is developed by Julian who is quite possibly the most generous person i have encountered in 10ish years online. How many times have we seen him whip up a patch for some ones specific needs or assist in non MS related support, or keep MS features well ahead of the rest with very speedy solutions to new and potentially dangerous problems, and how many of us have actually made a donation? I am confident that as long as we use MailScanner and keep it up to date we will always be protected against the newest of nasties as Julian works tirelessly to keep MS capabilities up to speed. I bet others here can better illustrate Julian's mammoth efforts... and that the fact that he is the author is a major reason to use his products over others?? Pete > > >> Hi people can I get the opinion of people who have used both MailScanner >> and Amavisd. What are the reasons for using MailScanner over Amavisd, or >> what are the benefits of Amavisd over MailScanner etc. >> > > That is an interresting question, and I think many people on this list > asked themselves at least once. Did you post the same question on the > Amavis list? > >> I would be interested to hear these comparisons from people with >> experience with both. >> >> I have only had a chance to use MailScanner and I have installed it on >> a few servers. > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Thu May 6 07:43:05 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:03 2006 Subject: Postfix support / how stable? Message-ID: Hi guys, I need your experience on MailScanner and Postfix. Some of our customers think about switching over to Postfix due to Exim having problems with very (!) large mail volumes. They now think about using amavisd since MailScanner had problems with Postfix in the earlier versions. The postfix author claimed that MailScanner is not a good solution since it does not use the Postfix standard interfaces (or something like that). This seemed to have resulted in sporadic mail loss. Now my question: Is that still true? What is your experience? How stable is MailScanner with postfix nowadays? Kind regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Senior Engineer -- Seceidos GmbH Robert-Bosch-Str.7 64293 Darmstadt/Germany Phone: +49 (6151) 66843-43 Fax: +49 (6151) 66843-52 E-Mail: jan-peter.koopmann@seceidos.de Web: http://www.seceidos.de -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Thu May 6 07:59:43 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner and MS Exchange !! In-Reply-To: References: Message-ID: <1083826782.29552.5.camel@bach.kevinspicer.co.uk> On Thu, 2004-05-06 at 01:55, Diego Fabara wrote: > Then, How I can stop the mail for no genuine users in my domain > without my Exchange receive the mails ? See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html > With whitelist ? No, the whitelist you gave will block all outbound mail - anyway you are much better blocking at the MTA. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From admin at WEBGUSTO.COM Thu May 6 08:23:58 2004 From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto) Date: Thu Jan 12 21:25:03 2006 Subject: Double-scanning? In-Reply-To: Message-ID: Bound to be an answer somewhere. Do others have this problem? (I seem to be getting every message double scanned, as I see X-Mailscanner:found to be clean at myserver, found to be clean at myservr on each message.) It an exim/MailScanner/cpanel config, fwiw. Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu May 6 08:39:07 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:03 2006 Subject: Postfix support / how stable? In-Reply-To: References: Message-ID: <6.0.1.1.2.20040506083709.03bfc4c8@imap.ecs.soton.ac.uk> At 07:43 06/05/2004, you wrote: >Hi guys, > >I need your experience on MailScanner and Postfix. Some of our customers >think about switching over to Postfix due to Exim having problems with >very (!) large mail volumes. They now think about using amavisd since >MailScanner had problems with Postfix in the earlier versions. The postfix >author claimed that MailScanner is not a good solution since it does not >use the Postfix standard interfaces (or something like that). This seemed >to have resulted in sporadic mail loss. > >Now my question: Is that still true? No, and it never was a big problem. > What is your experience? How stable is MailScanner with postfix nowadays? Perfectly stable. However, due to Postfix's design of having one file per message instead of Exim's 2, MailScanner cannot run as fast on Postfix as it has to do I/O on the entire message just to add a header. In Exim/sendmail, the body of the message usually doesn't have to be written at all, just linked into the outgoing queue, which makes it faster. In my experience Exim can happily handle large volumes of mail, it's what I use for all my capacity/speed tests. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu May 6 08:36:49 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <4099C3E4.5000603@eatathome.com.au> References: <4099C3E4.5000603@eatathome.com.au> Message-ID: <6.0.1.1.2.20040506083632.03f8f298@imap.ecs.soton.ac.uk> Aw, shucks. Thankyou! At 05:49 06/05/2004, Pete wrote: >Since i dont have a technical comparison and am a new comer to MailScanner > >MailScanner is developed by Julian who is quite possibly the most >generous person i have encountered in 10ish years online. > >How many times have we seen him whip up a patch for some ones specific >needs or assist in non MS related support, or keep MS features well >ahead of the rest with very speedy solutions to new and potentially >dangerous problems, and how many of us have actually made a donation? > >I am confident that as long as we use MailScanner and keep it up to date >we will always be protected against the newest of nasties as Julian >works tirelessly to keep MS capabilities up to speed. > >I bet others here can better illustrate Julian's mammoth efforts... and >that the fact that he is the author is a major reason to use his >products over others?? > >Pete > > >> >> >>>Hi people can I get the opinion of people who have used both MailScanner >>>and Amavisd. What are the reasons for using MailScanner over Amavisd, or >>>what are the benefits of Amavisd over MailScanner etc. >> >>That is an interresting question, and I think many people on this list >>asked themselves at least once. Did you post the same question on the >>Amavis list? >> >>>I would be interested to hear these comparisons from people with >>>experience with both. >>> >>>I have only had a chance to use MailScanner and I have installed it on >>>a few servers. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike.norton at JOBSITE.CO.UK Thu May 6 09:30:34 2004 From: mike.norton at JOBSITE.CO.UK (Mike Norton) Date: Thu Jan 12 21:25:03 2006 Subject: Creating A Rule (OT) Message-ID: <49301F35FCFD3844B7091986F6584DDABD7A2F@sesma6pc.jobsite.co.uk> I keep recieving many emails as follows with random subjects, titles and body text such as :- Received: from xxx.xxxx.xx.xx ([xxx.xxx.xxx.xxx]) by xxx.xxxx.xx.xx with Microsoft SMTPSVC(5.0.2195.6713); Thu, 6 May 2004 08:45:42 +0100 Received: from xxx.xxxx.xx.xx (xxx.xxxx.xx.xx [xxx.xxx.xxx.xxx]) by mailhost.jobsite.co.uk (8.12.8/8.12.8) with ESMTP id i467pvCR024857; Thu, 6 May 2004 08:52:20 +0100 Received: from fl-edad-u1-c6a-172.miamfl.adelphia.net (Timothy36@fl-edad-u1-c6a-172.miamfl.adelphia.net [24.53.201.172] (may be forged)) by relay1.jobsite.co.uk (8.12.6-20030919/8.12.6) with SMTP id i467u5et000774; Thu, 6 May 2004 08:56:17 +0100 (BST) Message-Id: <200405060756.i467u5et000774@xxx.xxx.xxx.xxx> Received: from 112.148.216.134 by 24.53.201.172; Fri, 07 May 2004 11:45:43 +0200 From: "Maria Bailey" Reply-To: "Maria Bailey" To: jobsite-vac@xxxx.co.uk Subject: don't publish them please andean Date: Fri, 07 May 2004 14:46:43 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3345142437071427381" X-jsgroup-MailScanner-Information: Please contact Technical Support for more information X-jsgroup-MailScanner: Found to be clean X-MailScanner-From: t91344yh@sfc.keio.ac.jp Return-Path: t91344yh@sfc.keio.ac.jp X-OriginalArrivalTime: 06 May 2004 07:45:43.0024 (UTC) FILETIME=[22559700:01C4333E] ----3345142437071427381 Content-Type: text/html; Content-Transfer-Encoding: 7Bit




club admonition infusion comport celia helene cent packard waterline bloc societal elmer kaleidescope afterward brazzaville blutwurst compensable gallberry incorrect giuliano isopleth wilcox classmate swordfish basin unanimous warmonger darn accede jejunum alewife porcine veranda bryozoa threefold reese barrier presuppose bromley propeller apprehensive suffer sorption palazzo berne shearer catalysis analogy budapest toolsmith cleveland tipsy bee prosper machiavelli geld providential palmate offhand eyeful peptide affable coffeecup courteous clubhouse regis crop deathward capillary snow duopolist laughingstock formant napkin garter waveform indwell laxative foss address perth gaggle laity crosshatch triplett adjoin paddy demigod convex flatworm seek whisper brookline stepchild demurring egret pillage responsive simplify visor annuli bimetallism mild algenib tarpaulin rwanda excisable kinesthesis osha rose asexual grandchild floodgate heart tasteful inelastic narrow anthropogenic lounsbury coxcomb schizomycetes ----3345142437071427381-- The only common thing with all these mails is that the url contains links to site%2Evoila%2Efr or site.voila.fr how can I create a custom rule to block these messages ? Thanks Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Thu May 6 09:45:30 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:25:03 2006 Subject: Caching name server on same box with MS...? In-Reply-To: <20040505235756.05B6E21C2F7@mail.fsl.com> References: <20040505235756.05B6E21C2F7@mail.fsl.com> Message-ID: <4099FB2A.6030009@gmx.de> Stephen Swaney wrote: >>Subject: Caching name server on same box with MS...? >>Any takers? >> >> >You don't say what your OS is but: > >1. it's definitely a good idea. >2. it's a simple rpm install if you're on an rpm based distro. NO >configuration required :) Look for an nscd...rpm > > i have never installed a nscd*.rpm under redhat/fedora for this, always caching-nameserver # rpm -q caching-nameserver caching-nameserver-7.2-10 # chkconfig named --list named 0:Aus 1:Aus 2:Ein 3:Ein 4:Ein 5:Ein 6:Aus # cat /etc/resolv.conf nameserver 127.0.0.1 # service named start all is done! oops, # locate nscd /etc/rc.d/init.d/nscd /etc/nscd.conf /usr/share/man/man5/nscd.conf.5.gz /usr/share/man/man8/nscd.8.gz /usr/sbin/nscd # rpm -qf `locate nscd` nscd-2.3.2-101.4 nscd-2.3.2-101.4 man-pages-1.60-4 man-pages-1.60-4 nscd-2.3.2-101.4 # chkconfig nscd --list Dienst nscd unterst?tzt chkconfig, besitzt aber keinen Bezug auf einen Runlevel (f?hren Sie 'chkconfig --add nscd' aus) -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Thu May 6 09:46:50 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:03 2006 Subject: Creating A Rule (OT) In-Reply-To: <49301F35FCFD3844B7091986F6584DDABD7A2F@sesma6pc.jobsite.co.uk> Message-ID: <200405060841.i468fh4X011556@monitor.blacknight.ie> Mike Have you looked at things like rules de jour? Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Norton Sent: 06 May 2004 09:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Creating A Rule (OT) I keep recieving many emails as follows with random subjects, titles and body text such as :- Received: from xxx.xxxx.xx.xx ([xxx.xxx.xxx.xxx]) by xxx.xxxx.xx.xx with Microsoft SMTPSVC(5.0.2195.6713); Thu, 6 May 2004 08:45:42 +0100 Received: from xxx.xxxx.xx.xx (xxx.xxxx.xx.xx [xxx.xxx.xxx.xxx]) by mailhost.jobsite.co.uk (8.12.8/8.12.8) with ESMTP id i467pvCR024857; Thu, 6 May 2004 08:52:20 +0100 Received: from fl-edad-u1-c6a-172.miamfl.adelphia.net (Timothy36@fl-edad-u1-c6a-172.miamfl.adelphia.net [24.53.201.172] (may be forged)) by relay1.jobsite.co.uk (8.12.6-20030919/8.12.6) with SMTP id i467u5et000774; Thu, 6 May 2004 08:56:17 +0100 (BST) Message-Id: <200405060756.i467u5et000774@xxx.xxx.xxx.xxx> Received: from 112.148.216.134 by 24.53.201.172; Fri, 07 May 2004 11:45:43 +0200 From: "Maria Bailey" Reply-To: "Maria Bailey" To: jobsite-vac@xxxx.co.uk Subject: don't publish them please andean Date: Fri, 07 May 2004 14:46:43 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3345142437071427381" X-jsgroup-MailScanner-Information: Please contact Technical Support for more information X-jsgroup-MailScanner: Found to be clean X-MailScanner-From: t91344yh@sfc.keio.ac.jp Return-Path: t91344yh@sfc.keio.ac.jp X-OriginalArrivalTime: 06 May 2004 07:45:43.0024 (UTC) FILETIME=[22559700:01C4333E] ----3345142437071427381 Content-Type: text/html; Content-Transfer-Encoding: 7Bit


club admonition infusion comport celia helene cent packard waterline bloc societal elmer kaleidescope afterward brazzaville blutwurst compensable gallberry incorrect giuliano isopleth wilcox classmate swordfish basin unanimous warmonger darn accede jejunum alewife porcine veranda bryozoa threefold reese barrier presuppose bromley propeller apprehensive suffer sorption palazzo berne shearer catalysis analogy budapest toolsmith cleveland tipsy bee prosper machiavelli geld providential palmate offhand eyeful peptide affable coffeecup courteous clubhouse regis crop deathward capillary snow duopolist laughingstock formant napkin garter waveform indwell laxative foss address perth gaggle laity crosshatch triplett adjoin paddy demigod convex flatworm seek whisper brookline stepchild demurring egret pillage responsive simplify visor annuli bimetallism mild algenib tarpaulin rwanda excisable kinesthesis osha rose asexual grandchild floodgate heart tasteful inelastic narrow anthropogenic lounsbury coxcomb schizomycetes ----3345142437071427381-- The only common thing with all these mails is that the url contains links to site%2Evoila%2Efr or site.voila.fr how can I create a custom rule to block these messages ? Thanks Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at BARENDSE.TO Thu May 6 09:52:33 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:25:03 2006 Subject: TNEF problems Message-ID: I have a problem with Outlook. Even though I set the message to plain text by hand and send the message some(!) message still carry an undecodable TNEF attachment with it. I don't know why Outlook does that (Outlook sucks I know) but it does. Instead of blocking the message in case of unparsable TNEF could we have MailScanner just strip the TNEF bit off and let the rest of the message pass through instead of it as a whole? Maybe it could even be made a ruleset. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Thu May 6 10:10:24 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:25:03 2006 Subject: MS/SA occasionally not calling Bayes? Message-ID: (Redhat 7.3; sendmail; MS 4.26.8; SA 2.63; configs left at defaults where reasonably possible, but adding a few other SA rulesets. University; many thousand users.) The systems (MS/SA/Bayes/DCC) seem to work reasonably well at spam detection. Each handles around 80,000 emails per day, tagging about 30,000 as spam (threshold 6). Assuming that my own inbound email is reasonably typical of that for our other users, each day I check my spam folder to check for false positives, and also to check how the SA rules are behaving. Most spams include, as expected, a "BAYES_nn=ii" in the score, and often of course these are "BAYES_99". Fine so far. Sometimes the values are lower, including BAYES_50=0.0 and BAYES_44=-0.0 values. This latter point demonstrates that at least Bayes has been has been invoked. Again, fine. But occasionally a spam will fail to include any such score, as if it has somehow bypassed SA/Bayes (or been ignored by it, or similar). Of course, there's the chance that these might be sneaking through when the Bayes database is being rebuilt. But I have: Wait During Bayes Rebuild = yes so that ought not to happen. And when I cross-check the timestamp on the "Received:" (as it passes through the relevant MS/SA/Bayes machine) with the "SpamAssassin Bayes database rebuild ..." messages in the log, there is no coincidence (i.e. this problem does not coincide with database rebuilds every four hours). Any thoughts? I also see occasional false negatives (to my mind clearly spam, but getting into my ordinary INBOX. I suspect that these, too, will have somehow bypassed the SA/Bayes, and so may share the same underlying cause. (On hams, we don't include the SA scores, so this is difficult to confirm.) (I've checked the MAQ and couldn't find reference to this. But if I've missed it, let me know!) -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Thu May 6 10:18:17 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd References: Message-ID: <002b01c4334b$1143b430$85421851@hq> Hi, > Hi people can I get the opinion of people who have used both MailScanner > and Amavisd. What are the reasons for using MailScanner over Amavisd, or > what are the benefits of Amavisd over MailScanner etc. I use both. IMHO the releases of amavis are more stable than MailScanner, but you have to wait for months when you need the new features from amavis. My mails first get scanned by MailScanner and then by amavis. About 10 viruses a day get trough MailScanner. I'm sure there are some probs with viruses in bounces and broken MIME stuff. Will update to 4.30.3 and pray :-) MailScanner has the greatest rule system ever seen. You can create for every option a cool rule. But I'm missing the *_lovers_* stuff from amavisd-new. The performance from MailScanner is quiet better and it don't uses different ports. > I would be interested to hear these comparisons from people with > experience with both. Both in a mix is the greatest :-)) Michael -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dean.plant at ROKE.CO.UK Thu May 6 10:19:37 2004 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:25:03 2006 Subject: Trend code status Message-ID: Julian, I have been running Trend with MailScanner for about 5 months and with the exception of some manual changes that I needed to make to the trend-wrapper and virus.scanner.conf (this is maybe because im using the viruswall base install) all has been working with no problems. Can the code status be changed from beta? Dean -- Visit our website at www.roke.co.uk Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Thu May 6 10:43:39 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <002b01c4334b$1143b430$85421851@hq> References: <002b01c4334b$1143b430$85421851@hq> Message-ID: <409A08CB.2050007@gmx.de> Muenz, Michael wrote: >I use both. IMHO the releases of amavis are more stable than MailScanner > is mailscanner unstable? -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Thu May 6 10:54:34 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> Muenz, Michael wrote: > My mails first get scanned by MailScanner and > then by amavis. About 10 viruses a day get trough MailScanner. I'm > sure there are some probs with viruses in bounces > and broken MIME stuff. Will update to 4.30.3 and pray :-) Once you've done that and if you're still finding stuff that gets through perhaps you could report exactly what here so that folks round these parts can find out why. Are you using the same virus scanner in both cases? Would you mind telling us how many mails you process each day to we can get that figure of 10 per day in perspective. I'd also like to point out that we don't know how many MailScanner would catch that Amavis misses if the order of scanning were reversed. Anyone running that setup? What is the *_lovers_* that you speak of? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From David.While at UCE.AC.UK Thu May 6 11:08:21 2004 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:25:03 2006 Subject: MS/SA occasionally not calling Bayes? Message-ID: <107DE25EC0216C45AEF670016024245F7073@exchangea.staff.uce.ac.uk> Correct me if I am wrong (I am sure you will!) but SA will only include the BAYES_??=xx score if it actually finds a hit similar to all the other SA rules - so it is perfectly possible to get Spam without a BAYES score - it doesn't mean that SA hasn't consulted the Bayes DB it simply means it didn't find a hit. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of David Lee Sent: 06 May 2004 10:10 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MS/SA occasionally not calling Bayes? (Redhat 7.3; sendmail; MS 4.26.8; SA 2.63; configs left at defaults where reasonably possible, but adding a few other SA rulesets. University; many thousand users.) The systems (MS/SA/Bayes/DCC) seem to work reasonably well at spam detection. Each handles around 80,000 emails per day, tagging about 30,000 as spam (threshold 6). Assuming that my own inbound email is reasonably typical of that for our other users, each day I check my spam folder to check for false positives, and also to check how the SA rules are behaving. Most spams include, as expected, a "BAYES_nn=ii" in the score, and often of course these are "BAYES_99". Fine so far. Sometimes the values are lower, including BAYES_50=0.0 and BAYES_44=-0.0 values. This latter point demonstrates that at least Bayes has been has been invoked. Again, fine. But occasionally a spam will fail to include any such score, as if it has somehow bypassed SA/Bayes (or been ignored by it, or similar). Of course, there's the chance that these might be sneaking through when the Bayes database is being rebuilt. But I have: Wait During Bayes Rebuild = yes so that ought not to happen. And when I cross-check the timestamp on the "Received:" (as it passes through the relevant MS/SA/Bayes machine) with the "SpamAssassin Bayes database rebuild ..." messages in the log, there is no coincidence (i.e. this problem does not coincide with database rebuilds every four hours). Any thoughts? I also see occasional false negatives (to my mind clearly spam, but getting into my ordinary INBOX. I suspect that these, too, will have somehow bypassed the SA/Bayes, and so may share the same underlying cause. (On hams, we don't include the SA scores, so this is difficult to confirm.) (I've checked the MAQ and couldn't find reference to this. But if I've missed it, let me know!) -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Thu May 6 11:17:02 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd References: <002b01c4334b$1143b430$85421851@hq> <409A08CB.2050007@gmx.de> Message-ID: <002d01c43353$4640f1e0$85421851@hq> Hi, > >I use both. IMHO the releases of amavis are more stable than MailScanner > > > > is mailscanner unstable? NO! Of course not, it's running on a production server very fine! But I would wait 1 week after a release and then install it. Michael -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Thu May 6 11:25:46 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> Message-ID: <003301c43354$7edc9030$85421851@hq> > Once you've done that and if you're still finding stuff that gets > through perhaps you could report exactly what here so that folks > round these parts can find out why. Are you using the > same virus scanner in both cases? Would you mind telling > us how many mails you process each day to we can get that > figure of 10 per day in perspective. With MailScanner i use F-Prot. With amavis F-Prot and ClamAV. (I don't think ClamAV is better that F-Prot). Inbound Mails are about 20000 a day. Viruses that get caught by MailScanner about 3000 a day. > I'd also like to point out that we don't know how many MailScanner > would catch that Amavis misses if the order of scanning were reversed. > Anyone running that setup? Never tested, but good idea. > What is the *_lovers_* that you speak of? That are exceptions, e.g. user@domain wants to get viruses, but don't want spam checks etc. There was a thread 1 or 2 weeks ago about exceptions here. Don't know the topic but it's unsolved and with amavisd-new that problem would be solved. Michael -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From egil at WEBDEAL.NO Thu May 6 11:23:03 2004 From: egil at WEBDEAL.NO (Egil Fujikawa Nes - WebDea AS) Date: Thu Jan 12 21:25:03 2006 Subject: http://www.routier.org/ms.htm In-Reply-To: <54C38A0B814C8E438EF73FC76F362927410B48@mtlnt501fs.CAMOROUTE.COM> Message-ID: <00b101c43354$1ddb5780$6503150a@egil> Hi I got a very nice link here for some weeks ago http://www.routier.org/ms.htm, but when I try to open it now the page is gone. Where is the page now ? Best regards Egil Fujikawa Nes WebDeal AS - Teknologiveien 22 - 2815 Gj?vik ? NORWAY Phone: +47 61 13 16 50 - Fax: +47 61 13 16 51 E-mail: post@webdeal.no - URL: www.webdeal.no -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Thu May 6 11:33:35 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D17@pascal.priv.bmrb.co.uk> Muenz, Michael wrote: > With MailScanner i use F-Prot. With amavis F-Prot and ClamAV. > (I don't think ClamAV is better that F-Prot). > Inbound Mails are about 20000 a day. Viruses that get caught by > MailScanner about 3000 a day. Any reason not to use clamav with MS as well? >> What is the *_lovers_* that you speak of? > > That are exceptions, e.g. user@domain wants to get viruses, > but don't want spam checks etc. > You should be able to do that with rulesets, or with a custom config function. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Thu May 6 11:37:34 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <002d01c43353$4640f1e0$85421851@hq> Message-ID: Hi! > > >I use both. IMHO the releases of amavis are more stable than MailScanner > > > > > > > is mailscanner unstable? > > NO! Of course not, it's running on a production > server very fine! But I would wait 1 week after > a release and then install it. Whats unstable, we process around 4-5M on three clisters daily with MailScanner. Woulnt exactly call it unstable, unless you RUN a unstable version :) Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bapuntar at SBCGLOBAL.NET Thu May 6 10:55:15 2004 From: bapuntar at SBCGLOBAL.NET (Bernard Apuntar) Date: Thu Jan 12 21:25:03 2006 Subject: Skip scanning for large messages Message-ID: Since most of the latest viruses are propagated through auto-generated emails and usually have fixed sizes and are kept relatively small for faster propagation, how do I configure MailScanner to NOT scan emails larger than say 5MB? We don't currently limit email size now so I'm concerned of overloading the mail server by scanning all emails regardless of size. Thanks, Bernard -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Thu May 6 11:39:21 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd References: <5C0296D26910694BB9A9BBFC577E7AB001649D17@pascal.priv.bmrb.co.uk> Message-ID: <004b01c43356$6433b1d0$85421851@hq> > Any reason not to use clamav with MS as well? It uses 30 to 50 % CPU. F-Prot only 5 %. And when F-Prot detects a virus, the mail will be scanned by clamav too. That makes no sense to me. > You should be able to do that with rulesets, or with a custom config function. Never had a look at it. Is it already documented ? Michael -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Thu May 6 11:40:48 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <004b01c43356$6433b1d0$85421851@hq> Message-ID: Hi! > It uses 30 to 50 % CPU. F-Prot only 5 %. And when F-Prot detects > a virus, the mail will be scanned by clamav too. That makes no sense to > me. Sorry, not here, are you scanning on ramdisk ? Do you use the clamlib ? Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Thu May 6 11:47:35 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd References: Message-ID: <005901c43357$8b188db0$85421851@hq> > Sorry, not here, are you scanning on ramdisk ? Do you use the clamlib ? Nope .. only with the command line scanner (both). But with 20000 mail a day it's enough. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Thu May 6 11:53:09 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:03 2006 Subject: MailScanner vs. Amavisd Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0020199F5@pascal.priv.bmrb.co.uk> Muenz, Michael wrote: >> Any reason not to use clamav with MS as well? > > It uses 30 to 50 % CPU. F-Prot only 5 %. And when F-Prot detects > a virus, the mail will be scanned by clamav too. That makes no sense > to me. That depends if you have the cycles to spare. You could try the clam perl module instead? >> You should be able to do that with rulesets, or with a custom config >> function. > > Never had a look at it. Is it already documented ? Rulesets are documented in the /etc/MailScanner/conf/rules/README and EXAMPLES files Custom Config is documented at the top of the config file and in the /usr/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm file (although you need to know some perl to get going with it) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike.norton at JOBSITE.CO.UK Thu May 6 09:52:50 2004 From: mike.norton at JOBSITE.CO.UK (Mike Norton) Date: Thu Jan 12 21:25:04 2006 Subject: Creating A Rule (OT) Message-ID: <49301F35FCFD3844B7091986F6584DDABD7A32@sesma6pc.jobsite.co.uk> Yes using rules de jour, however none of the rules seem to pick this up, and they seem to end up getting a score of less than 2 Thanks Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Michele Neylon :: Blacknight Solutions Sent: 06 May 2004 09:47 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Creating A Rule (OT) Mike Have you looked at things like rules de jour? Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Norton Sent: 06 May 2004 09:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Creating A Rule (OT) I keep recieving many emails as follows with random subjects, titles and body text such as :- Received: from xxx.xxxx.xx.xx ([xxx.xxx.xxx.xxx]) by xxx.xxxx.xx.xx with Microsoft SMTPSVC(5.0.2195.6713); Thu, 6 May 2004 08:45:42 +0100 Received: from xxx.xxxx.xx.xx (xxx.xxxx.xx.xx [xxx.xxx.xxx.xxx]) by mailhost.jobsite.co.uk (8.12.8/8.12.8) with ESMTP id i467pvCR024857; Thu, 6 May 2004 08:52:20 +0100 Received: from fl-edad-u1-c6a-172.miamfl.adelphia.net (Timothy36@fl-edad-u1-c6a-172.miamfl.adelphia.net [24.53.201.172] (may be forged)) by relay1.jobsite.co.uk (8.12.6-20030919/8.12.6) with SMTP id i467u5et000774; Thu, 6 May 2004 08:56:17 +0100 (BST) Message-Id: <200405060756.i467u5et000774@xxx.xxx.xxx.xxx> Received: from 112.148.216.134 by 24.53.201.172; Fri, 07 May 2004 11:45:43 +0200 From: "Maria Bailey" Reply-To: "Maria Bailey" To: jobsite-vac@xxxx.co.uk Subject: don't publish them please andean Date: Fri, 07 May 2004 14:46:43 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3345142437071427381" X-jsgroup-MailScanner-Information: Please contact Technical Support for more information X-jsgroup-MailScanner: Found to be clean X-MailScanner-From: t91344yh@sfc.keio.ac.jp Return-Path: t91344yh@sfc.keio.ac.jp X-OriginalArrivalTime: 06 May 2004 07:45:43.0024 (UTC) FILETIME=[22559700:01C4333E] ----3345142437071427381 Content-Type: text/html; Content-Transfer-Encoding: 7Bit




club admonition infusion comport celia helene cent packard waterline bloc societal elmer kaleidescope afterward brazzaville blutwurst compensable gallberry incorrect giuliano isopleth wilcox classmate swordfish basin unanimous warmonger darn accede jejunum alewife porcine veranda bryozoa threefold reese barrier presuppose bromley propeller apprehensive suffer sorption palazzo berne shearer catalysis analogy budapest toolsmith cleveland tipsy bee prosper machiavelli geld providential palmate offhand eyeful peptide affable coffeecup courteous clubhouse regis crop deathward capillary snow duopolist laughingstock formant napkin garter waveform indwell laxative foss address perth gaggle laity crosshatch triplett adjoin paddy demigod convex flatworm seek whisper brookline stepchild demurring egret pillage responsive simplify visor annuli bimetallism mild algenib tarpaulin rwanda excisable kinesthesis osha rose asexual grandchild floodgate heart tasteful inelastic narrow anthropogenic lounsbury coxcomb schizomycetes ----3345142437071427381-- The only common thing with all these mails is that the url contains links to site%2Evoila%2Efr or site.voila.fr how can I create a custom rule to block these messages ? Thanks Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From prandal at HEREFORDSHIRE.GOV.UK Thu May 6 09:56:26 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:04 2006 Subject: BitDefender for Linux Licensing Message-ID: <0EBC45FCABFC95428EBFC3A51B368C9503441BCC@mail.herefordshire.gov.uk> The only changes I had to make with the current MailScanner (4.30.3-2) was the line Minimum Code Status = beta At the bottom of MailScanner.conf. MailWatch needed additions to functions.php and rep_viruses.php for bitdefender regexes. Something like... In functions.php: case 'bitdefender': define(VIRUS_REGEX, '/(\S+) Found virus (\S+) in/'); break; And in rep_viruses.php: case("bitdefender"): $scanner[$vscanner]['name'] = "BitDefender"; $scanner[$vscanner]['regexp'] = "/(.+) Found virus (\S+) in/"; break; Note that the regexes are slightly different from those in the MailWatch CVS. I got a false positive in the Virus Report without the " in" bit in the regex. I think it's time to take BitDefender out of beta status now, Julian. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kyle Harris > Sent: 05 May 2004 14:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: BitDefender for Linux Licensing > > I was following another thread here lately that briefly > discussed the fact that BitDefender now states on their web > site that they have a free version for Linux. Skeptic that I > am, I contacted the company to verify that this statement > wasn't a mistake. I thought I would share the e-mail > conversation with everyone (with their permission of course). > As you can see, it is no mistake! > > By the way, I had to make two changes to get it to work > properly on my MailScanner v4.28.6 > > 1. I had to change the bitdefender entry in > virus.scanners.conf from /usr/local/bd7 to /opt/bdc 2. I had > to change line 32 in the bitdefender.wrapper file. It was > PackageDir=$1/shared. I changed it to PackageDir=$1 (removed > /shared from the end). > > Here is the e-mail transaction with a contact from BitDefender: > > > Dear Kyle, > > Indeed I haven't explained myself clearly enough. You can > install this free version, BitDefender Linux Edition v7, on a > server as well. > > Also, you can post this information to the newsgroup. > > Please let me know if I can be of further assistance. > > Best Regards, > > Mihaela > --------------------------------------------------- > Mihaela PAUN > BitDefender Channel Account Manager > SOFTWIN > Data Security Division > --------------------------------------------------- > ________________________________ > e-mail: mpaun@bitdefender.com > tel: (+40) 21 233.07.80 > fax: (+40) 21 233.07.63 > Bucharest, ROMANIA > http://www.bitdefender.com > http://www.softwin.ro > ------------------------------------------------- > secure your every bit > ------------------------------------------------- > > The content of this message and attachments are confidential > and are classified as SOFTWIN's Proprietary Information. The > content of this message is intended solely for the use of the > individual or entity to whom it is addressed and others > authorized to receive it. If you are not the intended > recipient you are hereby notified that any disclosure, > copying, distribution or taking any action based on this > information are strictly prohibited and may be precluded by > law. If you have received this message in error, please > notify us immediately and then delete it from your system. > SOFTWIN Romania is neither liable for the proper and complete > transmission of the information contained in this message nor > for any delay in its receipt. > > > > -----Original Message----- > From: Kyle Harris [mailto:xxxx@xxxx.xxx] > Sent: Tuesday, May 04, 2004 7:11 PM > To: Mihaela Paun > Subject: RE: Clarification of Licensing terms for Linux BitDefender > > > Please excuse me for asking one more question regarding this, > however I want to make sure I completely understand. You say > below " You can install the Linux product for desktop . . .", > however I would like to install this on a server. I checked > the link again and it doesn't say that it is specifically for > desktops? Is that still free if it is on a server? > > Actually, I have one more question. I would like to post > this e-mail transaction to a newsgroup, however I want to > abide by the terms of your e- mail disclaimer below. May I > have permission to post this? > > Thanks again. > > -----Original Message----- > From: Mihaela Paun [mailto:mpaun@bitdefender.com] > Sent: Tuesday, May 04, 2004 10:41 AM > To: Kyle Harris > Subject: RE: Clarification of Licensing terms for Linux BitDefender > > > Dear Kyle, > > Thank you for your e-mail. > > You can install the Linux product for desktop, which is a > freeware product, at your company. There is no mistake in > that affirmation :-) > > Please let me know if I can be of further assistance. > > Best Regards, > Mihaela > --------------------------------------------------- > Mihaela PAUN > BitDefender Key Account Manager > SOFTWIN > Data Security Division > --------------------------------------------------- > ________________________________ > e-mail: mpaun@bitdefender.com > tel: (+40) 21 233.07.80 > fax: (+40) 21 233.07.63 > Bucharest, ROMANIA > http://www.bitdefender.com > http://www.softwin.ro > ------------------------------------------------- > secure your every bit > ------------------------------------------------- > > The content of this message and attachments are confidential > and are classified as SOFTWIN's Proprietary Information. The > content of this message is intended solely for the use of the > individual or entity to whom it is addressed and others > authorized to receive it. If you are not the intended > recipient you are hereby notified that any disclosure, > copying, distribution or taking any action based on this > information are strictly prohibited and may be precluded by > law. If you have received this message in error, please > notify us immediately and then delete it from your system. > SOFTWIN Romania is neither liable for the proper and complete > transmission of the information contained in this message nor > for any delay in its receipt. > > > > > -----Original Message----- > From: Kyle Harris [mailto:xxxx@xxxx.xxx] > Sent: Monday, May 03, 2004 11:05 PM > To: sales@bitdefender.com > Subject: Clarification of Licensing terms for Linux BitDefender > > > I am researching Linux antivirus solutions for use in a > corporate environment and I ran across the following page on > your web site: > http://www.bitdefender.com/bd/site/products.php?p_id=16 > > In particular, the following line caught my attention from > the above linked page, and I quote "BitDefender Linux Edition > v7 is a freeware product, which doesn't require a license to be used." > > Can you please verify that this is not some type of mistake > and that BitDefender Linux Edition v7 is indeed a freeware > product and OK for free use within a corporate environment > with no additional licenses required? > > I know that statement seems pretty explanatory, but I thought > it was worth an e-mail to verify. If it is true, you are > certainly about to get your name established well in the > Linux/Unix community. Thank you for your time. > > Kyle Harris > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Thu May 6 12:27:29 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:04 2006 Subject: Postfix support / how stable? In-Reply-To: References: Message-ID: <409A2121.9080408@eatathome.com.au> Jan-Peter Koopmann wrote: >Hi guys, > >I need your experience on MailScanner and Postfix. Some of our customers think about switching over to Postfix due to Exim having problems with very (!) large mail volumes. They now think about using amavisd since MailScanner had problems with Postfix in the earlier versions. The postfix author claimed that MailScanner is not a good solution since it does not use the Postfix standard interfaces (or something like that). This seemed to have resulted in sporadic mail loss. > >Now my question: Is that still true? What is your experience? How stable is MailScanner with postfix nowadays? > > >Kind regards > >Jan-Peter Koopmann >Dipl.-Wirtschaftsinformatiker >Senior Engineer > >-- >Seceidos GmbH >Robert-Bosch-Str.7 >64293 Darmstadt/Germany > >Phone: +49 (6151) 66843-43 >Fax: +49 (6151) 66843-52 >E-Mail: jan-peter.koopmann@seceidos.de >Web: http://www.seceidos.de > > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > Mine is small setup, only 2500 emails per day for a few domains, running as a gateway. I have only used postfix (dont know exim and sendmail seems over complex to me), its works perfectly and i dont see any flaws you describe or described 'elsewhere'. TIP: you dont have to use the method described on Julian's site, there is an alternative, email and i send the instructions if your interested. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ml at NETGROUPES.CA Thu May 6 12:35:27 2004 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:25:04 2006 Subject: http://www.routier.org/ms.htm Message-ID: Look at the automatic sig added to each post; your answer is there ;) Thanks to Ugo for the MAQ ! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Egil Fujikawa Nes - WebDea AS Sent: Thursday, May 06, 2004 06:23 To: MAILSCANNER@JISCMAIL.AC.UK Subject: http://www.routier.org/ms.htm Hi I got a very nice link here for some weeks ago http://www.routier.org/ms.htm, but when I try to open it now the page is gone. Where is the page now ? Best regards Egil Fujikawa Nes WebDeal AS - Teknologiveien 22 - 2815 Gj?vik - NORWAY Phone: +47 61 13 16 50 - Fax: +47 61 13 16 51 E-mail: post@webdeal.no - URL: www.webdeal.no -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu May 6 12:33:59 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:04 2006 Subject: http://www.routier.org/ms.htm In-Reply-To: <00b101c43354$1ddb5780$6503150a@egil> References: <54C38A0B814C8E438EF73FC76F362927410B48@mtlnt501fs.CAMOROUTE.COM> <00b101c43354$1ddb5780$6503150a@egil> Message-ID: <6.0.1.1.2.20040506123338.03edf298@imap.ecs.soton.ac.uk> At 11:23 06/05/2004, you wrote: >Hi > >I got a very nice link here for some weeks ago >http://www.routier.org/ms.htm, >but when I try to open it now the page is gone. > >Where is the page now ? Read the bottom of every list posting... >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Thu May 6 12:54:29 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:04 2006 Subject: Postfix support / how stable? Message-ID: > at all, just linked into the outgoing queue, which makes it faster. In my > experience Exim can happily handle large volumes of mail, it's what I use > for all my capacity/speed tests. It's what I suspected. Could you (maybe off list) send me your current stats again? If not I will search the archives of course. I would like to send them over to the client and see what exactly he tested over there. Regards, JP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Thu May 6 12:59:40 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <003301c43354$7edc9030$85421851@hq> References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> Message-ID: <409A28AC.6090405@eatathome.com.au> Muenz, Michael wrote: >>Once you've done that and if you're still finding stuff that gets >>through perhaps you could report exactly what here so that folks >>round these parts can find out why. Are you using the >>same virus scanner in both cases? Would you mind telling >>us how many mails you process each day to we can get that >>figure of 10 per day in perspective. >> >> > >With MailScanner i use F-Prot. With amavis F-Prot and ClamAV. >(I don't think ClamAV is better that F-Prot). >Inbound Mails are about 20000 a day. Viruses that get caught by >MailScanner about 3000 a day. > > In this case the comparison is unfair then, since you say MailScanner doesnt catch all the viruses that amavisd catches, yet you have an extra virus scanner (a VERY good one) installed on amavisd - you should be VERY careful about posting your conclusions and not including all the facts as they could very easily be the difference of 10 viruses per day ? Plus the test needs to be tried in reverse before anyone can say one system is better at catching viruses than the other... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu May 6 13:04:21 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:04 2006 Subject: http://www.routier.org/ms.htm In-Reply-To: References: Message-ID: Mailing List wrote: > Look at the automatic sig added to each post; your answer is there ;) > > Thanks to Ugo for the MAQ ! :). I've re-created the page ms.htm, with a redirect to the official URL. Funny because while looking at my stats yesterday, I noticed that 14 persons got a 404 this month 34 last month, so it was in my plans to create a redirection page, but I didn't have time yesterday. I don't promise it will always be there, but it'll help for now. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Egil Fujikawa Nes - WebDea AS > Sent: Thursday, May 06, 2004 06:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: http://www.routier.org/ms.htm > > Hi > > I got a very nice link here for some weeks ago > http://www.routier.org/ms.htm, > but when I try to open it now the page is gone. > > Where is the page now ? > > Best regards > Egil Fujikawa Nes > > WebDeal AS - Teknologiveien 22 - 2815 Gj?vik - NORWAY > Phone: +47 61 13 16 50 - Fax: +47 61 13 16 51 > E-mail: post@webdeal.no - URL: www.webdeal.no > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu May 6 14:05:49 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available Message-ID: <20040506130549.684DD21C300@mail.fsl.com> Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dh at UPTIME.AT Thu May 6 14:16:55 2004 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available In-Reply-To: <20040506130549.684DD21C300@mail.fsl.com> References: <20040506130549.684DD21C300@mail.fsl.com> Message-ID: <409A3AC7.7080708@uptime.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Stephen Swaney wrote: > To save trees, the manual is designed to be printed and bound double sided > on US letter sized paper. I'll try and get out an A1 version as soon as I > have the time. Do you mean DIN A4 ? :) - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAmjrLPMoaMn4kKR4RA319AKCFgk7S5CL9nF/JhbZ/rR8SwEQfdACfaUy9 A/m8e3cik0ltXFtNz12m1Q4= =LIVa -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Thu May 6 14:21:35 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner vs. Amavisd References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> Message-ID: <00b301c4336d$11061680$85421851@hq> > In this case the comparison is unfair then, since you say MailScanner > doesnt catch all the viruses that amavisd catches, yet you have an extra > virus scanner (a VERY good one) installed on amavisd - you should be > VERY careful about posting your conclusions and not including all the > facts as they could very easily be the difference of 10 viruses per day ? > > Plus the test needs to be tried in reverse before anyone can say one > system is better at catching viruses than the other... Back to topic: The benefit of MS is the extremly cool ruleset. The benefit of amavisd-new is the *_lovers_* stuff. That's my experience ... I like both and I'm sure when the other scenario is used (first amavis) then also some will get through. But when using both, the chance is extremely low :-) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu May 6 14:20:31 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available In-Reply-To: <409A3AC7.7080708@uptime.at> Message-ID: <20040506132034.0282921C30B@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David H. > Sent: Thursday, May 06, 2004 9:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner Manual is now available > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Stephen Swaney wrote: > > > > To save trees, the manual is designed to be printed and bound double > sided > > on US letter sized paper. I'll try and get out an A1 version as soon as > I > > have the time. > > > Do you mean DIN A4 ? Yup Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > :) > > - -d > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (Darwin) > > iD8DBQFAmjrLPMoaMn4kKR4RA319AKCFgk7S5CL9nF/JhbZ/rR8SwEQfdACfaUy9 > A/m8e3cik0ltXFtNz12m1Q4= > =LIVa > -----END PGP SIGNATURE----- > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu May 6 14:20:32 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:04 2006 Subject: Are you having tnef problems? Message-ID: <6.0.1.1.2.20040506141652.03a52560@imap.ecs.soton.ac.uk> I have finally got around to upgrading to the latest version of the tnef decoder. A few of you have been reporting TNEF problems to the list lately, so I thought an upgrade was well overdue. Non-RPM people can fetch it and build it (very easily) from http://sourceforge.net/projects/tnef/ but for those of you using either of the RPM distributions of MailScanner, I have attached the i386 version to this message. Just download the attachment and type rpm -Uvh tnef-1.2.3.1-1.i386.rpm You don't even need to restart MailScanner, it will pick it up straight away. The new version (including a ready-built Solaris sparc binary) will of course be in the next release of MailScanner. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: tnef-1.2.3.1-1.i386.rpm Type: application/octet-stream Size: 46025 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/4663e171/tnef-1.2.3.1-1.i386.obj -------------- next part -------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu May 6 14:25:07 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:04 2006 Subject: ANNOUNCE: MailScanner Manual is now available Message-ID: <6.0.1.1.2.20040506142352.03a4f000@imap.ecs.soton.ac.uk> Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com From mailscanner at ecs.soton.ac.uk Thu May 6 13:49:07 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:04 2006 Subject: TNEF problems In-Reply-To: References: Message-ID: <6.0.1.1.2.20040506134825.03a4f838@imap.ecs.soton.ac.uk> At 09:52 06/05/2004, you wrote: >I have a problem with Outlook. Even though I set the message to plain text >by hand and send the message some(!) message still carry an undecodable >TNEF attachment with it. Are you routing it out through an Exchange server? If so, it will be the Exchange server settings that are converting it to TNEF. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu May 6 14:25:07 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:04 2006 Subject: ANNOUNCE: MailScanner Manual is now available Message-ID: <6.0.1.1.2.20040506142352.03a4f000@imap.ecs.soton.ac.uk> Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Thu May 6 14:38:42 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available In-Reply-To: <20040506130549.684DD21C300@mail.fsl.com> References: <20040506130549.684DD21C300@mail.fsl.com> Message-ID: <409A3FE2.4000408@gmx.de> Stephen Swaney wrote: >Version 1.0 of the MailScanner Manual is finally ready for download. >[...] The manual, in PDF format, may be downloaded from: > > www.fsl.com/support > thanks for this document. but acroread under linux open the manual correctly (pages 83) with a information $ vi `which acroread` ver=5.0.8 $ acroread MailScanner-Manual-Version-1.0.pdf -> information ---- this file may contain newer information than this viewer can support. it may not open or display correctly. adobe recommends that you upgrade to the latest version of our acrobat products. please visit our product site at http://www.adobe.com/accrobat ---- afaik i do not need to search acroread 6.x for linux, it does not exist :-( $ pdfinfo MailScanner-Manual-Version-1.0.pdf Error: PDF version 1.5 -- xpdf supports version 1.4 (continuing anyway) Title: Microsoft Word - MailScanner-Manual-Version-1.0.doc Author: steve Creator: PScript5.dll Version 5.2 Producer: Acrobat Distiller 6.0 (Windows) CreationDate: Thu May 6 08:42:13 2004 ModDate: Thu May 6 08:43:54 2004 Tagged: no Pages: 83 Encrypted: no Page size: 612 x 792 pts (letter) File size: 384128 bytes Optimized: no PDF version: 1.5 /* (Acrobat 6.x) additional info from acroread */ -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu May 6 14:32:32 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <00b301c4336d$11061680$85421851@hq> References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> Message-ID: Muenz, Michael wrote: >>In this case the comparison is unfair then, since you say MailScanner >>doesnt catch all the viruses that amavisd catches, yet you have an extra >>virus scanner (a VERY good one) installed on amavisd - you should be >>VERY careful about posting your conclusions and not including all the >>facts as they could very easily be the difference of 10 viruses per day ? >> >>Plus the test needs to be tried in reverse before anyone can say one >>system is better at catching viruses than the other... > > > Back to topic: > The benefit of MS is the extremly cool ruleset. > The benefit of amavisd-new is the *_lovers_* stuff. ok, but what's the difference between MS's rulesets and the lovers stuff? > > That's my experience ... > > I like both and I'm sure when the other scenario is used > (first amavis) then also some will get through. > But when using both, the chance is extremely low :-) That's sure, but are you banning filetypes/filenames, do you scan within zips for them in MailScanner? Another question: Does Amavis support the HTML sanitizing options MailScanner offers? Thanks, -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu May 6 14:48:44 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available In-Reply-To: <409A3FE2.4000408@gmx.de> Message-ID: <20040506134844.3732A21C303@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of shrek-m@gmx.de > Sent: Thursday, May 06, 2004 9:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner Manual is now available > > Stephen Swaney wrote: > > >Version 1.0 of the MailScanner Manual is finally ready for download. > >[...] The manual, in PDF format, may be downloaded from: > > > > www.fsl.com/support > > > > > thanks for this document. > but acroread under linux open the manual correctly (pages 83) with a > information > > > $ vi `which > acroread` > > ver=5.0.8 In linux, xpdf works fine. The document was created with Acrobat 6.0. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > > > $ acroread MailScanner-Manual-Version-1.0.pdf > -> information > ---- > this file may contain newer information than this viewer can support. > it may not open or display correctly. > adobe recommends that you upgrade to the latest version of our acrobat > products. > please visit our product site at http://www.adobe.com/accrobat > ---- > > > afaik i do not need to search acroread 6.x for linux, > it does not exist :-( > > > $ pdfinfo MailScanner-Manual-Version-1.0.pdf > Error: PDF version 1.5 -- xpdf supports version 1.4 (continuing anyway) > Title: Microsoft Word - MailScanner-Manual-Version-1.0.doc > Author: steve > Creator: PScript5.dll Version 5.2 > Producer: Acrobat Distiller 6.0 (Windows) > CreationDate: Thu May 6 08:42:13 2004 > ModDate: Thu May 6 08:43:54 2004 > Tagged: no > Pages: 83 > Encrypted: no > Page size: 612 x 792 pts (letter) > File size: 384128 bytes > Optimized: no > PDF version: 1.5 /* (Acrobat 6.x) additional info from acroread */ > > > -- > shrek-m > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alaslavic at HAVERTYS.COM Thu May 6 14:52:54 2004 From: alaslavic at HAVERTYS.COM (Alex Laslavic) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner vs. Amavisd In-Reply-To: Message-ID: MailScanner mailing list wrote on 05/06/2004 12:18:52 AM: > Hi people can I get the opinion of people who have used both MailScanner > and Amavisd. What are the reasons for using MailScanner over Amavisd, or > what are the benefits of Amavisd over MailScanner etc. > > I would be interested to hear these comparisons from people with > experience with both. > > I have only had a chance to use MailScanner and I have installed it on > a few servers. The deal breaker for me on Amavisd was that (at the time I tried it) it was not able to remove specific types of attachments, while forwarding the rest of the message to the recipient. You could either deny the message completely, or let it through. MS allows me to remove potentially harmful attachment types, while sending the rest of the message through. > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jburzenski at AMERICANHM.COM Thu May 6 14:46:26 2004 From: jburzenski at AMERICANHM.COM (Jason Burzenski) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available Message-ID: <9BDD6D4AD0795C46974D7D46C17883B80AEC7D49@ahm_exchange2.americanhm.com> Nice job with the manual! It will likely attract new admins who thought a MS system was too complex to manage. Let me know if you need any help. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/bbf6ee34/attachment.html From robin at PRIMUS.CA Thu May 6 15:03:46 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:04 2006 Subject: Postfix support / how stable? In-Reply-To: <409A2121.9080408@eatathome.com.au> References: <409A2121.9080408@eatathome.com.au> Message-ID: On Thu, 6 May 2004, Pete wrote: > Mine is small setup, only 2500 emails per day for a few domains, running > as a gateway. I have only used postfix (dont know exim and sendmail > seems over complex to me), its works perfectly and i dont see any flaws > you describe or described 'elsewhere'. TIP: you dont have to use the > method described on Julian's site, there is an alternative, email and i > send the instructions if your interested. What is the alternative you are refering to. Please post the link. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sanjay.patel at REXWIRE.COM Thu May 6 14:43:29 2004 From: sanjay.patel at REXWIRE.COM (Sanjay K. Patel) Date: Thu Jan 12 21:25:04 2006 Subject: Uninstall Mailscanner Message-ID: <200405061346.i46DkG66027542@mx.sargam.com> How do I uninstall MailScanner? SKP -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Thu May 6 15:13:00 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner vs. Amavisd In-Reply-To: References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> Message-ID: On Thu, 6 May 2004, Ugo Bellavance wrote: > > Does Amavis support the HTML sanitizing options MailScanner offers? > From sysadmin at FLEETONE.COM Thu May 6 15:13:53 2004 From: sysadmin at FLEETONE.COM (Rob Freeman) Date: Thu Jan 12 21:25:04 2006 Subject: Uninstall Mailscanner References: <200405061346.i46DkG66027542@mx.sargam.com> Message-ID: <04a401c43374$5cabc380$45a610ac@fleetone.com> ----- Original Message ----- From: "Sanjay K. Patel" To: Sent: Thursday, May 06, 2004 8:43 AM Subject: Uninstall Mailscanner > How do I uninstall MailScanner? > > SKP > rpm -e mailscanner -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Thu May 6 15:13:42 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:04 2006 Subject: Uninstall Mailscanner In-Reply-To: <200405061346.i46DkG66027542@mx.sargam.com> References: <200405061346.i46DkG66027542@mx.sargam.com> Message-ID: <409A4816.9010603@eatathome.com.au> Sanjay K. Patel wrote: >How do I uninstall MailScanner? > >SKP > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > depends how you installed it, onto which OS? How do you expect anyone to answer this question? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Thu May 6 15:16:27 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available In-Reply-To: <20040506134844.3732A21C303@mail.fsl.com> References: <20040506134844.3732A21C303@mail.fsl.com> Message-ID: <409A48BB.5030108@gmx.de> Stephen Swaney wrote: >In linux, xpdf works fine. The document was created with Acrobat 6.0 > > sure, with "ggv" too. acroread 6.x does not exist for unices and it would be nice to open this document with acroread 5.x without this info. i am sure there exist a lot of other ways to create and provide this document as .ps and .pdf sorry, please do not undertand mw wrong. i had never seen mailscanner for windows and i had never seen such an info with acroread 5.x (linux) one possibility: $ pdf2ps MailScanner-Manual-Version-1.0.pdf $ mv MailScanner-Manual-Version-1.0.ps ms-man.ps $ ps2pdf ms-man.ps $ pdfinfo ms-man.pdf Producer: GNU Ghostscript 7.07 Tagged: no Pages: 83 Encrypted: no Page size: 612 x 792 pts (letter) File size: 2485519 bytes Optimized: no PDF version: 1.2 acroread 5.x is happy -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kodak at FRONTIERHOMEMORTGAGE.COM Thu May 6 15:17:13 2004 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available In-Reply-To: <9BDD6D4AD0795C46974D7D46C17883B80AEC7D49@ahm_exchange2.americanhm.com> Message-ID: <006901c43374$d3e6d5c0$0501a8c0@darkside> >Nice job with the manual! Seconded. >It will likely attract new admins who thought a MS system was too complex to manage. Oh, no, you don't find that out until it's much too late. :) --J(K) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Thu May 6 15:17:43 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:04 2006 Subject: Postfix support / how stable? In-Reply-To: References: <409A2121.9080408@eatathome.com.au> Message-ID: <409A4907.6030301@eatathome.com.au> Drew has made his own page i found by searching the archives...see below link. http://www.themarshalls.co.uk/mailscanner-docs/postfix.htm > >What is the alternative you are refering to. Please post the link. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu May 6 15:26:21 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available In-Reply-To: <409A48BB.5030108@gmx.de> Message-ID: <20040506142621.5D41321C2E9@mail.fsl.com> Thanks for the advice. Much appreciated. I'll try and sort out the PDF file as soon as practical. Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of shrek-m@gmx.de > Sent: Thursday, May 06, 2004 10:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner Manual is now available > > Stephen Swaney wrote: > > >In linux, xpdf works fine. The document was created with Acrobat 6.0 > > > > > > sure, > with "ggv" too. > acroread 6.x does not exist for unices and it would be nice to open this > document with acroread 5.x without this info. > > i am sure there exist a lot of other ways to create and provide this > document as .ps and .pdf > > sorry, > please do not undertand mw wrong. > > > i had never seen mailscanner for windows > and i had never seen such an info with acroread 5.x (linux) > > > one possibility: > $ pdf2ps MailScanner-Manual-Version-1.0.pdf > $ mv MailScanner-Manual-Version-1.0.ps ms-man.ps > $ ps2pdf ms-man.ps > > > $ pdfinfo ms-man.pdf > Producer: GNU Ghostscript 7.07 > Tagged: no > Pages: 83 > Encrypted: no > Page size: 612 x 792 pts (letter) > File size: 2485519 bytes > Optimized: no > PDF version: 1.2 > > acroread 5.x is happy > > -- > shrek-m > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Thu May 6 15:23:06 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:25:04 2006 Subject: MS/SA occasionally not calling Bayes? In-Reply-To: <107DE25EC0216C45AEF670016024245F7073@exchangea.staff.uce.ac.uk> References: <107DE25EC0216C45AEF670016024245F7073@exchangea.staff.uce.ac.uk> Message-ID: On Thu, 6 May 2004, David While wrote: > Correct me if I am wrong (I am sure you will!) but SA will only include > the BAYES_??=xx score if it actually finds a hit similar to all the > other SA rules - so it is perfectly possible to get Spam without a BAYES > score - it doesn't mean that SA hasn't consulted the Bayes DB it simply > means it didn't find a hit. Sounds most plausible! Perhaps an embarrassingly elementary misunderstanding on my part. Is the following about right? "BAYES_xx=0.0" means "Bayes has enough data in common with this message to calculate a probability 'xx', which then scores 0.0"; whereas: An absence of "BAYES_xx" means "Bayes doesn't have enough data in common with this message, so is unable to calculate a meaningful probablity and score". -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From davidj at IMPOL.NET Thu May 6 15:27:39 2004 From: davidj at IMPOL.NET (David Jacobson) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner cluster setup Message-ID: Hi, I've setup MailScanner at an ISP environment and it works very well. Our core mail servers run standard exim and for clients who pay for virus/spam scanning their mail gets re-routed to the mailscanner box (only about 20 companies) Hardware Specs Dual Xeon 2.4ghz 2.4 Hyper Threading 2 Gigs Ram Raid 5 - 35 Gigs Software Specs MailScanner 4.28.6 Exim 4.30 ClamAV 0.70 SpamAssassin 2.63 Pyzor 0.40 Razor 2.36 DCC 1.2.32 tmpfs on /var/spool/MailScanner/incoming. caching dns server. Custom SA rules (Big Evil List, Rules de Juor etc) Bayes 15 Children I've looked at our MRTG stats ... On average we process 25 000 (1.4Gigs) Mails per day, the stastic I am concerned about is on average there are 111 Mails in the incoming queue This is the only process I need to streamline and make more efficient, the rest of the stats are fine. Does anyone have any recommendations on how to get MailScanner to process the mail quicker so there is not more than say 20 mails in the incoming queue on average. Also, I am considering replacing our core mail servers and replacing them with clustered MailScanner solutions - the problem I have is that I need the quarantine directories to be the same on all servers and their mail boxes. I have considered setting up an additional three MailScanner machines NFS mounting a Network storage device... however this comes back to the point of single failure if the Network storage device goes down. Can anyone perhaps shed some insight on their clustering setups? Thanks in advance! Kind regards, David Jacobson Network Security Administrator RHCE Imperial Online - The Imperial Connection Switchboard (+27) 11 723-8000 Helpdesk (+27) 11 723-8181 Mobile (+27) 83 235-0760 Facsimile (+27) 11 454 1236 Email davidj@impol.net www.imperialonline.co.za / www.imperialtoday.co.za Confidentiality Notice: This communication and the information it contains are intended for the person(s) or organisation(s) named above and for no other person(s) or organisation(s). The content of this communication may be confidential, legally privileged and protected. Unauthorised use, copying or disclosure of any part of this communication may be unlawful. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/028dd78e/attachment.html From robin at PRIMUS.CA Thu May 6 15:18:25 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner vs. Amavisd Message-ID: On Thu, 6 May 2004, Ugo Bellavance wrote: > Robin M. wrote: > > > Hi people can I get the opinion of people who have used both MailScanner > > and Amavisd. What are the reasons for using MailScanner over Amavisd, or > > what are the benefits of Amavisd over MailScanner etc. > > > > That is an interresting question, and I think many people on this list > asked themselves at least once. Did you post the same question on the > Amavis list? > nope, do you think I should? I am not on that list. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Thu May 6 15:18:59 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:04 2006 Subject: ANNOUNCE: MailScanner Manual is now available Message-ID: On Thu, 6 May 2004, Julian Field wrote: > Any errors or omissions are mine alone and any corrections or additional > material will be gratefully accepted. > On page 12 of 83 the lines the file location should be /etc/sysconfig/i18n not /etc/sysconfig.i18n After installing Red Hat Linux you must edit the file /etc/sysconfig.i18n to change the lines: LANG="en_US.UTF-8" SUPPORTED="en_US.UTF-8:en_US:en" To: LANG="en_US" SUPPORTED="en_US.UTF-8:en_US:en" References: <200405061346.i46DkG66027542@mx.sargam.com> Message-ID: On Thu, 6 May 2004, Sanjay K. Patel wrote: > How do I uninstall MailScanner? > It depends on how you installed it. If you installed using rpm then you can use rpm -e mailscanner you will have to undo any manual modifications which you made to your config files for your mta. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From prandal at HEREFORDSHIRE.GOV.UK Thu May 6 15:42:44 2004 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:25:04 2006 Subject: Process Overview Diagram in .jpg format Message-ID: <0EBC45FCABFC95428EBFC3A51B368C9503441C3D@mail.herefordshire.gov.uk> With Stephen Swaney's permission I've made a .jpg format copy of the new manual's Process Overview diagram, suitable for including in your Wikis or in online documentation. You can grab it from: http://www.rebee.clara.net/images/MailScanner_Process_Overview_V4.jpg Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Thu May 6 15:47:49 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:04 2006 Subject: Process Overview Diagram in .jpg format In-Reply-To: <0EBC45FCABFC95428EBFC3A51B368C9503441C3D@mail.herefordshire.gov.uk> Message-ID: <200405061442.i46Egf4X014430@monitor.blacknight.ie> Phil Nice one :) Stephen spent a lot of time getting that right, so even morons like me can read it easily. Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: 06 May 2004 15:43 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Process Overview Diagram in .jpg format With Stephen Swaney's permission I've made a .jpg format copy of the new manual's Process Overview diagram, suitable for including in your Wikis or in online documentation. You can grab it from: http://www.rebee.clara.net/images/MailScanner_Process_Overview_V4.jpg Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Thu May 6 15:41:55 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner cluster setup In-Reply-To: References: Message-ID: > > On average we process 25 000 (1.4Gigs) Mails per day, the stastic I am > concerned about is on average there are 111 Mails in the incoming queue > This is the only process I need to streamline and make more efficient, > the rest of the stats are fine. Does anyone have any recommendations > on how to get MailScanner to process the mail quicker so there is not > more than say 20 mails in the incoming queue on average. Since you have 15 childrens, it is normal that you have that amount of messages in your incoming queue. Don't forget that messages stay in the incoming queue until they are completely processed by MailScanner and moved to the outgoing queue. So, theoretically, if you have 15 childrens processing up to 30 messages/batch, you can have up to 450 messages in the incoming queue, but none will really be "waiting" for processing. What is your average delay for processing your messages? > > Also, I am considering replacing our core mail servers and replacing > them with clustered MailScanner solutions - the problem I have is that > I need the quarantine directories to be the same on all servers and > their mail boxes. I have considered setting up an additional three > MailScanner machines NFS mounting a Network storage device... however > this comes back to the point of single failure if the Network storage > device goes down. Can anyone perhaps shed some insight on their > clustering setups? I suggest you ask Steve from FSL Steve.Swaney@FSL.com > > Thanks in advance! > > Kind regards, > > David Jacobson > Network Security Administrator > RHCE > > Imperial Online - The Imperial Connection > > Switchboard (+27) 11 723-8000 > Helpdesk (+27) 11 723-8181 > Mobile (+27) 83 235-0760 > Facsimile (+27) 11 454 1236 > Email davidj@impol.net > > www.imperialonline.co.za / www.imperialtoday.co.za > > Confidentiality Notice: > This communication and the information it contains are intended for the > person(s) or organisation(s) named above and for no other person(s) or > organisation(s). > The content of this communication may be confidential, legally > privileged and protected. Unauthorised use, copying or disclosure of any > part of this communication may be unlawful. -------------------------- > MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From fanf2 at CAM.AC.UK Thu May 6 16:11:59 2004 From: fanf2 at CAM.AC.UK (Tony Finch) Date: Thu Jan 12 21:25:04 2006 Subject: McAfee autoupdate & wrapper Message-ID: Following the discussion in March, I've found time to have a look at the autoupdate script. I've added proxy and retry support, and it now uses McAfee's own idea of the current dat file version rather than believing the filesystem layout. -- Tony Finch http://www.cus.cam.ac.uk/~fanf2/ Mail Support, University of Cambridge Computing Service New Museums Site, Pembroke Street, Cambridge, CB2 3QH -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- #!/bin/sh -e # # Update the McAfee data files. # # $Cambridge: hermes/conf/build/bin/uvscan-update,v 1.45 2004/05/06 15:07:47 fanf2 Exp $ # $PREFIX is the directory where the uvscan binary is (NOT a symlink to # the binary), which is where it looks for its dat files. You may run # uvscan via a symlink to this place (e.g. from /usr/local/bin/uvscan) # and it will still look for the dat files here. If uvscan's library # dependencies can be found in a standard place (e.g. /usr/local/lib) # then you don't need a wrapper script to set LD_LIBRARY_PATH before # running it. # # The dat files are installed in a subdirectory of $DATDIR named # according to their version number, with symlinks from $PREFIX into # the subdirectory via a current link. The current link is updated # without locking on the assumption that this is sufficiently unlikely # to cause a problem. # defaults OPTS="" PREFIX=/opt/uvscan FTPDIR=http://download.nai.com/products/datfiles/4.x/nai RETRIES=1 INTERVAL=300 # handle the command line usage () { echo "usage: $0 [-dfrtv] [-Rnnn] [-Innn] [proxy] [prefix]" echo " -d delete old files" echo " -e get extra.dat" echo " -f force update" echo " -r show README" echo " -t timestamp output" echo " -v verbose" echo " -R number of retries" echo " -I retry interval" echo " proxy URL of FTP/HTTP proxy server" echo " prefix uvscan installation directory" exit 1 } case $# in [012345]) : ok ;; *) usage ;; esac for arg in "$@" do case $arg in -I*) INTERVAL=${arg#-I} ;; -R*) RETRIES=${arg#-R} ;; -*) OPTS=$arg ;; /*) PREFIX=$arg ;; http:) ftp_proxy=$arg http_proxy=$arg export ftp_proxy export http_proxy ;; *) usage ;; esac done case $OPTS in *[!-dfrtv]*) usage esac option () { case $OPTS in -*$1*) eval $2=yes ;; *) eval $2=no ;; esac } option d DELETE option e EXTRA option f FORCE option r README option t TIME option v VERBOSE case $FORCE in yes) VERBOSE=yes esac # look for binaries and libraris in plausible places PATH=$PREFIX:/usr/local/bin:/usr/bin:/bin # this is only necessary for broken setups LD_LIBRARY_PATH=$PREFIX export PATH LD_LIBRARY_PATH # where this script finds things DATDIR=$PREFIX/datfiles LINKREL=datfiles/current LINKABS=$PREFIX/$LINKREL # wrapper functions for echo etc. timestamp () { case $TIME in yes) date "+%Y-%m-%d %H:%M:%S " esac } say () { case $VERBOSE in yes) echo "`timestamp`$*" esac } run () { say "> $*" "$@" } testeval () { # ugly workaround say "> $*" set +e eval "$*" ret=$? set -e return $ret } is () { test "$@" 2>/dev/null } say Starting $0 say DELETE=$DELETE say FORCE=$FORCE say README=$README say TIME=$TIME say VERBOSE=$VERBOSE say RETRIES=$RETRIES say INTERVAL=$INTERVAL say PROXY=$ftp_proxy say PREFIX=$PREFIX if ! is -d $DATDIR || ! is -h $LINKABS then INIT=yes VERBOSE=yes say Initial setup of $0 run mkdir -p $DATDIR fi run cd $DATDIR getver () { match="[0-9][0-9][0-9][0-9]" err="version.err" cmd="$1" out="$2" txt="$3" if testeval "$cmd 2>$err 1>&2" then VER=`cat $out | sed "/^$txt\($match\).*$/!d;s//\1/;q"` case $VER in $match) run rm -f $out $err return esac fi cat $err VER=UNKNOWN run rm -f $out $err } # work out latest dat version try=$RETRIES while : do getver "wget --tries=$try --waitretry=$INTERVAL --passive-ftp $FTPDIR/update.ini" update.ini "DATVersion=" VERSION=$VER case $VERSION in UNKNOWN) if ! try=`expr $try - 1` then break fi say Problem with McAfee datfile update from $FTPDIR say Sleeping for $INTERVAL seconds before retrying sleep $INTERVAL ;; *) break ;; esac done # work out installed dat version getver "uvscan --version" version.err "Virus data file v" PREVIOUS=$VER case $FORCE in yes) say Forced update from $PREVIOUS PREVIOUS=0000 ;; *) if is $VERSION -eq $PREVIOUS then say Already have $VERSION run exit 0 fi esac VERBOSE=yes say Installed dat file is $PREVIOUS say Latest dat file is $VERSION if is $VERSION = UNKNOWN then say Problem with McAfee datfile update from $FTPDIR run exit 1 elif is $VERSION -lt $PREVIOUS then say Remote version $VERSION older than installed version $PREVIOUS run exit 1 elif is -d $VERSION then say Cleaning away $VERSION directory run rm -rf $VERSION fi retry () { echo "$OUT" say Fetch or test failed -- removing bad McAfee data files run cd $DATDIR run rm -rf $VERSION if ! try=`expr $try - 1` then say Giving up run exit 1 fi say Sleeping for $INTERVAL seconds before retrying sleep $INTERVAL continue } try=$RETRIES while : do # fetch and extract dat files TARFILE=dat-$VERSION.tar run mkdir $VERSION run cd $VERSION if ! run wget --tries=$try --waitretry=$INTERVAL --passive-ftp --progress=dot:mega $FTPDIR/$TARFILE then retry fi run tar xvf $TARFILE # verify the contents CMD="uvscan --version --dat ." say "> $CMD" OUT=`$CMD 2>&1` case "$OUT" in *"Missing or invalid DAT"* | \ *"Data file not found"* | \ *"Removal datafile clean.dat not found"* | \ *"Unable to remove viruses"* ) retry ;; *) break ;; esac done echo "$OUT" say Update OK # show information on this update? case $README in yes) run sed 's/[[:cntrl:]]//g 1,/^====================/d /^====================/,/^NEW VIRUSES DETECTED/d /^UNDERSTANDING VIRUS NAMES/,$d s/^/# /;/@MM/s/$/ <--/' readme.txt esac # remove some crap run rm -f *.diz *.exe *.ini *.lst *.tar *.txt # do remaining part of initial setup case $INIT in yes) for file in *.dat extra.dat do run rm -f $PREFIX/$file run ln -s $LINKREL/$file $PREFIX/$file done esac # update the current version link run rm -f $LINKABS run ln -s $VERSION $LINKABS # maybe delete old dat files case $DELETE in yes) run cd $DATDIR run rm -rf $PREVIOUS esac say Completed OK run exit 0 # done From linux at LEUTE.SERVER.DE Thu May 6 16:53:15 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner vs. Amavisd References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> Message-ID: <008301c43382$3ea98a80$85421851@hq> > > Back to topic: > > The benefit of MS is the extremly cool ruleset. > > The benefit of amavisd-new is the *_lovers_* stuff. > > ok, but what's the difference between MS's rulesets and the lovers stuff? topic on the list was: "virus scanning with virus delivery" 20.4.04 that would be possible with amavisd-new and there's no solution with MS (on the list). The main reason I'm using MS is, that some customers want to be informed about Silent Viruses and mostly not. Amavis cannot handle that for different domains. > That's sure, but are you banning filetypes/filenames, do you scan within > zips for them in MailScanner? no banning, scan within zips > Does Amavis support the HTML sanitizing options MailScanner offers? I don't think so. Thats another benefit for MS, but I don't use it anyway. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bpumphrey at WOODMACLAW.COM Thu May 6 16:55:34 2004 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available Message-ID: Yes, thank you so much for the manual. I think this will have a big effect on the questions asked on the list. Since I'm a newb at Linux, for a newb that doesn't know the wget command, it might be helpful to put the wget command around where its talking about downloading mailscanner. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Thursday, May 06, 2004 8:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Manual is now available Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From me at MATTKRAUSE.NET Thu May 6 16:50:54 2004 From: me at MATTKRAUSE.NET (Matt Krause) Date: Thu Jan 12 21:25:04 2006 Subject: Quarantined attachments In-Reply-To: <4092DB31.8060707@ucgbook.com> References: <4092DB31.8060707@ucgbook.com> Message-ID: <409A5EDE.8020808@mattkrause.net> So does anyone know how to do this for Postfix? Thanks. Matt Krause Peter Bonivart wrote: > InvictaWiz Customer Support wrote: > >> How do others deliver dodgi attachments out of quarantine? > > > There's a couple of ways to get them through if you want them to go > through MS again but why don't you just drop them in the outgoing queue > instead? > > I don't know what MTA you have but I have Sendmail and I quarantine > messages as queue files. Then I can just drop it in the outgoing queue > and it will be delivered. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, > SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From William.Burns at AEROFLEX.COM Thu May 6 16:58:04 2004 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner cluster setup In-Reply-To: References: Message-ID: <409A608C.7080509@aeroflex.com> David Jacobson wrote: > Also, I am considering replacing our core mail servers and replacing > them with clustered MailScanner solutions - the problem I have is that > I need the quarantine directories to be the same on all servers and > their mail boxes. I have considered setting up an additional three > MailScanner machines NFS mounting a Network storage device... however > this comes back to the point of single failure if the Network storage > device goes down. Can anyone perhaps shed some insight on their > clustering setups? David: I'm not sure what you mean by "core" mail servers, or (in this context) "clustering". I have 3 machines that I call mail "switches" (gateways), each of which is running MailScanner. These 3 machines forward mail to various other "mailbox" machines, so no mail gets delivered locally on any of the mailscanner machines. This setup works very well for me. since each mail switch is in a different geographic location, A power outage, or any other "disaster" scenario can't stop mail to my domain. (although users of an individual mailbox might be affected) You need the quarantine directories to be the same? Meaning that all mailscanner machines must get their quarantine files into the same directory? I'm not sure why that is a requirement. When users get notification of a quarantine, that notification comes from the individual machine that the quarantine is sitting on. If you really need your quarantined files to be on one machine, I'd suggest setting up some kind of automated file transfer from the mailscanner machines to some central file server. That way, if the central file server goes down, the mailscanner machines will still function. The only downside is that the quarantine transfers will be delayed. -Bill -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bpumphrey at WOODMACLAW.COM Thu May 6 17:24:32 2004 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available Message-ID: On page 58, it has the Vispan url as: http://www.while.homeunix.net/mailstats Shouldn't it be: http://while.homeunix.net/mailstats ??? Even though with the "www" it seemed to work. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Thursday, May 06, 2004 8:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Manual is now available Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From David.While at UCE.AC.UK Thu May 6 17:26:12 2004 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available Message-ID: <107DE25EC0216C45AEF670016024245F6441CD@exchangea.staff.uce.ac.uk> As it happens both will work! David While (Vispan Author!!) -----Original Message----- From: MailScanner mailing list on behalf of Billy A. Pumphrey Sent: Thu 06/05/2004 17:24 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: MailScanner Manual is now available On page 58, it has the Vispan url as: http://www.while.homeunix.net/mailstats Shouldn't it be: http://while.homeunix.net/mailstats ??? Even though with the "www" it seemed to work. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Thursday, May 06, 2004 8:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Manual is now available Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bpumphrey at WOODMACLAW.COM Thu May 6 17:26:50 2004 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:25:04 2006 Subject: MailScanner Manual is now available Message-ID: Oh, I see where it has that URL on the web page. That just seems unconventional. I'm Sorry. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Billy A. Pumphrey Sent: Thursday, May 06, 2004 11:25 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner Manual is now available On page 58, it has the Vispan url as: http://www.while.homeunix.net/mailstats Shouldn't it be: http://while.homeunix.net/mailstats ??? Even though with the "www" it seemed to work. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Thursday, May 06, 2004 8:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Manual is now available Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rrobin at GREENAPPLE.COM Thu May 6 17:33:35 2004 From: rrobin at GREENAPPLE.COM (Robin, Rob) Date: Thu Jan 12 21:25:04 2006 Subject: Virus scanning questions Message-ID: Hello all, This bugs me for almost the entire morning. Appreciate some help. Problems: --------- I intend to notify senders of viruses. I checked the log files (posted below), the clamav does the scanning and logged that it found viruses. However, sender never gets notified. The recipient still receives the message (w/ virus attachment) unaltered in anyway. The header of the received message contradicts the log message. The log message says that it has detected a virus, but the header says that it's clean. Header of the scanned message: X-greenapple.com-MailScanner-Information: Please contact the ISP for more information X-greenapple.com-MailScanner: Found to be clean My entire etc/ config can be found at www.greenapple.com/~rrobin/mailscanner/etc [.dist files are the unmodified original config files ] Platform -------- Sendmail 8.12.10 MailScanner v. 4.30.3 Clamav 0.70 Fedora Related MailScanner.conf ------------------------ Virus Scanning = yes Virus Scanners = clamav Deliver Disinfected Files = no Notify Senders = yes Notify Senders Of Viruses = yes Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} [ filename checking is disabled, both set to empty string ] Filename Rules = Filetype Rules = --- Related Log-- May 6 12:23:19 mailtest MailScanner[1895]: New Batch: Scanning 1 messages, 1576 bytes May 6 12:23:22 mailtest MailScanner[1895]: Virus and Content Scanning: Starting May 6 12:23:27 mailtest MailScanner[1909]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 6 12:23:29 mailtest MailScanner[1897]: Using locktype = flock May 6 12:23:31 mailtest MailScanner[1895]: /usr/local/MailScanner/4.30.3/var/spool/incoming/1895/./i46GNG2o001896/eicar.com: Eicar-Test-Signature FOUND May 6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: ClamAV found 1 infections May 6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: Found 1 viruses May 6 12:23:33 mailtest MailScanner[1895]: Uninfected: Delivered 1 messages May 6 12:23:33 mailtest sendmail[1912]: gethostbyaddr(192.168.186.200) failed: 1 May 6 12:23:38 mailtest MailScanner[1909]: Using locktype = flock ----------------- What went wrong ? Thanks, Rob -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sevans at FOUNDATION.SDSU.EDU Thu May 6 17:40:16 2004 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:25:05 2006 Subject: Virus scanning questions Message-ID: <3A411846CD3C0D4CB3D8704F9373537090C17F@be-00.foundation.sdsu.edu> >>> I intend to notify senders of viruses. Please don't. I really don't want to hear about every virus headed your way that I didn't send. Steve Evans SDSU Foundation -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Robin, Rob Sent: Thursday, May 06, 2004 9:34 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus scanning questions Hello all, This bugs me for almost the entire morning. Appreciate some help. Problems: --------- I intend to notify senders of viruses. I checked the log files (posted below), the clamav does the scanning and logged that it found viruses. However, sender never gets notified. The recipient still receives the message (w/ virus attachment) unaltered in anyway. The header of the received message contradicts the log message. The log message says that it has detected a virus, but the header says that it's clean. Header of the scanned message: X-greenapple.com-MailScanner-Information: Please contact the ISP for more information X-greenapple.com-MailScanner: Found to be clean My entire etc/ config can be found at www.greenapple.com/~rrobin/mailscanner/etc [.dist files are the unmodified original config files ] Platform -------- Sendmail 8.12.10 MailScanner v. 4.30.3 Clamav 0.70 Fedora Related MailScanner.conf ------------------------ Virus Scanning = yes Virus Scanners = clamav Deliver Disinfected Files = no Notify Senders = yes Notify Senders Of Viruses = yes Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} [ filename checking is disabled, both set to empty string ] Filename Rules = Filetype Rules = --- Related Log-- May 6 12:23:19 mailtest MailScanner[1895]: New Batch: Scanning 1 messages, 1576 bytes May 6 12:23:22 mailtest MailScanner[1895]: Virus and Content Scanning: Starting May 6 12:23:27 mailtest MailScanner[1909]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 6 12:23:29 mailtest MailScanner[1897]: Using locktype = flock May 6 12:23:31 mailtest MailScanner[1895]: /usr/local/MailScanner/4.30.3/var/spool/incoming/1895/./i46GNG2o001896/e icar.com: Eicar-Test-Signature FOUND May 6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: ClamAV found 1 infections May 6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: Found 1 viruses May 6 12:23:33 mailtest MailScanner[1895]: Uninfected: Delivered 1 messages May 6 12:23:33 mailtest sendmail[1912]: gethostbyaddr(192.168.186.200) failed: 1 May 6 12:23:38 mailtest MailScanner[1909]: Using locktype = flock ----------------- What went wrong ? Thanks, Rob -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bpumphrey at WOODMACLAW.COM Thu May 6 18:03:02 2004 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner Manual is now available Message-ID: Another suggestion if I may: Possibly another Appendix. Something that is a rundown of the whole book and recommendations for the best spam blocking and virus scanning. Such as (knowing that the information might be skipping stuff or not: Providing that you know that the more stuff you install you need a beefy machine but for the best protecting we recommend: So the "perfect" mailscanner will/might be: Install Redhat (or OS) Install MailScanner Install spamassassing Use bayes and do this and this and this for best results Use these filters from here http://xxxx.xxx.xxx.com Install virus protection Use this one, its free Use maybe this one too as It catches more virues and updates more often Install one of the monitoring tools, mailwatch, vispan. Install eiterh DCC, Razor, Pyzor. I know that is a little redundant but Its straight to the point and would help people like me -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Thursday, May 06, 2004 8:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Manual is now available Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Thu May 6 18:06:44 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:05 2006 Subject: Virus scanning questions In-Reply-To: References: Message-ID: <6.0.1.1.2.20040506180228.0413bf98@imap.ecs.soton.ac.uk> At 17:33 06/05/2004, you wrote: >Hello all, > > This bugs me for almost the entire morning. Appreciate some help. > >Problems: >--------- > I intend to notify senders of viruses. As someone else has already said, please do *not* do this. Virtually every virus around now forges the sender address, so you will be spamming people who never sent you anything. This greatly damages the reputation of MailScanner and directly causes me extra work, explaining to these poor innocent people that there are still badly-maintained installations out there sending warnings to people who never sent anything in the first place. If you need to send warnings to people who are within your own company, that's another matter. In that case, use a ruleset (well documented in the MAQ and the new Manual). > I checked the log files (posted below), the clamav does the scanning and > logged that it found viruses. However, sender never gets notified. The > recipient still receives the message (w/ virus attachment) unaltered in > anyway. That is because you failed to read the comment just above the "Incoming Work Dir" setting. To quote (from your own copy of the file) # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Your setting uses the "current" link in the middle of the path, which is not where the real directory is. > The header of the received message contradicts the log message. > The log message says that it has detected a virus, but the header says > that it's clean. > > Header of the scanned message: > X-greenapple.com-MailScanner-Information: Please contact the ISP > for more information > X-greenapple.com-MailScanner: Found to be clean > > My entire etc/ config can be found at > www.greenapple.com/~rrobin/mailscanner/etc [.dist files are the > unmodified original config files ] Another consequence of your "Incoming Work Dir" setting. >Platform >-------- >Sendmail 8.12.10 >MailScanner v. 4.30.3 >Clamav 0.70 >Fedora > > >Related MailScanner.conf >------------------------ >Virus Scanning = yes >Virus Scanners = clamav >Deliver Disinfected Files = no >Notify Senders = yes >Notify Senders Of Viruses = yes >Scanned Modify Subject = no # end >Scanned Subject Text = {Scanned} >Virus Modify Subject = yes >Virus Subject Text = {Virus?} >[ filename checking is disabled, both set to empty string ] >Filename Rules = >Filetype Rules = > > >--- Related Log-- >May 6 12:23:19 mailtest MailScanner[1895]: New Batch: Scanning 1 >messages, 1576 bytes >May 6 12:23:22 mailtest MailScanner[1895]: Virus and Content Scanning: >Starting >May 6 12:23:27 mailtest MailScanner[1909]: MailScanner E-Mail Virus >Scanner version 4.30.3 starting... >May 6 12:23:29 mailtest MailScanner[1897]: Using locktype = flock >May 6 12:23:31 mailtest MailScanner[1895]: >/usr/local/MailScanner/4.30.3/var/spool/incoming/1895/./i46GNG2o001896/eicar.com: >Eicar-Test-Signature FOUND >May 6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: ClamAV found 1 >infections >May 6 12:23:32 mailtest MailScanner[1895]: Virus Scanning: Found 1 viruses >May 6 12:23:33 mailtest MailScanner[1895]: Uninfected: Delivered 1 messages >May 6 12:23:33 mailtest sendmail[1912]: gethostbyaddr(192.168.186.200) >failed: 1 >May 6 12:23:38 mailtest MailScanner[1909]: Using locktype = flock >----------------- > > What went wrong ? > >Thanks, >Rob > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu May 6 18:05:49 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner Manual is now available In-Reply-To: Message-ID: <001901c4338c$64c35f20$2065e0c9@cositputer> One thing I haven't got around to finish is a "cookbook" type doc that would have things like: perl -MCPAN -e shell install Net::CIDR install ... Bla bla blah... service MailScanner start && tail -f /var/log/maillog Sort of like a "no brainer" mailscanner install, step-by-step. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Billy A. Pumphrey Sent: Thursday, May 06, 2004 12:03 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner Manual is now available Another suggestion if I may: Possibly another Appendix. Something that is a rundown of the whole book and recommendations for the best spam blocking and virus scanning. Such as (knowing that the information might be skipping stuff or not: Providing that you know that the more stuff you install you need a beefy machine but for the best protecting we recommend: So the "perfect" mailscanner will/might be: Install Redhat (or OS) Install MailScanner Install spamassassing Use bayes and do this and this and this for best results Use these filters from here http://xxxx.xxx.xxx.com Install virus protection Use this one, its free Use maybe this one too as It catches more virues and updates more often Install one of the monitoring tools, mailwatch, vispan. Install eiterh DCC, Razor, Pyzor. I know that is a little redundant but Its straight to the point and would help people like me -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Thursday, May 06, 2004 8:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Manual is now available Version 1.0 of the MailScanner Manual is finally ready for download. Many thanks to Ugo Bellavance and Michele Neylon for proofreading, technical corrections and some excellent ideas for additional material. Version 1.0 is very specific to RPM-based Linux distributions. This is because while I often work on other distributions, I'm more familiar with this version of MailScanner. Hopefully there are some of you out there who can contribute material to help cover the other operating systems that MailScanner supports. Please drop me a line off list if you are willing to contribute any additional material. The virus scanning section is missing a few of the latest supported virus scanner. This is inevitable since Julian keeps adding support for additional virus scanners faster than we can document them. We expect that this section and the entire Manual will be updated with every major release of MailScanner. To save trees, the manual is designed to be printed and bound double sided on US letter sized paper. I'll try and get out an A1 version as soon as I have the time. Please understand that Version 1.0 is just a beginning. We hope it will grow as fast as you can contribute. Any errors or omissions are mine alone and any corrections or additional material will be gratefully accepted. The manual, in PDF format, may be downloaded from: www.fsl.com/support Just click on the MailScanner Manual link. Steve Stephen Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/8990be83/smime.bin From mailscanner at ecs.soton.ac.uk Thu May 6 18:12:03 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner Manual is now available In-Reply-To: <001901c4338c$64c35f20$2065e0c9@cositputer> References: <001901c4338c$64c35f20$2065e0c9@cositputer> Message-ID: <6.0.1.1.2.20040506181127.043a3dc8@imap.ecs.soton.ac.uk> At 18:05 06/05/2004, you wrote: >One thing I haven't got around to finish is a "cookbook" type doc that >would have things like: > >perl -MCPAN -e shell >install Net::CIDR >install ... > >Bla bla blah... > >service MailScanner start && tail -f /var/log/maillog If you have the "service" command, then you are on RedHat and therefore don't need to install the perl modules by hand. install.sh does all that for you. >Sort of like a "no brainer" mailscanner install, step-by-step. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Billy A. Pumphrey >Sent: Thursday, May 06, 2004 12:03 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner Manual is now available > > >Another suggestion if I may: > >Possibly another Appendix. Something that is a rundown of the whole book >and recommendations for the best spam blocking and virus scanning. Such as >(knowing that the information might be skipping stuff or not: Providing >that you know that the more stuff you install you need a beefy machine but >for the best protecting we recommend: > >So the "perfect" mailscanner will/might be: >Install Redhat (or OS) >Install MailScanner >Install spamassassing > Use bayes and do this and this and this for best results > Use these filters from here http://xxxx.xxx.xxx.com Install virus >protection > Use this one, its free > Use maybe this one too as It catches more virues and updates >more often >Install one of the monitoring tools, mailwatch, vispan. >Install eiterh DCC, Razor, Pyzor. > >I know that is a little redundant but Its straight to the point and would >help people like me > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Stephen Swaney >Sent: Thursday, May 06, 2004 8:06 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner Manual is now available > >Version 1.0 of the MailScanner Manual is finally ready for download. Many >thanks to Ugo Bellavance and Michele Neylon for proofreading, technical >corrections and some excellent ideas for additional material. > >Version 1.0 is very specific to RPM-based Linux distributions. This is >because while I often work on other distributions, I'm more familiar with >this version of MailScanner. Hopefully there are some of you out there who >can contribute material to help cover the other operating systems that >MailScanner supports. Please drop me a line off list if you are willing to >contribute any additional material. > >The virus scanning section is missing a few of the latest supported virus >scanner. This is inevitable since Julian keeps adding support for >additional virus scanners faster than we can document them. We expect that >this section and the entire Manual will be updated with every major >release of MailScanner. > >To save trees, the manual is designed to be printed and bound double sided >on US letter sized paper. I'll try and get out an A1 version as soon as I >have the time. > >Please understand that Version 1.0 is just a beginning. We hope it will >grow as fast as you can contribute. > >Any errors or omissions are mine alone and any corrections or additional >material will be gratefully accepted. > >The manual, in PDF format, may be downloaded from: > > www.fsl.com/support > >Just click on the MailScanner Manual link. > >Steve > >Stephen Swaney >President >Fortress Systems Ltd. >Phone: 202 338-1670 >Steve.Swaney@FSL.com > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >Fortress Systems Ltd. >www.fsl.com > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From marcel at PLUSINE.COM Thu May 6 18:25:49 2004 From: marcel at PLUSINE.COM (Marcel Burggraeve) Date: Thu Jan 12 21:25:05 2006 Subject: Virus scanning questions In-Reply-To: Message-ID: <003b01c4338f$2c73c120$6402a8c0@freak> > Problems: > --------- > I intend to notify senders of viruses. Please turn this off since you will 'alert' a lot of innocent people. A lot of the viruses out there ( maybe even most of them ? ) are being sent with a random address from the addressbook of the victim. It's really annoying to receive a massive amount of e-mail from lots of scanners like yours claiming you have sent a virus. Best regards, Marcel Burggraeve -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at BARENDSE.TO Thu May 6 22:04:34 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:25:05 2006 Subject: TNEF problems In-Reply-To: <6.0.1.1.2.20040506134825.03a4f838@imap.ecs.soton.ac.uk> References: <6.0.1.1.2.20040506134825.03a4f838@imap.ecs.soton.ac.uk> Message-ID: No the path is: M$ Outlook -> Exchange -> MailScanner -> Internet which is the usual setup It's really weird, I did some further testing. The undecodable TNEF is created by something (html crap??) in the text. The mail keeps getting rejected. I i copy the text to notepad, then paste it back to a fresh e-mail and then send it the maill wil go through without problems. Either the text is still not clean even through I selected plain text, or the incoming message had TNEF in it and Exchange is deciding to keep it. (The Incoming MS server is different from the outgoing). Still I would think that silently dropping the TNEF bit would be an option :) On Thu, 6 May 2004, Julian Field wrote: > At 09:52 06/05/2004, you wrote: > >I have a problem with Outlook. Even though I set the message to plain text > >by hand and send the message some(!) message still carry an undecodable > >TNEF attachment with it. > > Are you routing it out through an Exchange server? If so, it will be the > Exchange server settings that are converting it to TNEF. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscriptions at ETEAM.COM.AU Fri May 7 08:41:26 2004 From: subscriptions at ETEAM.COM.AU (Wayne Fox) Date: Thu Jan 12 21:25:05 2006 Subject: Is there a command that can be run to reveal MailScanner Version? In-Reply-To: References: Message-ID: <6.0.3.0.2.20040507172409.03282820@mail.eteam.com.au> Is there a command that can be run to reveal MailScanner Version? Although I can do.. # service MailScanner restart # tail -100 /var/log/maillog | grep "starting.." May 7 16:09:28 jupiter MailScanner[20683]: MailScanner E-Mail Virus Scanner version 4.29.7 starting... to reveal I am running 4.29.7, is there a more direct method I can script / capture? I wish to update my VISPAN report with version information via script commands. See http://gwmaster.eteam.com.au/vispan SpamAssassin is easy.. # spamassassin -V SpamAssassin version 2.63 I would like the Virus Scanners autoupdate wrappers to log their version so I can pick it up when I grab the Last Updated Date and Time. For Example, here are some commands I can run against the Virus Scanners I have.. ################################################### # sweep -v | grep "Product version" Product version : 3.81 # sweep -v | grep "version" Product version : 3.81 Engine version : 2.19 User interface version : 2.07.060 ################################################### # f-prot -verno F-PROT ANTIVIRUS Program version: 4.4.1 Engine version: 3.14.11 VIRUS SIGNATURE FILES SIGN.DEF created 6 May 2004 SIGN2.DEF created 6 May 2004 MACRO.DEF created 3 May 2004 ################################################### # clamscan -V clamscan / ClamAV version 0.70 ################################################### # bdc --info BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Engine signatures: 76647 Scan engines: 12 Archive engines: 34 Unpack engines: 3 Mail engines: 6 System engines: 0 ################################################### -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Fri May 7 08:45:04 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner vs. Amavisd References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> <008301c43382$3ea98a80$85421851@hq> <409ABD63.8000304@eatathome.com.au> <007801c433ff$d98add10$85421851@hq> Message-ID: <002301c43407$3631df30$85421851@hq> > > Since you seem to be one of the biggest users oif both systems, any > > chance you could provide a side by side comparison chart of the features > > of both systems? Here's a short comparison from the amavis list: Mailscanner does not support daemonized virus scanners, however, while amavisd-new does. This is apparently a conscious decision on the part of Mailscanner's author, who does not believe that daemonized virus scanners are more efficient than command-line scanners in this context. Instead, Mailscanner tries to optimize the use of command-line scanners by scanning mail in "batches", rather than one at a time. The author's explanation can be found in the FAQ at http://www.sng.ecs.soton.ac.uk/mailscanner/faq.shtml#22 I've read posts in this and other forums that suggest that Mailscanner may not behave well with Postfix, though I can't recall the specifics of those claims. I do know that Mark Martinec has been extremely diligent about ensuring that amavisd-new remains RFC-compliant, and that it behaves properly with many MTAs. Mailscanner's author is a Sendmail user, while amavisd-new's author is a Postfix user, which may suggest where their respective strengths lie. That said, I'm a Sendmail user, and I've had no problems with amavisd-new, which is probably why I'm still here :) Mailscanner interfaces with postfix by grabbing files directly out of the postfix queue structure. The postfix author states this is unsafe and may result in random loss of mail (truncated messages) with no warning and no indication in any log of a problem. There have in fact been a few reports on the postfix-users list of this happening. The Mailscanner author insists his method is safe, as do many users of mailscanner+postfix (I'm not one of them). Apparently Mailscanner *is* safe when used with Sendmail or Exim. I would not imagine anyone knows what is safe with postfix better than the author of postfix. I can't confirm that all is true. And I've never seen any problems with MS and Postfix. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Fri May 7 09:00:54 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:05 2006 Subject: Is there a command that can be run to reveal MailScanner Version? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D1C@pascal.priv.bmrb.co.uk> Wayne Fox wrote: > Is there a command that can be run to reveal MailScanner Version? > > Although I can do.. > # service MailScanner restart > # tail -100 /var/log/maillog | grep "starting.." > May 7 16:09:28 jupiter MailScanner[20683]: MailScanner E-Mail Virus > Scanner version 4.29.7 starting... > > to reveal I am running 4.29.7, is there a more direct method I can > script / capture? Try grep -m 1 "^\$MailScanner::Config::MailScannerVersion" /usr/sbin/MailScanner | sed -e "s/.*'\(.*\)'.*/\1/" BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Thu May 6 18:28:54 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:05 2006 Subject: Virus scanning questions In-Reply-To: <003b01c4338f$2c73c120$6402a8c0@freak> Message-ID: <002f01c4338f$9fdc95b0$2065e0c9@cositputer> Besides... Most of us running well-behaved MailScanner installations *know* we're not sending viruses, so we'll usually eat your notification message through rules or, if the volume is high enough, adding your postmaster@, domain name or IP block to our access control rejection lists. ;) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Marcel Burggraeve Sent: Thursday, May 06, 2004 12:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus scanning questions > Problems: > --------- > I intend to notify senders of viruses. Please turn this off since you will 'alert' a lot of innocent people. A lot of the viruses out there ( maybe even most of them ? ) are being sent with a random address from the addressbook of the victim. It's really annoying to receive a massive amount of e-mail from lots of scanners like yours claiming you have sent a virus. Best regards, Marcel Burggraeve -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/49e6edf0/smime.bin From alex at nkpanama.com Thu May 6 19:04:33 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:05 2006 Subject: Way OT: Virus scanning HTTP In-Reply-To: <003b01c4338f$2c73c120$6402a8c0@freak> Message-ID: <004001c43394$99280650$2065e0c9@cositputer> I'm looking for a good open source solution to scan user's HTTP traffic. I've managed to eliminate almost 100% of incoming viruses using MailScanner+ClamAV+BitDefender/F-Prot/Sophos/Antivir, but would like to also be able to manage incoming viruses/trojans/worms hidden in web pages or downloaded through hotmail/yahoo/etc. accounts. I use Squid most everywhere, without redirectors like squirm or squidGuard. I've looked at "viralator", squid-vscan, and a few others, but none as "easy" to install as, for example, Trend Micro's VirusWall for HTTP. The thing is, I would prefer something Open Source, mostly because local support for Trend Micro products doesn't satisfy my particular needs; that and the fact that with Open Source you get a whole community of peers for support, not just 1 or 2 people earning close to minimum wage who happened to read the manuals once and can follow a script on screen when you call and who couldn't find an answer using Google if their life depended on it (not that I mean that *all* AV support personnel work in such conditions, but *none of them* should, even if *some* do). Reply off-list unless it has to do something with MailScanner - which I doubt. Thanks for your time. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/0e36d33f/smime.bin From ugob at CAMO-ROUTE.COM Thu May 6 19:08:31 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:05 2006 Subject: Quarantined attachments In-Reply-To: <409A5EDE.8020808@mattkrause.net> References: <4092DB31.8060707@ucgbook.com> <409A5EDE.8020808@mattkrause.net> Message-ID: Matt Krause wrote: > So does anyone know how to do this for Postfix? Hmm, I would first make a ruleset to prevent spam/virus scan from 127.0.0.1 and to release the file, you go into the quarantine, find the message, then issue the command postdrop < messagefile I can't test since I don't have a postfix machine around, so I can't tell what are the settings needed in MailScanner.conf to achieve this. > > Thanks. > > Matt Krause > > Peter Bonivart wrote: > >> InvictaWiz Customer Support wrote: >> >>> How do others deliver dodgi attachments out of quarantine? >> >> >> >> There's a couple of ways to get them through if you want them to go >> through MS again but why don't you just drop them in the outgoing queue >> instead? >> >> I don't know what MTA you have but I have Sendmail and I quarantine >> messages as queue files. Then I can just drop it in the outgoing queue >> and it will be delivered. >> >> -- >> /Peter Bonivart >> >> --Unix lovers do it in the Sun >> >> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, >> SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 19:34:17 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails Message-ID: <5.2.1.1.0.20040506113056.02a5b2d8@corpmail.courtesymortgage.com> Hello everyone. Is it possible to setup a rule that will store/quarantine email that is destined for a certain domain? We want to store and view :) some emails that are leaving our network and see what they contain. I tried setting the following rule in spam.rules: FromOrTo: @domain.com store But that didn't seem to work. Is there another way to do that? Thanks. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james at PCXPERIENCE.COM Thu May 6 19:55:32 2004 From: james at PCXPERIENCE.COM (James A. Pattie) Date: Thu Jan 12 21:25:05 2006 Subject: Way OT: Virus scanning HTTP In-Reply-To: <004001c43394$99280650$2065e0c9@cositputer> References: <004001c43394$99280650$2065e0c9@cositputer> Message-ID: <409A8A24.5070107@pcxperience.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | I'm looking for a good open source solution to scan user's HTTP traffic. | I've managed to eliminate almost 100% of incoming viruses using | MailScanner+ClamAV+BitDefender/F-Prot/Sophos/Antivir, but would like to | also be able to manage incoming viruses/trojans/worms hidden in web pages | or downloaded through hotmail/yahoo/etc. accounts. | | I use Squid most everywhere, without redirectors like squirm or | squidGuard. I've looked at "viralator", squid-vscan, and a few others, but | none as "easy" to install as, for example, Trend Micro's VirusWall for | HTTP. | | The thing is, I would prefer something Open Source, mostly because local | support for Trend Micro products doesn't satisfy my particular needs; that | and the fact that with Open Source you get a whole community of peers for | support, not just 1 or 2 people earning close to minimum wage who happened | to read the manuals once and can follow a script on screen when you call | and who couldn't find an answer using Google if their life depended on it | (not that I mean that *all* AV support personnel work in such conditions, | but *none of them* should, even if *some* do). | | Reply off-list unless it has to do something with MailScanner - which I | doubt. Thanks for your time. checkout the AVPlugin to DansGuardian that was based off of MailScanner. http://www.pcxperience.org/dgvirus/ - -- James A. Pattie james@pcxperience.com Linux -- SysAdmin / Programmer Xperience, Inc. http://www.pcxperience.com/ http://www.xperienceinc.com/ http://www.pcxperience.org/ GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAmoojtUXjwPIRLVERAsZVAKDmg+XFzb1cHlkLdAcCfCc1qj5RlACfajJT caGwnomZz8RarxWskg0NbRU= =PZ6K -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mkbowman at neo.rr.com Thu May 6 20:10:18 2004 From: mkbowman at neo.rr.com (Matthew K Bowman) Date: Thu Jan 12 21:25:05 2006 Subject: Memory Leak problem with Redhat 9/MS ? Message-ID: <000401c4339d$cedb0a00$2567a8c0@mkbowman> Hello, First of here is our setup: 3 MailScanner Servers with no local mailboxes. All scan for spam and virii and pass on mail via /etc/mail/mailertable. All use sendmail, f-prot and clamav, spamassassin 2.63, pyzor, razor and dcc. Each of the 3 servers are behind a F5 so that they are load balanced. For the last month or so, both of our RH9 boxes running MailScanner have been experiencing memory leaks and high cpu loads.. The temporary fix is to reboot the server. Both boxes have the latest patches and kernels. The MS on a RH 7.3 server is running fine. This could not be a MailScanner problem but I'm hoping that someone on this group can assist on/off list on how to get this fixed. Below is each server specification (all are running MS 4.28-5) 1) Dell Precision 420 CPU: Dual 1Ghz P3 Processors Ram: 1 GB Ram Hard Drive: 36GB SCSI Hard Drive OS:Red Hat 9 Average # Emails/Day: Extract from top: 2) Dell Precision Workstation 530 CPU: Dual 1.7Ghz Xeon Processors Ram: 1 GB Ram Hard Drive: 70GB SCHI Hard Drive OS: Red Hat 9 Average # Emails/Day: Extract from top: -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at NKPANAMA.COM Thu May 6 20:11:21 2004 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails In-Reply-To: <5.2.1.1.0.20040506113056.02a5b2d8@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040506113056.02a5b2d8@corpmail.courtesymortgage.com> Message-ID: <1682.200.75.228.164.1083870681.squirrel@200.75.228.164> I think you're looking for the "Archive Mail" option. You set up a ruleset like you specified, something like: FromOrTo: *@domain.com /home/youraccount/mail/suspicious or FromOrTo: *@domain.com /home/youraccount/suspicious then FromOrTo: default no Depending whether your IMAP server stores its mailbox files under /home/youraccount (uw-imap) or /home/youraccount/mail (dovecot). That way you can use any IMAP client to browse through the archive. I've never tested sending it to /var/spool/mail/youraccount, but in theory that would mean you'd be able to read it using any e-mail account on the system. Another way that just popped into my head would be to send it to a file, and then formail -s sendmail youraccount@yourdomain.com that file on a regular basis, then delete it. So if you think about it, there are quite a few ways you could accomplish what you need. > Hello everyone. > > Is it possible to setup a rule that will store/quarantine email that is > destined for a certain domain? > We want to store and view :) some emails that are leaving our network and > see what they contain. > > I tried setting the following rule in spam.rules: > > FromOrTo: @domain.com store > > But that didn't seem to work. > > Is there another way to do that? > > Thanks. > > Jason > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 20:21:05 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails In-Reply-To: <1682.200.75.228.164.1083870681.squirrel@200.75.228.164> References: <5.2.1.1.0.20040506113056.02a5b2d8@corpmail.courtesymortgage.com> <5.2.1.1.0.20040506113056.02a5b2d8@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040506121901.02a32228@corpmail.courtesymortgage.com> >I think you're looking for the "Archive Mail" option. You set up a ruleset >like you specified, something like: > >FromOrTo: *@domain.com /home/youraccount/mail/suspicious >or >FromOrTo: *@domain.com /home/youraccount/suspicious >then >FromOrTo: default no > >Depending whether your IMAP server stores its mailbox files under >/home/youraccount (uw-imap) or /home/youraccount/mail (dovecot). That way >you can use any IMAP client to browse through the archive. > >I've never tested sending it to /var/spool/mail/youraccount, but in theory >that would mean you'd be able to read it using any e-mail account on the >system. > >Another way that just popped into my head would be to send it to a file, >and then formail -s sendmail youraccount@yourdomain.com that file on a >regular basis, then delete it. > >So if you think about it, there are quite a few ways you could accomplish >what you need. Hmm. Since we are not running IMAP, but pop right now, that shake things up at all? Secondly, im using MailWatch and was trying to see if I could tie that in so I could view it through the web interface. Lastly, the other thing I need to figure out is, once we store the mail, take a look at it and decide it's ok to be sent, how do I "release" it without any extra headers or stuff being added to the mail so it appears that it came from the original user, and the mail was not tampered with... Have some work cut out for me it seems. Thanks, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 20:29:38 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails In-Reply-To: <5.2.1.1.0.20040506121901.02a32228@corpmail.courtesymortgag e.com> References: <1682.200.75.228.164.1083870681.squirrel@200.75.228.164> <5.2.1.1.0.20040506113056.02a5b2d8@corpmail.courtesymortgage.com> <5.2.1.1.0.20040506113056.02a5b2d8@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040506122358.00a9fd08@corpmail.courtesymortgage.com> >Hmm. Since we are not running IMAP, but pop right now, that shake things up >at all? >Secondly, im using MailWatch and was trying to see if I could tie that in >so I could view it through the web interface. > >Lastly, the other thing I need to figure out is, once we store the mail, >take a look at it and decide it's ok to be sent, how do I "release" it >without any extra headers or stuff being added to the mail so it appears >that it came from the original user, and the mail was not tampered with... > >Have some work cut out for me it seems. Wouldn't you know it, just after I sent it out, the President walks in. :) This is what he wants. He wants to put on the filter and wants a copy of the email sent out, he wants a copy sent to his email address: Looking at a some things, I setup the following: Archive Mail = /usr/local/etc/MailScanner/rules/archive.rules archive.rules (this is where I am slightly confused): FromOrTo: *@mydomain.com Also, looks like I may need to setup another custom rule, to have the email stored, and a copy mailed the the President. That even possible? I appreciate the feedback. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From tc at SHENANDOAH.K12.IN.US Thu May 6 20:33:44 2004 From: tc at SHENANDOAH.K12.IN.US (technical coordinator) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails Message-ID: <2D42D2DC1BFD744C8047D6BB197FB4CD374528@exchange.shenandoah.k12.in.us> FromOrTo: *@mydomain.com user1@mydomain.com FromOrTo: *@mydomain.com This Should get all email and forward a copy yo user1. Dale -----Original Message----- From: Jason Williams [mailto:jwilliams@COURTESYMORTGAGE.COM] Sent: Thu 5/6/2004 2:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Storing/Quaranting certain outbound emails >Hmm. Since we are not running IMAP, but pop right now, that shake things up >at all? >Secondly, im using MailWatch and was trying to see if I could tie that in >so I could view it through the web interface. > >Lastly, the other thing I need to figure out is, once we store the mail, >take a look at it and decide it's ok to be sent, how do I "release" it >without any extra headers or stuff being added to the mail so it appears >that it came from the original user, and the mail was not tampered with... > >Have some work cut out for me it seems. Wouldn't you know it, just after I sent it out, the President walks in. :) This is what he wants. He wants to put on the filter and wants a copy of the email sent out, he wants a copy sent to his email address: Looking at a some things, I setup the following: Archive Mail = /usr/local/etc/MailScanner/rules/archive.rules archive.rules (this is where I am slightly confused): FromOrTo: *@mydomain.com Also, looks like I may need to setup another custom rule, to have the email stored, and a copy mailed the the President. That even possible? I appreciate the feedback. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rodrigo at PUNTOPY.COM Thu May 6 19:22:54 2004 From: rodrigo at PUNTOPY.COM (Rodrigo Keen) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner configuration problem?? Message-ID: <200405061921.i46JLLkK012427@ mail.puntopy.com> When I run MailScanner, mails start coming into mqueue.in/ directory but they stay there forever... /var/spool/MailScanner/incoming/ is always empty. And of course mails are not deliveries to respective users. Im using: Red Hat 9 Sendmail 8.12.8 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/f867b078/attachment.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 20:37:50 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails In-Reply-To: <2D42D2DC1BFD744C8047D6BB197FB4CD374528@exchange.shenandoah .k12.in.us> Message-ID: <5.2.1.1.0.20040506123524.00aa6520@corpmail.courtesymortgage.com> Hi Dale, Thanks for your help. At 02:33 PM 5/6/2004 -0500, you wrote: >FromOrTo: *@mydomain.com user1@mydomain.com >FromOrTo: *@mydomain.com > >This Should get all email and forward a copy yo user1. > >Dale This would go in my archive.rule, which is specified in my MailScanner.conf. Just to clarify, this little archive rule would just send a copy of the email to user1? For kicks, if this is my rule: FromOrTo: *@mailscanner.com user1@mycompany.com Would specify that all outgoing/incoming mail from *@mailscanner.com, a copy would be sent to user1@mycompany.com What is the last line for? Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From tc at SHENANDOAH.K12.IN.US Thu May 6 20:44:33 2004 From: tc at SHENANDOAH.K12.IN.US (technical coordinator) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails Message-ID: <2D42D2DC1BFD744C8047D6BB197FB4CD374529@exchange.shenandoah.k12.in.us> Can't truly explain last line. But It will not work without it. If you do it this way it will work. I have it set up that way and I capture all email from a spammer on my site. With FromOrTo: You will also capture all outgoing mail. Do you want to do that? -----Original Message----- From: Jason Williams [mailto:jwilliams@COURTESYMORTGAGE.COM] Sent: Thu 5/6/2004 2:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Storing/Quaranting certain outbound emails Hi Dale, Thanks for your help. At 02:33 PM 5/6/2004 -0500, you wrote: >FromOrTo: *@mydomain.com user1@mydomain.com >FromOrTo: *@mydomain.com > >This Should get all email and forward a copy yo user1. > >Dale This would go in my archive.rule, which is specified in my MailScanner.conf. Just to clarify, this little archive rule would just send a copy of the email to user1? For kicks, if this is my rule: FromOrTo: *@mailscanner.com user1@mycompany.com Would specify that all outgoing/incoming mail from *@mailscanner.com, a copy would be sent to user1@mycompany.com What is the last line for? Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Thu May 6 21:27:54 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:25:05 2006 Subject: MS/SA occasionally not calling Bayes? Message-ID: <91A5926EFF44D3118B1200104B7276EB02C57024@hart-exchange.hartwellcorp.com> David Lee wrote: > Most spams include, as expected, a "BAYES_nn=ii" in the score, and > often of course these are "BAYES_99". Fine so far. Sometimes the > values are lower, including BAYES_50=0.0 and BAYES_44=-0.0 values. > This latter point demonstrates that at least Bayes has been has been > invoked. Again, fine. But occasionally a spam will fail to include > any such score, as if it has somehow bypassed SA/Bayes (or been > ignored by it, or similar). I too see this on occasion when I look at the headers to see why a spam email slipped through all the filters. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From zabriskw at ITECH.NET Thu May 6 21:47:43 2004 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:25:05 2006 Subject: Virus request Message-ID: <000801c433ab$6186b9a0$0c02a8c0@itech.dom> Can someone please send me 1 virus, if anyone has some laying around? I would like to test my virus scanner, but dont have any. Please send them directly to zabriskw@itech.net with the subject REQUESTED please. Thanks!! Kris Zabriskie I-Tech Inc. Network Admin / Consultant http://www.itech.net -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/dcc9ce48/attachment.html From kodak at FRONTIERHOMEMORTGAGE.COM Thu May 6 21:46:51 2004 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:25:05 2006 Subject: Virus request In-Reply-To: <000801c433ab$6186b9a0$0c02a8c0@itech.dom> Message-ID: <00ca01c433ab$42014460$0501a8c0@darkside> >Can someone please send me 1 virus, if anyone has some laying around? I would like to test my >virus scanner, but dont have any. Please send them directly to zabriskw@itech.net with the >subject REQUESTED please. For the record, check out: http://www.eicar.org/anti_virus_test_file.htm and http://www.gfi.com/emailsecuritytest/ And possibly others... HTH, --J(K) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mlm at LOANPROCESSING.NET Thu May 6 21:47:41 2004 From: mlm at LOANPROCESSING.NET (Mike McMullen) Date: Thu Jan 12 21:25:05 2006 Subject: Virus request References: <000801c433ab$6186b9a0$0c02a8c0@itech.dom> Message-ID: <014401c433ab$60361dc0$3e01a8c0@express.loanprocessing.net> ----- Original Message ----- From: Kris Zabriskie To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thursday, May 06, 2004 1:47 PM Subject: Virus request > Can someone please send me 1 virus, if anyone has some laying around? I would like to test my virus scanner, > but dont have any. Please send them directly to zabriskw@itech.net with the subject REQUESTED please. Hi Kris, Try www.testvirus.org. >From there you can send some test virusues with the eicar signature to yourself. Much better than sending the real thing! Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From zabriskw at ITECH.NET Thu May 6 21:58:41 2004 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:25:05 2006 Subject: Virus request References: <000801c433ab$6186b9a0$0c02a8c0@itech.dom> <014401c433ab$60361dc0$3e01a8c0@express.loanprocessing.net> Message-ID: <002201c433ac$e9a08860$0c02a8c0@itech.dom> Thanks guys... I was not aware of either of those sites. I appreciate it! ----- Original Message ----- From: "Mike McMullen" To: Sent: Thursday, May 06, 2004 4:47 PM Subject: Re: Virus request > ----- Original Message ----- > From: Kris Zabriskie > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Thursday, May 06, 2004 1:47 PM > Subject: Virus request > > > > Can someone please send me 1 virus, if anyone has some laying around? I would like to test my > virus scanner, > > but dont have any. Please send them directly to zabriskw@itech.net with the subject REQUESTED > please. > > > Hi Kris, > > Try www.testvirus.org. > > >From there you can send some test virusues with the eicar signature to yourself. > > Much better than sending the real thing! > > Mike > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Thu May 6 22:31:15 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:05 2006 Subject: Failed finding testvirus.org Message-ID: <5.2.1.1.0.20040506142523.00a97828@corpmail.courtesymortgage.com> Hello everyone. Well, I was testing out the mail server today when I saw the thread about sending test viruses through their mail server. I decided to head on over to www.testvirus.org and put my server to the test. Everything was working well, until it tried to do Virus #19, Eicar virus within zip file hidden using the "Blank Folding Vulnerability" That went through without being detected by my setup. As I continued to test, the following also got through: Test #20: Eicar virus within zip file hidden using the "MIME Boundary Space Gap Vulnerability" Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability" Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability" Setup: MailScanner 4.29-7 ClamAV 0.70 Anyone else have problems with these particular test viruses? Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rrobin at GREENAPPLE.COM Thu May 6 22:32:29 2004 From: rrobin at GREENAPPLE.COM (Robin, Rob) Date: Thu Jan 12 21:25:05 2006 Subject: Virus scanning questions Message-ID: > Problems: > --------- > I intend to notify senders of viruses. >>Please turn this off since you will 'alert' a lot of innocent people. A lot of the viruses out there ( maybe >>>>even most of them ? ) are being sent with a random address from the addressbook of the victim. It's really >>annoying to receive a massive amount of e-mail from lots of scanners like yours claiming you have sent a virus. Thanks for the input. Sorry that I missed the obvious Note on the symlink. I was busy looking at other things that could go wrong that I missed this obvious one... Foolish me.. Thanks Julian.. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From georgelist at CONPOINT.COM Thu May 6 22:58:00 2004 From: georgelist at CONPOINT.COM (George Edwards) Date: Thu Jan 12 21:25:05 2006 Subject: Help on ruleset for Required SpamAssassin Score Message-ID: <000c01c433b5$3298fa40$6401a8c0@toshibaGEORGE> I am trying to configure MS to apply different SA scores for different users. I created a ruleset that I thought would work but I get syntax errors when I attempt to run it. I am sure it is something simple. But I do not know what it is. Thanks for any help you can folks can give me on this. I created--- /etc/MailScanner/rules/spamscore.rules To: *@usersdomain1.com Required SpamAssassin Score = 5 To: *@usersdomain2.com Required SpamAssassin Score = 5 FromOrTo: default Required SpamAssassin Score = 4 I changed MailScanner.conf SA score rule to--- Required SpamAssassin Score = %rules-dir%/spamscore.rules I reload and I get this May 6 16:27:22 nabu MailScanner[18784]: Syntax error in line 1 of ruleset file /etc/MailScanner/rules/spamscore.rules May 6 16:27:22 nabu MailScanner[18784]: Syntax error in line 2 of ruleset file /etc/MailScanner/rules/spamscore.rules May 6 16:27:22 nabu MailScanner[18784]: Syntax error in line 3 of ruleset file /etc/MailScanner/rules/spamscore.rules May 6 16:27:22 nabu MailScanner[18784]: Aborting due to syntax errors in /etc/MailScanner/rules/spamscore.rules. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/a13bac33/attachment.html From rzewnickie at RFA.ORG Thu May 6 23:05:00 2004 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:25:05 2006 Subject: Help on ruleset for Required SpamAssassin Score In-Reply-To: <000c01c433b5$3298fa40$6401a8c0@toshibaGEORGE> References: <000c01c433b5$3298fa40$6401a8c0@toshibaGEORGE> Message-ID: <20040506220500.GL30611@rfa.org> On Thu, May 06, 2004 at 04:58:00PM -0500, George Edwards wrote: > I am trying to configure MS to apply different SA scores for different users. I created a ruleset that I thought would work but I get syntax errors when I attempt to run it. I am sure it is something simple. But I do not know what it is. Thanks for any help you can folks can give me on this. > /etc/MailScanner/rules/spamscore.rules > > To: *@usersdomain1.com Required SpamAssassin Score = 5 > > To: *@usersdomain2.com Required SpamAssassin Score = 5 > > FromOrTo: default Required SpamAssassin Score = 4 To: *@usersdomain1.com 5 To: *@usersdomain2.com 5 FromOrTo: default 4 No need to restate the name of the option. -Eric Rz. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Thu May 6 23:12:42 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:05 2006 Subject: web front end for users to edit rules. Message-ID: Hi I have seen mailwatch, but it does not have any functionality to edit the custom rules that MailScanner is capable of performing. Has someone got a web front end solution for allowing users to control their own parameters. Also It would be nice to be able to have these parameters in a database so multiple servers could read the same info, and maybe have a set of defaults if the backend sql server is unreachable. Let me know if this is being worked on by anyone. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From billvera at HOTMAIL.COM Thu May 6 22:50:25 2004 From: billvera at HOTMAIL.COM (Bill Vera) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner install help Message-ID: Hello Having trouble installing MailScanner 4.30.3-2 on a RedHat 8.0 when running the ./install.sh I get an all Good on everything but a missing RPM package: binutils glibc-devel gcc make I guess this is some kind of development package, I've tar -xzvvf, and rpm - Uvh all the packages in the MailScanner file, not to mention, perl Makefile.PL, make, make test, make install. I do have all 5 of the /usr/src/redhat/... dir created. stuck now... I am a novice to Linux, and any help would be appreciated. thanks! -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Thu May 6 23:17:35 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner install help Message-ID: <91A5926EFF44D3118B1200104B7276EB02C5702A@hart-exchange.hartwellcorp.com> Bill Vera wrote: > Hello Hi Bill ;-D > Having trouble installing MailScanner 4.30.3-2 on a RedHat 8.0 > when running the ./install.sh I get an all Good on everything but a > missing RPM package: > > binutils glibc-devel gcc make Actually, those are four different packages. If you have up2date configured you could easily add them by doing: up2date binutils glibc-devel gcc make > I guess this is some kind of development package, I've tar -xzvvf, > and rpm - Uvh all the packages in the MailScanner file, not to > mention, perl Makefile.PL, make, make test, make install. I do have > all 5 of > the /usr/src/redhat/... dir created. stuck now... > > I am a novice to Linux, and any help would be appreciated. Wow, this should be a challenge then. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rzewnickie at RFA.ORG Thu May 6 23:23:41 2004 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner install help In-Reply-To: References: Message-ID: <20040506222341.GM30611@rfa.org> On Thu, May 06, 2004 at 10:50:25PM +0100, Bill Vera wrote: > Having trouble installing MailScanner 4.30.3-2 on a RedHat 8.0 > when running the ./install.sh I get an all Good on everything but a missing > RPM package: > > binutils glibc-devel gcc make Those are most likely four separate packages. They should be available from your distribution, MailScanner doesn't supply these for you. -ERic Rz. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu May 6 23:31:00 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner install help In-Reply-To: <91A5926EFF44D3118B1200104B7276EB02C5702A@hart-exchange.hartwellcorp.com> Message-ID: <20040506223100.4B48D21C31D@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael St. Laurent > Sent: Thursday, May 06, 2004 6:18 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner install help > > Bill Vera wrote: > > Hello > > Hi Bill ;-D > > > Having trouble installing MailScanner 4.30.3-2 on a RedHat 8.0 > > when running the ./install.sh I get an all Good on everything but a > > missing RPM package: > > > > binutils glibc-devel gcc make > > Actually, those are four different packages. If you have up2date > configured > you could easily add them by doing: > > up2date binutils glibc-devel gcc make > unfortunately RH 8.0 is "end of life" and I'm not sure that it still works. Installing the yum updater (free) or buying support from Progeny (not terribly expensive) may be the best bets for older releases. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > > I guess this is some kind of development package, I've tar -xzvvf, > > and rpm - Uvh all the packages in the MailScanner file, not to > > mention, perl Makefile.PL, make, make test, make install. I do have > > all 5 of > > the /usr/src/redhat/... dir created. stuck now... > > > > I am a novice to Linux, and any help would be appreciated. > > Wow, this should be a challenge then. > > -- > Michael St. Laurent > Hartwell Corporation -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Thu May 6 23:33:35 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:05 2006 Subject: web front end for users to edit rules. In-Reply-To: Message-ID: <20040506223336.99CCC21C31F@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Robin M. > Sent: Thursday, May 06, 2004 6:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: web front end for users to edit rules. > > Hi I have seen mailwatch, but it does not have any functionality to edit > the custom rules that MailScanner is capable of performing. Has someone > got a web front end solution for allowing users to control their own > parameters. Also It would be nice to be able to have these parameters in a > database so multiple servers could read the same info, and maybe have a > set of defaults if the backend sql server is unreachable. > > Let me know if this is being worked on by anyone. I think this is in the MAAQ :( and I KNOW it's in the new MailScanner manual: www.fsl.com/support phplistadmin is a php web GUI used to edit/create SQL and bydomain/byemail white and blacklists for MailScanner. For SQL black/white lists you must use the CustomConfig functions available from: http://filelister.linuxkernel.at/?current=/tarballs/Mailscanner phplistadmin for MailScanner and instructions for installing are available from: http://sourceforge.net/projects/phplistadmin/ Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Thu May 6 23:34:11 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <008301c43382$3ea98a80$85421851@hq> References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> <008301c43382$3ea98a80$85421851@hq> Message-ID: <409ABD63.8000304@eatathome.com.au> Muenz, Michael wrote: >>>Back to topic: >>>The benefit of MS is the extremly cool ruleset. >>>The benefit of amavisd-new is the *_lovers_* stuff. >>> >>> >>ok, but what's the difference between MS's rulesets and the lovers stuff? >> >> > >topic on the list was: >"virus scanning with virus delivery" 20.4.04 >that would be possible with amavisd-new and there's no >solution with MS (on the list). >The main reason I'm using MS is, that some customers want >to be informed about Silent Viruses and mostly not. >Amavis cannot handle that for different domains. > > > >>That's sure, but are you banning filetypes/filenames, do you scan within >>zips for them in MailScanner? >> >> > >no banning, scan within zips > > > >>Does Amavis support the HTML sanitizing options MailScanner offers? >> >> > >I don't think so. Thats another benefit for MS, but I don't use it anyway. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > Since you seem to be one of the biggest users oif both systems, any chance you could provide a side by side comparison chart of the features of both systems? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mikes at HARTWELLCORP.COM Thu May 6 23:44:15 2004 From: mikes at HARTWELLCORP.COM (Michael St. Laurent) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner install help Message-ID: <91A5926EFF44D3118B1200104B7276EB02C5702C@hart-exchange.hartwellcorp.com> Stephen Swaney wrote: > unfortunately RH 8.0 is "end of life" and I'm not sure that it still > works. Installing the yum updater (free) or buying support from > Progeny (not terribly expensive) may be the best bets for older > releases. End-of-life means that the channel is no longer being maintained. However, the channel still exists and contains all the packages that were available when the product went EOL. -- Michael St. Laurent Hartwell Corporation -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin_Miller at CI.JUNEAU.AK.US Thu May 6 23:59:40 2004 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:25:05 2006 Subject: Somewhat OT: Julian's in the press again. Message-ID: <08146035CA49D6119A36009027AC822A0549E630@CITY-EXCH-NTS> For your viewing enjoyment: http://searchenterpriselinux.techtarget.com/tip/1,289483,sid39_gci962668,00. html Didn't see this link posted already - slightly off topic as it isn't directly MS related, but I thought others might enjoy seeing it none the less... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Administrator, Mail Administrator 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Fri May 7 01:53:16 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner install help In-Reply-To: <20040506223100.4B48D21C31D@mail.fsl.com> References: <91A5926EFF44D3118B1200104B7276EB02C5702A@hart-exchange.hartwellcorp.com> <20040506223100.4B48D21C31D@mail.fsl.com> Message-ID: Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Michael St. Laurent >>Sent: Thursday, May 06, 2004 6:18 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner install help >> >>Bill Vera wrote: >> >>>Hello >> >>Hi Bill ;-D >> >> >>>Having trouble installing MailScanner 4.30.3-2 on a RedHat 8.0 >>>when running the ./install.sh I get an all Good on everything but a >>>missing RPM package: >>> >>>binutils glibc-devel gcc make >> >>Actually, those are four different packages. If you have up2date >>configured >>you could easily add them by doing: >> >>up2date binutils glibc-devel gcc make >> > > > unfortunately RH 8.0 is "end of life" and I'm not sure that it still works. > Installing the yum updater (free) or buying support from Progeny (not > terribly expensive) may be the best bets for older releases. Hmmm, you can also go with www.fedoralegacy.org. They're free and support RH8 (for 1.5 years, according to their policy). > > Steve > Stephen Swaney > President > Fortress Systems Ltd. > Steve.Swaney@FSL.com > > >>>I guess this is some kind of development package, I've tar -xzvvf, >>>and rpm - Uvh all the packages in the MailScanner file, not to >>>mention, perl Makefile.PL, make, make test, make install. I do have >>>all 5 of >>>the /usr/src/redhat/... dir created. stuck now... >>> >>>I am a novice to Linux, and any help would be appreciated. >> >>Wow, this should be a challenge then. >> >>-- >>Michael St. Laurent >>Hartwell Corporation > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Fri May 7 02:39:04 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner Manual is now available In-Reply-To: <6.0.1.1.2.20040506181127.043a3dc8@imap.ecs.soton.ac.uk> References: <001901c4338c$64c35f20$2065e0c9@cositputer> <6.0.1.1.2.20040506181127.043a3dc8@imap.ecs.soton.ac.uk> Message-ID: <409AE8B8.2080307@eatathome.com.au> Can i suggest you either place a word of caution or an example config for the fastab tips on making a tmpfs - because if the user would stupid enough (like i was recently) to place the entry for the tmpfs above the entry for mounting /var the machine wil not boot and editing fstab when you can boot is a nightmare. admittedly i did this in freebsd and it might be different for red hat ? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Fri May 7 02:53:30 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:05 2006 Subject: Storing/Quaranting certain outbound emails In-Reply-To: <2D42D2DC1BFD744C8047D6BB197FB4CD374529@exchange.shenandoah.k12.in.us> Message-ID: <002101c433d6$1a9b4da0$2065e0c9@cositputer> That could mean "FromOrTo: all the rest of the domain, do nothing", right? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of technical coordinator Sent: Thursday, May 06, 2004 2:45 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Storing/Quaranting certain outbound emails Can't truly explain last line. But It will not work without it. If you do it this way it will work. I have it set up that way and I capture all email from a spammer on my site. With FromOrTo: You will also capture all outgoing mail. Do you want to do that? -----Original Message----- From: Jason Williams [mailto:jwilliams@COURTESYMORTGAGE.COM] Sent: Thu 5/6/2004 2:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Storing/Quaranting certain outbound emails Hi Dale, Thanks for your help. At 02:33 PM 5/6/2004 -0500, you wrote: >FromOrTo: *@mydomain.com user1@mydomain.com >FromOrTo: *@mydomain.com > >This Should get all email and forward a copy yo user1. > >Dale This would go in my archive.rule, which is specified in my MailScanner.conf. Just to clarify, this little archive rule would just send a copy of the email to user1? For kicks, if this is my rule: FromOrTo: *@mailscanner.com user1@mycompany.com Would specify that all outgoing/incoming mail from *@mailscanner.com, a copy would be sent to user1@mycompany.com What is the last line for? Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040506/b41bff88/smime.bin From jaearick at COLBY.EDU Fri May 7 03:21:22 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:05 2006 Subject: MS manual raises a question Message-ID: Y'all, First off, a great job on the manual. Even as a long-time MS user, it is good reading and raised a question for me. I use the sophossavi and clamavmodule virus engines, and I have always left "Expand TNEF = yes". I see you don't need it for Sophos (I never noticed). What if you run multiple virus scanners? Leave it set to yes? Maybe this detail needs to be noted in the manual. Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From msteudel at PANICWARE.COM Fri May 7 06:20:01 2004 From: msteudel at PANICWARE.COM (Mark Steudel) Date: Thu Jan 12 21:25:05 2006 Subject: Blocking by locale Message-ID: <200405070520.i475K2B01211@ripley.powerserving.com> Is there a way to block certain language sets? I find that Asian character sets that get through, usually jam up my mail queue. Maybe that's a sign that I need to fix something else ... Mark -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Fri May 7 07:01:32 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:25:05 2006 Subject: Failed finding testvirus.org In-Reply-To: <5.2.1.1.0.20040506142523.00a97828@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040506142523.00a97828@corpmail.courtesymortgage.com> Message-ID: <409B263C.4040107@gmx.de> Jason Williams wrote: > Test #20: Eicar virus within zip file hidden using the "MIME Boundary > Space > Gap Vulnerability" > > Test #21: Eicar virus within zip file hidden using the "Long MIME > Boundary > Vulnerability" > > Test #23: Eicar virus within zip file hidden using the "Empty MIME > Boundary > Vulnerability" do you homework and search in the list-archives. testvirus.org excedent.com ... -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Fri May 7 07:11:50 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:05 2006 Subject: Finally: I'm live... :) In-Reply-To: <20040504214206.9932D21C2D9@mail.fsl.com> References: <20040504214206.9932D21C2D9@mail.fsl.com> Message-ID: <6DDAB31D-9FED-11D8-8626-003065F939FE@ucsc.edu> On May 4, 2004, at 2:41 PM, Stephen Swaney wrote: > From: John Rudd >> Jason Williams wrote: >>> >>> As im monitoring the server here, as far as resources, what should I >>> be >>> keeping on eye on? >> >> The size of your queue's. [... queue monitoring system description snipped] > It's a nice and simple system. I'm sure that many on the list would be > interested. Well, you asked for it :-) I haven't really cleaned them up for public consumption (the reason I took a little while to send them was that I was thinking I would try to do that clean up and re-formatting, but I simply haven't got that much spare time at the moment). If I get a chance, I'll do that later. They're probably going to need lots of clean up for things like proper global variables, comments, those kinds of things. If someone else wants to clean them up and stuff, I wouldn't object. (I also tend to not use perl shortcuts, nor certain perl formatting things, it's just my coding style) But, here they are: http://people.ucsc.edu/~jrudd/MQC -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Jan-Peter.Koopmann at SECEIDOS.DE Fri May 7 07:31:20 2004 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner Manual is now available Message-ID: On Friday, May 07, 2004 3:39 AM Pete wrote: > because if the user would stupid enough (like i was recently) > to place the entry for the tmpfs above the entry for mounting Good to know I am not the only one... :-) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From linux at LEUTE.SERVER.DE Fri May 7 07:52:22 2004 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:25:05 2006 Subject: MailScanner vs. Amavisd References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> <008301c43382$3ea98a80$85421851@hq> <409ABD63.8000304@eatathome.com.au> Message-ID: <007801c433ff$d98add10$85421851@hq> > Since you seem to be one of the biggest users oif both systems, any > chance you could provide a side by side comparison chart of the features > of both systems? When I've time, yes. But I'm only using SA with amavisd-new. I can't compare all the features. We'll see ... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri May 7 09:15:00 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner configuration problem?? In-Reply-To: <200405061921.i46JLLkK012427@ mail.puntopy.com> References: <200405061921.i46JLLkK012427@ mail.puntopy.com> Message-ID: <6.0.1.1.2.20040507091448.03edf708@imap.ecs.soton.ac.uk> Check you maillog. Most likely cause is a configuration syntax error. At 19:22 06/05/2004, you wrote: >When I run MailScanner, mails start coming into mqueue.in/ directory but >they stay there forever... >/var/spool/MailScanner/incoming/ is always empty. > >And of course mails are not deliveries to respective users. >Im using: >Red Hat 9 >Sendmail 8.12.8 >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to >jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the >archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From David.While at UCE.AC.UK Fri May 7 09:46:04 2004 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:25:06 2006 Subject: Is there a command that can be run to reveal MailScanner Version? Message-ID: <107DE25EC0216C45AEF670016024245F6441CF@exchangea.staff.uce.ac.uk> Wayne Could you send me the changes you have made - I would like to incorporate them into the next version. Always looking to enhance the product :) David While -----Original Message----- From: MailScanner mailing list on behalf of Wayne Fox Sent: Fri 07/05/2004 08:41 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Is there a command that can be run to reveal MailScanner Version? Is there a command that can be run to reveal MailScanner Version? Although I can do.. # service MailScanner restart # tail -100 /var/log/maillog | grep "starting.." May 7 16:09:28 jupiter MailScanner[20683]: MailScanner E-Mail Virus Scanner version 4.29.7 starting... to reveal I am running 4.29.7, is there a more direct method I can script / capture? I wish to update my VISPAN report with version information via script commands. See http://gwmaster.eteam.com.au/vispan SpamAssassin is easy.. # spamassassin -V SpamAssassin version 2.63 I would like the Virus Scanners autoupdate wrappers to log their version so I can pick it up when I grab the Last Updated Date and Time. For Example, here are some commands I can run against the Virus Scanners I have.. ################################################### # sweep -v | grep "Product version" Product version : 3.81 # sweep -v | grep "version" Product version : 3.81 Engine version : 2.19 User interface version : 2.07.060 ################################################### # f-prot -verno F-PROT ANTIVIRUS Program version: 4.4.1 Engine version: 3.14.11 VIRUS SIGNATURE FILES SIGN.DEF created 6 May 2004 SIGN2.DEF created 6 May 2004 MACRO.DEF created 3 May 2004 ################################################### # clamscan -V clamscan / ClamAV version 0.70 ################################################### # bdc --info BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Engine signatures: 76647 Scan engines: 12 Archive engines: 34 Unpack engines: 3 Mail engines: 6 System engines: 0 ################################################### -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Fri May 7 09:55:35 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <002301c43407$3631df30$85421851@hq> References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> <008301c43382$3ea98a80$85421851@hq> <409ABD63.8000304@eatathome.com.au> <007801c433ff$d98add10$85421851@hq> <002301c43407$3631df30$85421851@hq> Message-ID: <409B4F07.1050104@eatathome.com.au> Just on the Postfix stuff, there is a another way ... Julian can you comment on the HOLD method vs 2 Postfix instances method ? Seems many people dont realise there is an alternative or which is 'better' to use with MS ? Muenz, Michael wrote: >>>Since you seem to be one of the biggest users oif both systems, any >>>chance you could provide a side by side comparison chart of the features >>>of both systems? >>> >>> > >Here's a short comparison from the amavis list: > > >Mailscanner does not support daemonized virus scanners, however, while >amavisd-new does. This is apparently a conscious decision on the part of >Mailscanner's author, who does not believe that daemonized virus scanners >are more efficient than command-line scanners in this context. Instead, >Mailscanner tries to optimize the use of command-line scanners by scanning >mail in "batches", rather than one at a time. The author's explanation can >be found in the FAQ at >http://www.sng.ecs.soton.ac.uk/mailscanner/faq.shtml#22 > >I've read posts in this and other forums that suggest that Mailscanner may >not behave well with Postfix, though I can't recall the specifics of those >claims. I do know that Mark Martinec has been extremely diligent about >ensuring that amavisd-new remains RFC-compliant, and that it behaves >properly with many MTAs. Mailscanner's author is a Sendmail user, while >amavisd-new's author is a Postfix user, which may suggest where their >respective strengths lie. That said, I'm a Sendmail user, and I've had no >problems with amavisd-new, which is probably why I'm still here :) > > > >Mailscanner interfaces with postfix by grabbing files directly out of >the postfix queue structure. The postfix author states this is unsafe >and may result in random loss of mail (truncated messages) >with no warning and no indication in any log of a problem. There have >in fact been a few reports on the postfix-users list of this >happening. >The Mailscanner author insists his method is safe, as do many users of >mailscanner+postfix (I'm not one of them). Apparently Mailscanner *is* >safe when used with Sendmail or Exim. > >I would not imagine anyone knows what is safe with postfix better than >the author of postfix. > > >I can't confirm that all is true. And I've never seen any >problems with MS and Postfix. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > From pete at eatathome.com.au Fri May 7 09:55:35 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <002301c43407$3631df30$85421851@hq> References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> <008301c43382$3ea98a80$85421851@hq> <409ABD63.8000304@eatathome.com.au> <007801c433ff$d98add10$85421851@hq> <002301c43407$3631df30$85421851@hq> Message-ID: <409B4F07.1050104@eatathome.com.au> Just on the Postfix stuff, there is a another way ... Julian can you comment on the HOLD method vs 2 Postfix instances method ? Seems many people dont realise there is an alternative or which is 'better' to use with MS ? Muenz, Michael wrote: >>>Since you seem to be one of the biggest users oif both systems, any >>>chance you could provide a side by side comparison chart of the features >>>of both systems? >>> >>> > >Here's a short comparison from the amavis list: > > >Mailscanner does not support daemonized virus scanners, however, while >amavisd-new does. This is apparently a conscious decision on the part of >Mailscanner's author, who does not believe that daemonized virus scanners >are more efficient than command-line scanners in this context. Instead, >Mailscanner tries to optimize the use of command-line scanners by scanning >mail in "batches", rather than one at a time. The author's explanation can >be found in the FAQ at >http://www.sng.ecs.soton.ac.uk/mailscanner/faq.shtml#22 > >I've read posts in this and other forums that suggest that Mailscanner may >not behave well with Postfix, though I can't recall the specifics of those >claims. I do know that Mark Martinec has been extremely diligent about >ensuring that amavisd-new remains RFC-compliant, and that it behaves >properly with many MTAs. Mailscanner's author is a Sendmail user, while >amavisd-new's author is a Postfix user, which may suggest where their >respective strengths lie. That said, I'm a Sendmail user, and I've had no >problems with amavisd-new, which is probably why I'm still here :) > > > >Mailscanner interfaces with postfix by grabbing files directly out of >the postfix queue structure. The postfix author states this is unsafe >and may result in random loss of mail (truncated messages) >with no warning and no indication in any log of a problem. There have >in fact been a few reports on the postfix-users list of this >happening. >The Mailscanner author insists his method is safe, as do many users of >mailscanner+postfix (I'm not one of them). Apparently Mailscanner *is* >safe when used with Sendmail or Exim. > >I would not imagine anyone knows what is safe with postfix better than >the author of postfix. > > >I can't confirm that all is true. And I've never seen any >problems with MS and Postfix. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Anjana.Patel at CRANFIELD.AC.UK Fri May 7 10:54:48 2004 From: Anjana.Patel at CRANFIELD.AC.UK (Patel, Anjana) Date: Thu Jan 12 21:25:06 2006 Subject: emails not scanned? Message-ID: Hello, I'm a bit concerned about a problem that occurred yesterday. The setup is as follows: Mailscanner v 4.28.4 Redhat Linux Exim 3.36 The current setup has been working fine for the last month or so but yesterday I changed the config so that the spam.action.rules and html2txt.rules called files (which contained the relevant addresses). Unfortunately due to typos, mailscanner was unable to find these files: May 7 00:01:44 xxx MailScanner[20667]: Could not open ruleset's address pattern list file /software/MailScanner/etc/rules/striphtmlspam, No such file or directory May 7 00:01:54 xxx MailScanner[20677]: MailScanner E-Mail Virus Scanner version 4.28.4 starting... The maillog is filled up with the above messages with no indication of any scanning/delivering messages. The problem is that instead of mailscanner queuing up the files as I would have expected, it delivered the files unscanned (i.e. not virus checked or spam checked). There were no mailscanner headers in the email that I checked. Obviously this was not mailscanner's fault but it is still worrying as infected emails were delivered. I was under the impression that mailscanner was responsible for moving emails from one queue to another AFTER they were scanned. Can anyone explain what happened here so I can put in some checks to prevent it happening again? Thanks Anjana -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Fri May 7 12:46:48 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:06 2006 Subject: emails not scanned? In-Reply-To: References: Message-ID: <409B7728.2020502@eatathome.com.au> Patel, Anjana wrote: >Hello, > >I'm a bit concerned about a problem that occurred yesterday. > >The setup is as follows: >Mailscanner v 4.28.4 >Redhat Linux >Exim 3.36 > >The current setup has been working fine for the last month or so but >yesterday I changed the config so that the spam.action.rules and >html2txt.rules called files (which contained the relevant addresses). > >Unfortunately due to typos, mailscanner was unable to find these files: > > >May 7 00:01:44 xxx MailScanner[20667]: Could not open ruleset's address >pattern list file /software/MailScanner/etc/rules/striphtmlspam, No such >file or directory >May 7 00:01:54 xxx MailScanner[20677]: MailScanner E-Mail Virus Scanner >version 4.28.4 starting... > >The maillog is filled up with the above messages with no indication of >any scanning/delivering messages. > >The problem is that instead of mailscanner queuing up the files as I >would have expected, it delivered the files unscanned (i.e. not virus >checked or spam checked). There were no mailscanner headers in the >email that I checked. Obviously this was not mailscanner's fault but it >is still worrying as infected emails were delivered. I was under the >impression that mailscanner was responsible for moving emails from one >queue to another AFTER they were scanned. Can anyone explain what >happened here so I can put in some checks to prevent it happening again? > >Thanks >Anjana > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > Hardly fair to expect MailScanner to bhave as designed regardless of the errors in the config - i guess you can only code for known configurations, not unknown ? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From subscriptions at ETEAM.COM.AU Fri May 7 13:36:20 2004 From: subscriptions at ETEAM.COM.AU (Wayne Fox) Date: Thu Jan 12 21:25:06 2006 Subject: Is there a command that can be run to reveal MailScanner Version? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001649D1C@pascal.priv.bmrb. co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001649D1C@pascal.priv.bmrb.co.uk> Message-ID: <6.0.3.0.2.20040507220028.027d1e18@mail.eteam.com.au> Thanks Kevin! Not exactly "MailScanner -V" is it... After deleting the tar ball post installation, months later I tend to forget what version I am up to. Since I often look at my new VISPAN report, I thought I might display current version numbers there as a guide. Wayne At 06:00 PM 7/05/2004, you wrote: >Wayne Fox wrote: > > Is there a command that can be run to reveal MailScanner Version? > > > > Although I can do.. > > # service MailScanner restart > > # tail -100 /var/log/maillog | grep "starting.." > > May 7 16:09:28 jupiter MailScanner[20683]: MailScanner E-Mail Virus > > Scanner version 4.29.7 starting... > > > > to reveal I am running 4.29.7, is there a more direct method I can > > script / capture? > >Try >grep -m 1 "^\$MailScanner::Config::MailScannerVersion" >/usr/sbin/MailScanner | sed -e "s/.*'\(.*\)'.*/\1/" > > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From isp-list at TULSACONNECT.COM Fri May 7 13:57:22 2004 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:25:06 2006 Subject: Whitelist/Blacklist checking through MySQL In-Reply-To: Message-ID: <5.2.1.1.2.20040507075703.0541be18@securemail.tulsaconnect.com> At 09:48 PM 4/14/2004 +0200, you wrote: >Hi all, > >Is there somebody out there who has has written custom functions >to pull values from MySQL? No?, well then i will write them. Yes: http://filelister.dev.linux-kernel.at/?current=/tarballs/MailScanner/ --------------------------------------- Mike Bacher / mike@sparklogic.com SparkLogic Development / ISP Consulting Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ --------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From isp-list at TULSACONNECT.COM Fri May 7 13:57:48 2004 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:25:06 2006 Subject: Reading Rules from MySQL In-Reply-To: Message-ID: <5.2.1.1.2.20040507075741.050bbb08@securemail.tulsaconnect.com> At 02:08 PM 3/30/2004 +0100, you wrote: >Hi All > >Could anyone share any custom functions on reading any of the following >from SQL database, > >spam.actions >whitelists >blacklists > > http://filelister.dev.linux-kernel.at/?current=/tarballs/MailScanner/ --------------------------------------- Mike Bacher / mike@sparklogic.com SparkLogic Development / ISP Consulting Use OptiGold ISP? Check out OptiSkin! http://www.sparklogic.com/optiskin/ --------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From rodrigo at PUNTOPY.COM Fri May 7 13:12:34 2004 From: rodrigo at PUNTOPY.COM (Rodrigo Keen) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner configuration problem?? In-Reply-To: <6.0.1.1.2.20040507091448.03edf708@imap.ecs.soton.ac.uk> Message-ID: <200405071311.i47DB1Bl017797@ mail.puntopy.com> I checked it...its empty /var/logs/maillog Im trying now with sendmail's newer version. -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Julian Field Enviado el: viernes, 07 de mayo de 2004 5:15 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: MailScanner configuration problem?? Check you maillog. Most likely cause is a configuration syntax error. At 19:22 06/05/2004, you wrote: >When I run MailScanner, mails start coming into mqueue.in/ directory but >they stay there forever... >/var/spool/MailScanner/incoming/ is always empty. > >And of course mails are not deliveries to respective users. >Im using: >Red Hat 9 >Sendmail 8.12.8 >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to >jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the >archives at >http://www.jiscmail.ac.uk /lists/mailscanner.html -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mime at GMX.DE Fri May 7 14:33:09 2004 From: mime at GMX.DE (Michael Meyer) Date: Thu Jan 12 21:25:06 2006 Subject: Strange Problem since yesterday Message-ID: <20040507133308.GB21239@m2.homelinux.org> hi, ######## ps aux root 10317 1.1 0.0 0 0 ? Z 14:54 0:04 [MailScanner ] root 10320 1.1 0.0 0 0 ? Z 14:54 0:04 [MailScanner ] root 10342 1.2 0.0 0 0 ? Z 14:55 0:04 [MailScanner ] root 10344 1.2 0.0 0 0 ? Z 14:55 0:04 [MailScanner ] ######## tail -f /var/log/messages May 7 15:01:59 tux root: Process did not exit cleanly, returned 0 with signal 6 ######## mails keep staying in /var/spool/mqueue.in. ######## tail -f /var/log/mail May 7 15:08:10 tux MailScanner[10557]: Enabling SpamAssassin auto-whitelist functionality... May 7 15:08:19 tux MailScanner[10560]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 7 15:08:20 tux MailScanner[10560]: Enabling SpamAssassin auto-whitelist functionality... May 7 15:08:29 tux MailScanner[10561]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 7 15:08:30 tux MailScanner[10561]: Enabling SpamAssassin auto-whitelist functionality... May 7 15:08:39 tux MailScanner[10563]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 7 15:08:40 tux MailScanner[10563]: Enabling SpamAssassin auto-whitelist functionality... May 7 15:08:49 tux MailScanner[10564]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 7 15:08:50 tux MailScanner[10564]: Enabling SpamAssassin auto-whitelist functionality... May 7 15:08:59 tux MailScanner[10569]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 7 15:09:00 tux MailScanner[10569]: Enabling SpamAssassin auto-whitelist functionality... May 7 15:09:09 tux MailScanner[10570]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 7 15:09:10 tux MailScanner[10570]: Enabling SpamAssassin auto-whitelist functionality... May 7 15:09:19 tux MailScanner[10571]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... ... this _never_ stops. there are no other messages. ######## my configuration works for a long time. i updated today (after i see there is a problem) to the newest version of mailscanner and sophos, but this didn`t solves the problem. before the update i changed nothing. so why mailscanner stops working since yesterday? im confused. ;) MailScanner 4.30.3 Sendmail 8.12.10 SuSE 7.1 with kernel 2.2.25 sophos and sophossavi any ideas? kind regards micha -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Fri May 7 14:35:30 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:06 2006 Subject: web front end for users to edit rules. In-Reply-To: <20040506223336.99CCC21C31F@mail.fsl.com> References: <20040506223336.99CCC21C31F@mail.fsl.com> Message-ID: On Thu, 6 May 2004, Stephen Swaney wrote: > > Hi I have seen mailwatch, but it does not have any functionality to edit > > the custom rules that MailScanner is capable of performing. Has someone > > got a web front end solution for allowing users to control their own > > parameters. Also It would be nice to be able to have these parameters in a > > database so multiple servers could read the same info, and maybe have a > > set of defaults if the backend sql server is unreachable. > > > > Let me know if this is being worked on by anyone. > > phplistadmin is a php web GUI used to edit/create SQL and bydomain/byemail > white and blacklists for MailScanner. For SQL black/white lists you must use > the CustomConfig functions available from: > > http://filelister.linuxkernel.at/?current=/tarballs/Mailscanner > > phplistadmin for MailScanner and instructions for installing are available > from: > http://sourceforge.net/projects/phplistadmin/ > Thanks for that bit, I did overlook that info, sorry. Also this link is broken http://filelister.linuxkernel.at/?current=/tarballs/Mailscanner -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Fri May 7 14:37:26 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner vs. Amavisd In-Reply-To: <409ABD63.8000304@eatathome.com.au> References: <5C0296D26910694BB9A9BBFC577E7AB0020199F4@pascal.priv.bmrb.co.uk> <003301c43354$7edc9030$85421851@hq> <409A28AC.6090405@eatathome.com.au> <00b301c4336d$11061680$85421851@hq> <008301c43382$3ea98a80$85421851@hq> <409ABD63.8000304@eatathome.com.au> Message-ID: On Fri, 7 May 2004, Pete wrote: > > > Since you seem to be one of the biggest users oif both systems, any > chance you could provide a side by side comparison chart of the features > of both systems? > Hey I think that is a great idea. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Fri May 7 14:44:02 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:06 2006 Subject: Strange Problem since yesterday In-Reply-To: <20040507133308.GB21239@m2.homelinux.org> Message-ID: <20040507134402.5A0C221C32E@mail.fsl.com> Try setting Debug = yes & Debug SpamAssassin = yes in MailScanner.conf. Then restart Mailscanner. Examine the verbose output and you will probably find the problem. P.S. You probably do not want to enable SpamAssassin auto-whitelist functionality Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Meyer > Sent: Friday, May 07, 2004 9:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Strange Problem since yesterday > > hi, > > ######## > > ps aux > > root 10317 1.1 0.0 0 0 ? Z 14:54 0:04 > [MailScanner ] > root 10320 1.1 0.0 0 0 ? Z 14:54 0:04 > [MailScanner ] > root 10342 1.2 0.0 0 0 ? Z 14:55 0:04 > [MailScanner ] > root 10344 1.2 0.0 0 0 ? Z 14:55 0:04 > [MailScanner ] > > ######## > > tail -f /var/log/messages > > May 7 15:01:59 tux root: Process did not exit cleanly, returned 0 with > signal 6 > > ######## > > mails keep staying in /var/spool/mqueue.in. > > ######## > > tail -f /var/log/mail > > May 7 15:08:10 tux MailScanner[10557]: Enabling SpamAssassin auto- > whitelist functionality... > May 7 15:08:19 tux MailScanner[10560]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > May 7 15:08:20 tux MailScanner[10560]: Enabling SpamAssassin auto- > whitelist functionality... > May 7 15:08:29 tux MailScanner[10561]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > May 7 15:08:30 tux MailScanner[10561]: Enabling SpamAssassin auto- > whitelist functionality... > May 7 15:08:39 tux MailScanner[10563]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > May 7 15:08:40 tux MailScanner[10563]: Enabling SpamAssassin auto- > whitelist functionality... > May 7 15:08:49 tux MailScanner[10564]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > May 7 15:08:50 tux MailScanner[10564]: Enabling SpamAssassin auto- > whitelist functionality... > May 7 15:08:59 tux MailScanner[10569]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > May 7 15:09:00 tux MailScanner[10569]: Enabling SpamAssassin auto- > whitelist functionality... > May 7 15:09:09 tux MailScanner[10570]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > May 7 15:09:10 tux MailScanner[10570]: Enabling SpamAssassin auto- > whitelist functionality... > May 7 15:09:19 tux MailScanner[10571]: MailScanner E-Mail Virus Scanner > version 4.30.3 starting... > ... > > this _never_ stops. there are no other messages. > > ######## > > my configuration works for a long time. i updated today > (after i see there is a problem) to the newest version of mailscanner > and sophos, but this didn`t solves the problem. > > before the update i changed nothing. so why mailscanner stops working > since yesterday? > im confused. ;) > > MailScanner 4.30.3 > Sendmail 8.12.10 > SuSE 7.1 with kernel 2.2.25 > sophos and sophossavi > > any ideas? > > kind regards > > micha > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri May 7 14:49:37 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:06 2006 Subject: web front end for users to edit rules. In-Reply-To: Message-ID: <200405071344.i47DiR2R023716@monitor.blacknight.ie> That link works fine for me Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Robin M. Sent: 07 May 2004 14:36 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] web front end for users to edit rules. On Thu, 6 May 2004, Stephen Swaney wrote: > > Hi I have seen mailwatch, but it does not have any functionality to > > edit the custom rules that MailScanner is capable of performing. Has > > someone got a web front end solution for allowing users to control > > their own parameters. Also It would be nice to be able to have these > > parameters in a database so multiple servers could read the same > > info, and maybe have a set of defaults if the backend sql server is unreachable. > > > > Let me know if this is being worked on by anyone. > > phplistadmin is a php web GUI used to edit/create SQL and > bydomain/byemail white and blacklists for MailScanner. For SQL > black/white lists you must use the CustomConfig functions available from: > > > http://filelister.linuxkernel.at/?current=/tarballs/Mailscanner > > phplistadmin for MailScanner and instructions for installing are > available > from: > http://sourceforge.net/projects/phplistadmin/ > Thanks for that bit, I did overlook that info, sorry. Also this link is broken http://filelister.linuxkernel.at/?current=/tarballs/Mailscanner -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miguelk at KONSULTEX.COM.BR Fri May 7 14:50:01 2004 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:25:06 2006 Subject: Strange Problem since yesterday References: <20040507133308.GB21239@m2.homelinux.org> Message-ID: <409B9409.4050707@konsultex.com.br> Michael; Seems strange. Any chance you are out of disk space? How about the logs just before or just after the upgrade? Miguel Michael Meyer wrote: >hi, > >######## > >ps aux > >root 10317 1.1 0.0 0 0 ? Z 14:54 0:04 [MailScanner ] >root 10320 1.1 0.0 0 0 ? Z 14:54 0:04 [MailScanner ] >root 10342 1.2 0.0 0 0 ? Z 14:55 0:04 [MailScanner ] >root 10344 1.2 0.0 0 0 ? Z 14:55 0:04 [MailScanner ] > >######## > >tail -f /var/log/messages > >May 7 15:01:59 tux root: Process did not exit cleanly, returned 0 with signal 6 > >######## > >mails keep staying in /var/spool/mqueue.in. > >######## > >tail -f /var/log/mail > >May 7 15:08:10 tux MailScanner[10557]: Enabling SpamAssassin auto-whitelist functionality... >May 7 15:08:19 tux MailScanner[10560]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... >May 7 15:08:20 tux MailScanner[10560]: Enabling SpamAssassin auto-whitelist functionality... >May 7 15:08:29 tux MailScanner[10561]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... >May 7 15:08:30 tux MailScanner[10561]: Enabling SpamAssassin auto-whitelist functionality... >May 7 15:08:39 tux MailScanner[10563]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... >May 7 15:08:40 tux MailScanner[10563]: Enabling SpamAssassin auto-whitelist functionality... >May 7 15:08:49 tux MailScanner[10564]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... >May 7 15:08:50 tux MailScanner[10564]: Enabling SpamAssassin auto-whitelist functionality... >May 7 15:08:59 tux MailScanner[10569]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... >May 7 15:09:00 tux MailScanner[10569]: Enabling SpamAssassin auto-whitelist functionality... >May 7 15:09:09 tux MailScanner[10570]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... >May 7 15:09:10 tux MailScanner[10570]: Enabling SpamAssassin auto-whitelist functionality... >May 7 15:09:19 tux MailScanner[10571]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... >... > >this _never_ stops. there are no other messages. > >######## > >my configuration works for a long time. i updated today >(after i see there is a problem) to the newest version of mailscanner >and sophos, but this didn`t solves the problem. > >before the update i changed nothing. so why mailscanner stops working since yesterday? >im confused. ;) > >MailScanner 4.30.3 >Sendmail 8.12.10 >SuSE 7.1 with kernel 2.2.25 >sophos and sophossavi > >any ideas? > >kind regards > >micha > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Anjana.Patel at CRANFIELD.AC.UK Fri May 7 14:52:07 2004 From: Anjana.Patel at CRANFIELD.AC.UK (Patel, Anjana) Date: Thu Jan 12 21:25:06 2006 Subject: emails not scanned? Message-ID: > Hardly fair to expect MailScanner to bhave as designed regardless of the > errors in the config - i guess you can only code for known > configurations, not unknown ? I'm well aware of the fact that Mailscanner was not at fault however I'm trying to understand why these emails did not remain queued and why there were no mailscanner headers if mailscanner deals with moving emails from the incoming to the outgoing queue? My expectation would have been that either mailscanner should have died because of a problem with the config or it should have put headers in saying that it failed to scan. The fact that there are no headers is confusing. Anjana -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Fri May 7 15:09:09 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:25:06 2006 Subject: Serious Problem Message-ID: Mail Scanner Version I downloaded: MailScanner-4.30.3-2.suse.tar.gz SpamAssassin: 2.63 F-Prot: 4.4.1 I'm having a serious problem all of a sudden. I'm running SuSE 9.0 x86_64 and hadn't had a problem with mail scanner and have run it on several boxes. But on this one box I hadn't actually gone live with it until yesterday. Once on the internet the usual spam crap started coming in. Mail Scanner's doing an awesome job keeping the crap out. But I think I've got some kind of memory leak or something. I'm using qpopper - in xinetd for user's retrieval of email - that's getting hung up too I think because of this problem. What it does is all of a sudden my server starts lagging way down. I did a top and checked to see what was hanging. Mail Scanner was showing like 80% processor (I understand that because it's scanning email of course) and the memory was like about 83%. But it takes a while before you start to see a slow down or lag problem. If I restart the machine it clears up of course but then not too much later it starts slowing way way down. But the whole machine lags bad which is so wierd because this machine is so friggin fast. But I didn't see this problem until I went live and upgraded to this Mail Scanner version and turned on qpopper. And when I run the script in the rc.d directory to shutdown MailScanner it says it shuts down but I do a top and there are still like one or two Mail Scanners in there so I pkill them. Anyone have any ideas? Thanks. -- Nathan Peters -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From steve.swaney at FSL.COM Fri May 7 15:16:02 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner Manual is now available In-Reply-To: <001901c4338c$64c35f20$2065e0c9@cositputer> Message-ID: <20040507141602.43FD521C331@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Alex Neuman > Sent: Thursday, May 06, 2004 1:06 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner Manual is now available > > One thing I haven't got around to finish is a "cookbook" type doc that > would have things like: > > perl -MCPAN -e shell > install Net::CIDR > install ... > > Bla bla blah... > > service MailScanner start && tail -f /var/log/maillog > > Sort of like a "no brainer" mailscanner install, step-by-step. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Thursday, May 06, 2004 12:03 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner Manual is now available > > > Another suggestion if I may: > > Possibly another Appendix. Something that is a rundown of the whole book > and recommendations for the best spam blocking and virus scanning. Such as > (knowing that the information might be skipping stuff or not: Providing > that you know that the more stuff you install you need a beefy machine but > for the best protecting we recommend: I'm trying not to duplicate information that is or should be in the MAQ (I don't want to put Ugo out of a job ;). I do plan on adding a few more references to the MAQ where appropriate. > > So the "perfect" mailscanner will/might be: > Install Redhat (or OS) > Install MailScanner > Install spamassassing > Use bayes and do this and this and this for best results > Use these filters from here http://xxxx.xxx.xxx.com Install virus > protection > Use this one, its free > Use maybe this one too as It catches more virues and updates > more often > Install one of the monitoring tools, mailwatch, vispan. > Install eiterh DCC, Razor, Pyzor. A lot of people on the list would argue about the Red Hat being "perfect" :). I will add information on the other supported operating systems as soon as I get a few volunteers to do the basic write-ups. Already have an offer for the FreeBSD installation and configuration. Anyone want to take Solaris or TRU64? The suggestion to include the steps you list above is a good one and I'll work it into a future revision. Right now I'm so busy fixing all my many typos I can't think about additions. Many thanks to all those who submitted typos and corrections! > I know that is a little redundant but Its straight to the point and would > help people like me > Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Fri May 7 15:29:50 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner Manual is now available In-Reply-To: <6.0.1.1.2.20040506181127.043a3dc8@imap.ecs.soton.ac.uk> References: <001901c4338c$64c35f20$2065e0c9@cositputer> <6.0.1.1.2.20040506181127.043a3dc8@imap.ecs.soton.ac.uk> Message-ID: On Thu, 6 May 2004, Julian Field wrote: > At 18:05 06/05/2004, you wrote: > >One thing I haven't got around to finish is a "cookbook" type doc that > >would have things like: > > > >perl -MCPAN -e shell > >install Net::CIDR > >install ... > > > >Bla bla blah... > > > >service MailScanner start && tail -f /var/log/maillog > > If you have the "service" command, then you are on RedHat and therefore > don't need to install the perl modules by hand. install.sh does all that > for you. Julian: How is progress with porting "install.sh" to other environments? I believe it would be a helpful addition to non-Redhat sites. In February I sent you a demonstration variant of "install.sh"; I'm happy to continue work on this if you wish, but it would be nice to know whether you would consider it. Is there any reason to deny non-Redhat users the benefits and fail-safe aspects of "install.sh"? Best wishes. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From t.d.lee at DURHAM.AC.UK Fri May 7 15:35:34 2004 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner Manual is now available In-Reply-To: <20040507141602.43FD521C331@mail.fsl.com> References: <20040507141602.43FD521C331@mail.fsl.com> Message-ID: On Fri, 7 May 2004, Stephen Swaney wrote: > [...] > A lot of people on the list would argue about the Red Hat being "perfect" > :). I will add information on the other supported operating systems as soon > as I get a few volunteers to do the basic write-ups. Already have an offer > for the FreeBSD installation and configuration. Anyone want to take Solaris > or TRU64? In recent months, I have been trying to persuade Julian to adopt some work I've been doing that generalises "install.sh" to non-Redhat environments. (Here we use a mixture of Redhat and Solaris, and the "install.sh" makes Redhat vastly easier to maintain. If only we could have it for others!) So if Julian can adopt these patches, it would probably make a significant difference to (and would keep simple) that part of your manual. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri May 7 15:13:35 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:06 2006 Subject: emails not scanned? In-Reply-To: References: Message-ID: <6.0.1.1.2.20040507151252.07936b00@imap.ecs.soton.ac.uk> At 14:52 07/05/2004, you wrote: > > Hardly fair to expect MailScanner to bhave as designed regardless of >the > > errors in the config - i guess you can only code for known > > configurations, not unknown ? > >I'm well aware of the fact that Mailscanner was not at fault however I'm >trying to understand why these emails did not remain queued and why >there were no mailscanner headers if mailscanner deals with moving >emails from the incoming to the outgoing queue? My expectation would >have been that either mailscanner should have died because of a problem >with the config or it should have put headers in saying that it failed >to scan. The fact that there are no headers is confusing. In that case, are you 100% sure you don't still have a sendmail process delivering from the first queue? MailScanner always adds some headers. No headers is a sure sign of it not going through MailScanner at all. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri May 7 16:09:47 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner Manual is now available In-Reply-To: References: <20040507141602.43FD521C331@mail.fsl.com> Message-ID: <6.0.1.1.2.20040507160923.039ff3c8@imap.ecs.soton.ac.uk> At 15:35 07/05/2004, you wrote: >On Fri, 7 May 2004, Stephen Swaney wrote: > > > [...] > > A lot of people on the list would argue about the Red Hat being "perfect" > > :). I will add information on the other supported operating systems as soon > > as I get a few volunteers to do the basic write-ups. Already have an offer > > for the FreeBSD installation and configuration. Anyone want to take Solaris > > or TRU64? > >In recent months, I have been trying to persuade Julian to adopt some work >I've been doing that generalises "install.sh" to non-Redhat environments. >(Here we use a mixture of Redhat and Solaris, and the "install.sh" makes >Redhat vastly easier to maintain. If only we could have it for others!) > >So if Julian can adopt these patches, it would probably make a significant >difference to (and would keep simple) that part of your manual. My normal problem with there not being enough hours in the day :-( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mime at GMX.DE Fri May 7 17:29:10 2004 From: mime at GMX.DE (Michael Meyer) Date: Thu Jan 12 21:25:06 2006 Subject: Strange Problem since yesterday In-Reply-To: <20040507134402.5A0C221C32E@mail.fsl.com> References: <20040507133308.GB21239@m2.homelinux.org> <20040507134402.5A0C221C32E@mail.fsl.com> Message-ID: <20040507162910.GE21239@m2.homelinux.org> *** Stephen Swaney wrote: > Try setting Debug = yes & Debug SpamAssassin = yes in > MailScanner.conf. Then > restart Mailscanner. thanks, this helps me. > Examine the verbose output and you will probably find the problem. ######## ... debug: running header regexp tests; score so far=0 debug: running body-text per-line regexp tests; score so far=2.077 debug: bayes corpus size: nspam = 2187, nham = 51084 debug: uri tests: Done uriRE debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.ta debug: tokenize: header tokens for *m = " 1083939043 55279 spamassassin_spamd_init " debug: bayes token 'H*F:D*org' => 0.0538651741435612 debug: bayes token 'body' => 0.0683623445319309 debug: bayes token 'N:H*m:NNNNNNNNNN' => 0.101383441641489 debug: bayes token 'N:H*m:NNNNN' => 0.12498133485202 debug: bayes: score = 0.00555366466038587 __db_assert: "0" failed: file "../dist/../common/db_err.c", line 200 /usr/sbin/check_MailScanner: line 118: 13066 Aborted $process $config ######## i mv the directory ".spamassasin" and now mailscanner works. could somebody explain me what happened? thanks a lot micha -- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mime at GMX.DE Fri May 7 15:22:33 2004 From: mime at GMX.DE (Michael Meyer) Date: Thu Jan 12 21:25:06 2006 Subject: Strange Problem since yesterday In-Reply-To: <20040507134402.5A0C221C32E@mail.fsl.com> References: <20040507133308.GB21239@m2.homelinux.org> <20040507134402.5A0C221C32E@mail.fsl.com> Message-ID: <20040507142233.GD21239@m2.homelinux.org> *** Stephen Swaney wrote: > Try setting Debug = yes & Debug SpamAssassin = yes in MailScanner.conf. Then > restart Mailscanner. thanks, this helps me. > Examine the verbose output and you will probably find the problem. ######## ... debug: running header regexp tests; score so far=0 debug: running body-text per-line regexp tests; score so far=2.077 debug: bayes corpus size: nspam = 2187, nham = 51084 debug: uri tests: Done uriRE debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.ta debug: tokenize: header tokens for *m = " 1083939043 55279 spamassassin_spamd_init " debug: bayes token 'H*F:D*org' => 0.0538651741435612 debug: bayes token 'body' => 0.0683623445319309 debug: bayes token 'N:H*m:NNNNNNNNNN' => 0.101383441641489 debug: bayes token 'N:H*m:NNNNN' => 0.12498133485202 debug: bayes: score = 0.00555366466038587 __db_assert: "0" failed: file "../dist/../common/db_err.c", line 200 /usr/sbin/check_MailScanner: line 118: 13066 Aborted $process $config ######## i mv the directory ".spamassasin" and now mailscanner works. could somebody explain me what happened? thanks a lot micha -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Fri May 7 17:37:28 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:06 2006 Subject: MailScanner MySQL problem In-Reply-To: <001201c3f3db$b81531d0$0a0110ac@sim> Message-ID: <200405071632.i47GWJBk013896@monitor.blacknight.ie> SatyaDev A number of these were discussed or mentioned in posts earlier today and also last week Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 _____ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of SatyaDev Sharma Sent: 15 February 2004 15:52 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] MailScanner MySQL problem Hello Julian, I m looking solution for MySQL based User Pref for SpamAssassin into MailScanner since long time. I posted on mailscanner mailing list but could not get any solution. Currently I m using MySQL based spamc/spamd SA module outside of MailScanner. But I need to use it within MailScanner for better reporting and performance ! Can U Help Me ......! Any Hint !! Thanx SatyaDev Sharma ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK -------------------------- MailScanner list ---------------------- -------------------------------------------------------------- This message has been scanned for viruses and dangerous content by AUSPICE MAIL SERVER, and is believed to be clean. -------------------------------------------------------------- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040507/b82383f1/attachment.html From jwilliams at COURTESYMORTGAGE.COM Fri May 7 18:01:43 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:07 2006 Subject: "Could not parse Outlook Rich Attachment" .... Message-ID: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> Hi everyone. This week has been very entertaining for me. MailScanner is running like a champ, doing everything that it should. I am continuing to fine tune my rules as I go along. I'm find that I will get some blocked or quarantined messages from some of our vendors and I have had to adjust accordingly. To make sure we receive our emails from our vendors and that they do not get blocked as spam, I just put them in my spam.whitelist.rules and it seems to do the trick. (BTW, anyone have a rather large spam.whitelist.rules file? Mine is growing) Anyway, this morning, I received some messages saying a piece of email was blocked with the following message: Subject: AES Order Status Confirmation Report Attached MessageID: i47BkElO044316 Report: Could not parse Outlook Rich Text attachment (Postmaster email I should say) Now, this particular email is very crucial for our company to receive. I have gone ahead and added this particular domain to my spam.whitelist.rules, but not sure if that is going to do the trick. Any suggestions on how to fix this one? I appreciate it. Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri May 7 18:19:46 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: "Could not parse Outlook Rich Attachment" .... In-Reply-To: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgag e.com> References: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> Message-ID: <6.1.0.6.2.20040507181918.0410ea80@imap.ecs.soton.ac.uk> I posted a new RPM for tnef the other day. Search the list archive for the subject "Are you having tnef problems?". At 18:01 07/05/2004, you wrote: >Hi everyone. > >This week has been very entertaining for me. MailScanner is running like a >champ, doing everything that it should. I am continuing to fine tune my >rules as I go along. >I'm find that I will get some blocked or quarantined messages from some of >our vendors and I have had to adjust accordingly. > >To make sure we receive our emails from our vendors and that they do not >get blocked as spam, I just put them in my spam.whitelist.rules and it >seems to do the trick. >(BTW, anyone have a rather large spam.whitelist.rules file? Mine is growing) > >Anyway, this morning, I received some messages saying a piece of email was >blocked with the following message: > > Subject: AES Order Status Confirmation Report Attached > MessageID: i47BkElO044316 > Report: Could not parse Outlook Rich Text attachment > >(Postmaster email I should say) > >Now, this particular email is very crucial for our company to receive. I >have gone ahead and added this particular domain to my >spam.whitelist.rules, but not sure if that is going to do the trick. > >Any suggestions on how to fix this one? > >I appreciate it. > >Jason > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Denis.Beauchemin at USHERBROOKE.CA Fri May 7 18:19:14 2004 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:25:07 2006 Subject: "Could not parse Outlook Rich Attachment" .... In-Reply-To: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> References: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> Message-ID: <409BC512.20007@USherbrooke.ca> Jason Williams wrote: > Hi everyone. > > This week has been very entertaining for me. MailScanner is running > like a > champ, doing everything that it should. I am continuing to fine tune my > rules as I go along. > I'm find that I will get some blocked or quarantined messages from > some of > our vendors and I have had to adjust accordingly. > > To make sure we receive our emails from our vendors and that they do not > get blocked as spam, I just put them in my spam.whitelist.rules and it > seems to do the trick. > (BTW, anyone have a rather large spam.whitelist.rules file? Mine is > growing) Our whitelist has 461 lines; our blacklist has 150. No problems here! > > Anyway, this morning, I received some messages saying a piece of email > was > blocked with the following message: > > Subject: AES Order Status Confirmation Report Attached > MessageID: i47BkElO044316 > Report: Could not parse Outlook Rich Text attachment > > (Postmaster email I should say) > > Now, this particular email is very crucial for our company to receive. I > have gone ahead and added this particular domain to my > spam.whitelist.rules, but not sure if that is going to do the trick. It won't work! This is not a spam so whitelisting it won't do it. You have to either disable blocking bad TNEF (I don't recommend this): Deliver Unparsable TNEF = yes or change the TNEF decoder you use: TNEF Expander = internal I used to use the external decoder and had many errors like yours. Now I use the internal one (not even the brand new one Julian posted a couple of days ago) and my error messages have gone away! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Fri May 7 18:43:04 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:07 2006 Subject: "Could not parse Outlook Rich Attachment" .... In-Reply-To: <6.1.0.6.2.20040507181918.0410ea80@imap.ecs.soton.ac.uk> References: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgag e.com> <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040507104216.00a99530@corpmail.courtesymortgage.com> Hi Julian, >I posted a new RPM for tnef the other day. Search the list archive for the >subject "Are you having tnef problems?". There is only one problem: I'm not using Red Hat. :) Using FreeBSD over here. Any other possible solutions? Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Fri May 7 18:46:46 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: "Could not parse Outlook Rich Attachment" .... In-Reply-To: <5.2.1.1.0.20040507104216.00a99530@corpmail.courtesymortgag e.com> References: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgag e.com> <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> <5.2.1.1.0.20040507104216.00a99530@corpmail.courtesymortgage.com> Message-ID: <6.1.0.6.2.20040507184618.041a9ac8@imap.ecs.soton.ac.uk> At 18:43 07/05/2004, you wrote: >Hi Julian, > >>I posted a new RPM for tnef the other day. Search the list archive for the >>subject "Are you having tnef problems?". > >There is only one problem: I'm not using Red Hat. :) Using FreeBSD over here. > >Any other possible solutions? TNEF Expander = internal -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jwilliams at COURTESYMORTGAGE.COM Fri May 7 18:59:47 2004 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:25:07 2006 Subject: "Could not parse Outlook Rich Attachment" .... In-Reply-To: <409BC512.20007@USherbrooke.ca> References: <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> <5.2.1.1.0.20040507095722.02a4a9a8@corpmail.courtesymortgage.com> Message-ID: <5.2.1.1.0.20040507105811.00b18430@corpmail.courtesymortgage.com> Hi Denis and Julian, I appreciate your help and recommendations. >or change the TNEF decoder you use: >TNEF Expander = internal I went ahead and set this for my option as well. >I used to use the external decoder and had many errors like yours. Now I >use the internal one (not even the brand new one Julian posted a couple of >days ago) and my error messages have gone away! Good to know. Hopefully, no more problems. Thanks guys, Jason -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mlm at LOANPROCESSING.NET Fri May 7 19:05:46 2004 From: mlm at LOANPROCESSING.NET (Mike McMullen) Date: Thu Jan 12 21:25:07 2006 Subject: Outlook Express 6.0 and False Virus Warnings Message-ID: <007301c4345d$ec31b520$3e01a8c0@express.loanprocessing.net> Hi all, I have an employee who is using OE 6.0. Whe she tries to attach a file to an email and send it, she and I receive the following information that a virus has been detected: The following e-mail messages were found to have viruses in them: Sender: kendra@loanprocessing.net IP Address: 192.168.1.61 Recipient: mcarlson@bridgecap.com Subject: Fw: File Number 12234439 HUD-1 for Hoang (Tac) MessageID: i47H0cLb029178 Report: MailScanner: No programs allowed (msg-24336-96.txt) However, if you look at msg-24336-96.txt it contains the body of her email. See below: HUD-1 ----- Original Message ----- From: "Vivian Sellers" To: Sent: Friday, May 07, 2004 9:51 AM Subject: File Number 12234439 HUD-1 for Hoang (Tac) > <> > We all run Norton Anti-virus on desktops so I'm pretty certain there isn't any virus in this message body. I pulled it up in VI and it's just plain text. We are using MS 4.29.7-1 on FC1. Anybody have an idea what might be occuring here? No one else in the office is having this problem. TIA, Mike -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Fri May 7 19:36:45 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:07 2006 Subject: [Slightly OT] New Spam Fighting Technique Message-ID: <7E5A7760-A055-11D8-8626-003065F939FE@ucsc.edu> I have a friend who played around with delaying the initial 220 greeting that an SMTP server sends after connection. The idea is that the RFC says that the remote side should be willing to wait up to 5 minutes before receiving the initial 220 greeting, AND that it shouldn't send any commands before it receives the 200 greeting. He found 2 things: 1) remote MTAs for legit mail are patient and will wait, but on a varying scale most spamware will not wait (remember, their margins aren't as big as people think, and the biggest factor in their profitability is "how many messages per second can I deliver", so making them wait costs them money). According to his statistics, he catches 90% at 35 seconds and 100% at 85 seconds. 2) a significant number of them try to do blind SMTP sessions, meaning that they connect and just start sending ALL of their commands without waiting for any responses from the server. So, no matter how short your delay, if the remote side sends data before the delay is up, it's probably a spammer trying to do a blind session. His write-up of what he has been doing is here: http://www.armory.com/~spcecdt/spamware/ One of his users has managed to get support for this idea into the upcoming releases of Sendmail, and I managed to convince CommuniGate Pro to get it into their current beta release (4.2b2). But, if you can't wait for that, and you run an MTA that can be managed from inetd, you could also make this happen via a wrapper script. (keep in mind that sendmail recommends that heavy traffic sites not invoke sendmail via inetd, but this might significantly reduce your traffic, as well, so it's hard to say where the right balance point is) For working with mailscanner, this basically means removing the version of sendmail that you run with "-bd" from your start up scripts. Instead, create an inetd.conf entry like this: smtp stream tcp nowait root /usr/local/etc/sendwrap sendwrap For the sendwrap ("sendmail wrapper") script I give, you just need to modify the "@addrs" array to have regular expressions that match your network(s). If you only have one network segment, then you can probably just replace my first entry (which is in the 10.0.1.0/24 network) with your own ... networks that match the ones in that array do not receive the delay (so that your local users aren't getting a long delay between hitting the "send" button and when the window finally goes away). You'll also need to pick your own delay_time (I went with John Dubois' 90th percentile, so that legitimate remote networks don't have to wait TOO long). If you're using sendmail, then you might need to adjust the path, but that should be it. Let me know what you think, and how it affects your spam traffic. Here's my sendwrap script: #!/usr/bin/perl use Socket; my $rin, $rout, $nfound, $port, $paddr, $addr, $remote, $pattern, $delay; my $delay_time = 35; my $sendmail = "/usr/sbin/sendmail"; my $sendmail_args = "-bs -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; my $sendmail_command = $sendmail . " " . $sendmail_args; my @addrs = ( # addrs we wont delay "^10\.0\.1", # as regular expressions "^127\."); vec ($rin, fileno(STDIN), 1) = 1; # set up for the select() ($port, $paddr) = sockaddr_in(getpeername(STDIN)); # get the remote IP addr $addr = inet_ntoa($paddr); # convert it to a string $delay = 1; # set the delay foreach $pattern (@addrs) { # unset if in addrs array if ($addr =~ "$pattern") { $delay = 0; break; } } unless ($delay && ($nfound = select($rout = $rin, undef, undef, $delay_time))) { # if they aren't delayed, or if they are delayed and didn't send # any data while being delayed exec $sendmail_command; } -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Fri May 7 21:10:36 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:07 2006 Subject: [Slightly OT] New Spam Fighting Technique In-Reply-To: <7E5A7760-A055-11D8-8626-003065F939FE@ucsc.edu> References: <7E5A7760-A055-11D8-8626-003065F939FE@ucsc.edu> Message-ID: <9AAE1AF8-A062-11D8-8626-003065F939FE@ucsc.edu> It looks like some of my comments got line-wrapped, which could make the script hard to run. Here's one with the comments removed (and note that the sendmail_args variable should NOT have a newline in it, that's wrapped whitespace): #!/usr/bin/perl use Socket; my $rin, $rout, $nfound, $port, $paddr, $addr, $remote, $pattern, $delay; my $delay_time = 35; my $sendmail = "/usr/sbin/sendmail"; my $sendmail_args = "-bs -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; my $sendmail_command = $sendmail . " " . $sendmail_args; my @addrs = ( "^10\.0\.1", "^127\."); vec ($rin, fileno(STDIN), 1) = 1; ($port, $paddr) = sockaddr_in(getpeername(STDIN)); $addr = inet_ntoa($paddr); $delay = 1; foreach $pattern (@addrs) { if ($addr =~ "$pattern") { $delay = 0; break; } } unless ($delay && ($nfound = select($rout = $rin, undef, undef, $delay_time))) { exec $sendmail_command; } -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From acschmitt at BPA.GOV Fri May 7 21:32:33 2004 From: acschmitt at BPA.GOV (Schmitt, Andy C - CIDD-2) Date: Thu Jan 12 21:25:07 2006 Subject: [Slightly OT] New Spam Fighting Technique Message-ID: <242663BECAD80B4DAAF2E62788F9691708AAFE83@exhq01.bud.bpa.gov> Interesting. I like it; it's too bad it can't be integrated into MailScanner, but I see it's in the 8.12.13 test code in Sendmail if anyone wants to be bleeding-edge. :) Considering how much spammers have been resorting to zombie PCs recently, it would be nice to put a monkeywrench in their operations for a while. I get so many CBL'd home PCs hitting my servers that I'm sure this would make a difference. It seems like your script is more severe than the DuBois method; you take a whitelist and stop everything else for n seconds, while his appears to use a blacklist of "home broadband"-style names and lets everything else through. Is there a reason for that? Andy Schmitt -----Original Message----- From: John Rudd [mailto:jrudd@UCSC.EDU] Sent: Friday, May 07, 2004 11:37 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [Slightly OT] New Spam Fighting Technique I have a friend who played around with delaying the initial 220 greeting that an SMTP server sends after connection. The idea is that the RFC says that the remote side should be willing to wait up to 5 minutes before receiving the initial 220 greeting, AND that it shouldn't send any commands before it receives the 200 greeting. He found 2 things: 1) remote MTAs for legit mail are patient and will wait, but on a varying scale most spamware will not wait (remember, their margins aren't as big as people think, and the biggest factor in their profitability is "how many messages per second can I deliver", so making them wait costs them money). According to his statistics, he catches 90% at 35 seconds and 100% at 85 seconds. 2) a significant number of them try to do blind SMTP sessions, meaning that they connect and just start sending ALL of their commands without waiting for any responses from the server. So, no matter how short your delay, if the remote side sends data before the delay is up, it's probably a spammer trying to do a blind session. His write-up of what he has been doing is here: http://www.armory.com/~spcecdt/spamware/ One of his users has managed to get support for this idea into the upcoming releases of Sendmail, and I managed to convince CommuniGate Pro to get it into their current beta release (4.2b2). But, if you can't wait for that, and you run an MTA that can be managed from inetd, you could also make this happen via a wrapper script. (keep in mind that sendmail recommends that heavy traffic sites not invoke sendmail via inetd, but this might significantly reduce your traffic, as well, so it's hard to say where the right balance point is) For working with mailscanner, this basically means removing the version of sendmail that you run with "-bd" from your start up scripts. Instead, create an inetd.conf entry like this: smtp stream tcp nowait root /usr/local/etc/sendwrap sendwrap For the sendwrap ("sendmail wrapper") script I give, you just need to modify the "@addrs" array to have regular expressions that match your network(s). If you only have one network segment, then you can probably just replace my first entry (which is in the 10.0.1.0/24 network) with your own ... networks that match the ones in that array do not receive the delay (so that your local users aren't getting a long delay between hitting the "send" button and when the window finally goes away). You'll also need to pick your own delay_time (I went with John Dubois' 90th percentile, so that legitimate remote networks don't have to wait TOO long). If you're using sendmail, then you might need to adjust the path, but that should be it. Let me know what you think, and how it affects your spam traffic. Here's my sendwrap script: #!/usr/bin/perl use Socket; my $rin, $rout, $nfound, $port, $paddr, $addr, $remote, $pattern, $delay; my $delay_time = 35; my $sendmail = "/usr/sbin/sendmail"; my $sendmail_args = "-bs -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; my $sendmail_command = $sendmail . " " . $sendmail_args; my @addrs = ( # addrs we wont delay "^10\.0\.1", # as regular expressions "^127\."); vec ($rin, fileno(STDIN), 1) = 1; # set up for the select() ($port, $paddr) = sockaddr_in(getpeername(STDIN)); # get the remote IP addr $addr = inet_ntoa($paddr); # convert it to a string $delay = 1; # set the delay foreach $pattern (@addrs) { # unset if in addrs array if ($addr =~ "$pattern") { $delay = 0; break; } } unless ($delay && ($nfound = select($rout = $rin, undef, undef, $delay_time))) { # if they aren't delayed, or if they are delayed and didn't send # any data while being delayed exec $sendmail_command; } -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From james at DENY.ORG Fri May 7 22:53:03 2004 From: james at DENY.ORG (James Sizemore) Date: Thu Jan 12 21:25:07 2006 Subject: MailScanner vs. Amavisd In-Reply-To: References: Message-ID: <409C053F.2010906@deny.org> The big reason for me to pick Mailscanner over Amavisd is that Mailscanner can support more then one domain at the rule level. Amavisd rules are all global, want to forward all spam to another account per domain? Last time I tried Amavisd, it could not. Robin M. wrote: >Hi people can I get the opinion of people who have used both MailScanner >and Amavisd. What are the reasons for using MailScanner over Amavisd, or >what are the benefits of Amavisd over MailScanner etc. > >I would be interested to hear these comparisons from people with >experience with both. > >I have only had a chance to use MailScanner and I have installed it on >a few servers. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Sat May 8 02:19:17 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:07 2006 Subject: [Slightly OT] New Spam Fighting Technique In-Reply-To: <242663BECAD80B4DAAF2E62788F9691708AAFE83@exhq01.bud.bpa.gov> References: <242663BECAD80B4DAAF2E62788F9691708AAFE83@exhq01.bud.bpa.gov> Message-ID: On May 7, 2004, at 1:32 PM, Schmitt, Andy C - CIDD-2 wrote: > Interesting. I like it; it's too bad it can't be integrated into > MailScanner, No, but it could help reduce the load of mailscanner if you're on a heavy traffic mail server. > It seems like your script is more severe than the DuBois method; you > take a whitelist and stop everything else for n seconds, while his > appears to use a blacklist of "home broadband"-style names and lets > everything else through. Is there a reason for that? I didn't want to keep track of (nor integrate with someone else's) huge list of targeted hosts. And, really, the only thing I don't want to delay are _my_ desktop client machines (like eudora, etc.), because in that case the delay effects the response time between "hitting send" and the window disappearing ... and that's a usability issue. Everything else, friendly or not, is ok to put through the delay, because if they're standard conformant they'll be ok (and no direct user experience is being effected), and if they're not standard then there's probably a reason I don't want their email (virus, spam, things like that). (at home, those desktop clients are both Apple mail, but at work it's a huge and varied list ... but either way, they're on a consistent network) Modifying the script to be more blacklist-ish instead of whitelist-ish shouldn't be too hard. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jaearick at COLBY.EDU Sat May 8 03:30:14 2004 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:25:07 2006 Subject: [Slightly OT] New Spam Fighting Technique In-Reply-To: <7E5A7760-A055-11D8-8626-003065F939FE@ucsc.edu> References: <7E5A7760-A055-11D8-8626-003065F939FE@ucsc.edu> Message-ID: Hi, Is this the new greet_pause feature in sendmail 8.13.0Alpha0? If so, I'm tempted to install 8.13.0Alpha on my production system and try it out... Dang, sounds good. Jeff Earickson Colby College -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From robin at PRIMUS.CA Sat May 8 03:53:55 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:07 2006 Subject: installing razor cuases razor-agent.log to be created in postfix queue Message-ID: I installed razor and restarted MailScanner with postfix. After checking the logs I saw ming and deferred with a depth of 1 or 2. See the Postfix documentation for hash_queue_names and hash_queue_depth May 7 22:52:09 mail MailScanner[18237]: Messages found but no hashed queue directories. Please enable hashed queues for incoming and deferred with a depth of 1 or 2. See the Postfix documentation for hash_queue_names and hash_queue_depth This is because there is a file called [root@mail spool]# find /var/spool/postfix -name "razor*" /var/spool/postfix/deferred/razor-agent.log How do I specify to spamassassin where the razor config directory should be ? -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Sat May 8 03:55:45 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:07 2006 Subject: [Slightly OT] New Spam Fighting Technique In-Reply-To: References: <7E5A7760-A055-11D8-8626-003065F939FE@ucsc.edu> Message-ID: <33BC396E-A09B-11D8-8626-003065F939FE@ucsc.edu> On May 7, 2004, at 7:30 PM, Jeff A. Earickson wrote: > Is this the new greet_pause feature in sendmail 8.13.0Alpha0? > If so, I'm tempted to install 8.13.0Alpha on my production system > and try it out... Dang, sounds good. Yes, that's the feature in question. (I'm currently using that script at home, but haven't tried it out at work yet.) -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mustafa at palnet.com Sat May 8 08:42:14 2004 From: mustafa at palnet.com (Mustafa N. Deeb) Date: Thu Jan 12 21:25:07 2006 Subject: Server Configuration for Mail Scanner Message-ID: <000501c434cf$fd13e2b0$8d00000a@felfel> Hi I'm running Mailscanner on Dual XEON 2.4, 2 G RAM We receive a minimum of 128k message a day Load on server ranges between 6 and 10 Is this typical, or I have a problem in my system, and that's why I have high load on the server/ Regards ~~~~~~~~~~~~~~~~~~~~~~ Mustafa N. Deeb Technical Director Palnet Communications Ltd. Tel: +970-2-2403434 Fax: +970-2-2403430 www.palsms.com www.paltime.net www.palnet.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/0be1beb5/attachment.html From symedeot at YAHOO.FR Sat May 8 09:33:43 2004 From: symedeot at YAHOO.FR (Sylvain MEDEOT) Date: Thu Jan 12 21:25:07 2006 Subject: Problem found with postfix-2.1.0-0.20040209.18mdk Message-ID: Hi, I've just installed MailScanner, Spam Assassin, mrtg-mailscanner and Vispan on a freshly installed Mandrake 10 community server. This comes with postfix-2.1.0-0.20040209.18mdk and I noticed a new problem causing postfix to hang up on MailScanner startup... Each time I started MailScanner, I found the following error in /var/log/mail/error : postfix address already in use I then stopped MailScanner and run : postfix -c /etc/postfix.in start (checked logs, nothing particular...) postfix -c /etc/postfix start (checked logs, the error appears...) I then checked /etc/postfix/master.cf to verify that smtp was deactivated (# inserted on line #smtp inet n - y - - smtpd). It was... I then found that commenting in the same file line #127.0.0.1:10026 inet n - y - - smtpd fixes the problem... I think this can help somebody... Regards, Sylvain MEDEOT -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sub at ICCONSULTING.COM.AU Sat May 8 09:34:26 2004 From: sub at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:25:07 2006 Subject: Inoculate scanner gets skipped after a while as if its marked busy Message-ID: Hi, firstly, I cant beleive Julian is stil so commitied. I finally upgraded to mailscanner-4.30.3-1 (from my own heavily patched 3.13 where I helped Julian write the original inoculate code). Anyway, I love 4.30, the upgrade was pretty straight forward. My problem is my inoculate scanning stops working, and is skipped over. I have 4 virus scanners enabled, and the others keep going. I assume at one stage or another the inoculate doesnt return like it should, and it is marked as Busy. The /tmp flag for inoculate shows it is busy. (see lots of details below). I do not use the update_virus_scanners, I got rid of it out of cron, but apparently its not the only code that either locks things in /tmp or calls update_virus_scanners. Obviously, I am updating signatures myself. I have Max Children = 1 in the mailscanner.conf. But I guess that Virus Scanner Timeout = 300 times out on inoculate at some stage and marks it busy or something. Clearly when I restart it from init.d it all runs OK again for a while. I guess what I need is one of these: - understand why its busy and fix the condition - get rid of the busy - more agressively restart mailscanner when the condition occurs / or the Virus Scanner Timeout times out - move over to update_virus_scanners if its significantly better. cat InoculateBusy.lock Virus checker locked for scanning by inoculate 3883 ps ax|grep 3883 3883 ? SN 0:05 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailSc ps ax|grep Mail 3882 ? SN 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailSc 3883 ? SN 0:05 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailSc 16461 pts/9 S 0:00 grep Mail Thanks Scott -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/7ca6458f/attachment.html From frank at OPENMINDS.BE Sat May 8 10:52:03 2004 From: frank at OPENMINDS.BE (Frank Louwers) Date: Thu Jan 12 21:25:07 2006 Subject: installing razor cuases razor-agent.log to be created in postfix queue In-Reply-To: References: Message-ID: <20040508095202.GC2917@openminds.be> On Fri, May 07, 2004 at 10:53:55PM -0400, Robin M. wrote: > I installed razor and restarted MailScanner with postfix. > After checking the logs I saw > > > ming and deferred with a depth of 1 or 2. See the Postfix documentation > for hash_queue_names and hash_queue_depth > May 7 22:52:09 mail MailScanner[18237]: Messages found but no hashed > queue directories. Please enable hashed queues for incoming and deferred > with a depth of 1 or 2. See the Postfix documentation for hash_queue_names > and hash_queue_depth > > > This is because there is a file called > > [root@mail spool]# find /var/spool/postfix -name "razor*" > /var/spool/postfix/deferred/razor-agent.log > > How do I specify to spamassassin where the razor config directory should > be ? put logfile = /dev/null (or logfile = /var/log/razor-agent.log if you care) in your /etc/razor/razor-agent.conf. I had the exact same problem (debian razor package). Kind Regards, Frank Louwers -- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From leen at wirehub.nl Sat May 8 10:50:14 2004 From: leen at wirehub.nl (Leen Besselink) Date: Thu Jan 12 21:25:07 2006 Subject: Mailscanner memory-size increasing Message-ID: Hi, First off it'd like to see I think Mailscanner got a lot of things right, great stuff. I've hit a snag so it seems. Today I had my mx crash because the swap was exhausted, now this could be related to a number of things (including the rsync-backup and the growing size of SA's database), but I think I've seen a problem in MailScanner. I've got MailScanner set to Max Children = 1 because the performance wasn't so great, so lowering it seemed a good idea (less memory usage). Now that the server was down, I started to keep a closer eye on that one MailScanner process and I noticed that at one point in time it was 50 MB, then the logfile said it died of old age, but the new process was also almost 50 MB. So I'm thinking is it forked by the process that died of old age ? or it's parent (with only 19 MB of memory usage). This could just be related to MailScanner not working properly with Max Children = 1 or something, I'm not sure. But that's what I saw (50 MB old process, now process pretty much the same). I should also add that I think that's process with makes the swap grow, because I see the swap grow slowly an MB per a certain amount of messages (btw MailScanner is the only big process on the machine). That's what I've noticed. As it's a very quiet day today it seems... I've now given it a few messages to deal with. Now look at this (ps aunxf), 3 processes ??: 100 224 0.0 1.0 18912 1972 ? S 10:23 0:00 [MailScanner] 100 1841 0.9 23.5 51048 45196 ? S 10:57 0:26 \_ [MailScanner] 100 3105 0.0 23.6 51064 45244 ? R 11:45 0:00 \_ [MailScanner] a little bit later: 100 224 0.0 1.0 18912 1972 ? S 10:23 0:00 [MailScanner] 100 1841 1.5 23.6 51304 45408 ? S 10:57 0:47 \_ [MailScanner] so yes it grows. That should not be happing I would say. _____________________________________ New things are always on the horizon. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sat May 8 11:09:48 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:07 2006 Subject: Server Configuration for Mail Scanner In-Reply-To: <000501c434cf$fd13e2b0$8d00000a@felfel> Message-ID: Hi! > I'm running Mailscanner on Dual XEON 2.4, 2 G RAM > > We receive a minimum of 128k message a day > Load on server ranges between 6 and 10 > > Is this typical, or I have a problem in my system, and that's why I have > high load on the server/ Thats all depending on your setup. Do you use a tmpfs for scanning, so you do SA, do you have local RBL servers setup? If you look in the archives you will find a lot of tips also about tweaking your system. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Sat May 8 11:12:48 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:07 2006 Subject: installing razor cuases razor-agent.log to be created in postfix queue In-Reply-To: References: Message-ID: <409CB2A0.6020807@eatathome.com.au> Robin M. wrote: >I installed razor and restarted MailScanner with postfix. >After checking the logs I saw > > >ming and deferred with a depth of 1 or 2. See the Postfix documentation >for hash_queue_names and hash_queue_depth >May 7 22:52:09 mail MailScanner[18237]: Messages found but no hashed >queue directories. Please enable hashed queues for incoming and deferred >with a depth of 1 or 2. See the Postfix documentation for hash_queue_names >and hash_queue_depth > > >This is because there is a file called > >[root@mail spool]# find /var/spool/postfix -name "razor*" >/var/spool/postfix/deferred/razor-agent.log > >How do I specify to spamassassin where the razor config directory should >be ? > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > I cant remember what i did to fix this but i did post it so its in the archives. Its because you have a postix user account to run mailscanner, but the postfix user account doens have a home dir, so razor doesnt know where to keep its log, so either create a postix homne dir or there is a razor command to create a new home dir, but i forget it. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pz at CHRIST-NET.SK Sat May 8 11:15:02 2004 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:25:07 2006 Subject: Spam check rules does not work for To: address with postfix Message-ID: <91A7CBEB-A0D8-11D8-A6F1-003065E53DCC@christ-net.sk> Hello, im working on last version of postfix and mailscanner 4.30.3 . I want to check only for two from all virtual domains on my server. Rule: To: *@virtualdomain.sk yes FromOrTo: default no NOT WORK. In header of mail is this: To: pz@virtualdomain.sk X-Original-To: pz@CHRIST-NET.SK Delivered-To: pz@nameofserver.domain.sk X-Mailscanner-To: pz@virtualdomain.sk, pz@nameofserver.domain.sk In maillog: May 8 12:08:26 cn02 postfix/local[5456]: 15EE01DC0A5: to=, orig_to=, relay=local, delay=2, status=sent (forwarded as 7B8201DC04a) Please help. __ S pozdravom Peter Zimen AIM/AOL/iChat: ephendi@mac.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2361 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/6a1434f3/smime.bin From pz at CHRIST-NET.SK Sat May 8 11:22:36 2004 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:25:07 2006 Subject: Spam check rules does not work for To: address with postfix In-Reply-To: <91A7CBEB-A0D8-11D8-A6F1-003065E53DCC@christ-net.sk> References: <91A7CBEB-A0D8-11D8-A6F1-003065E53DCC@christ-net.sk> Message-ID: From: rule work fine. __ S pozdravom Peter Zimen AIM/AOL/iChat: ephendi@mac.com On 8.5.2004, at 12:15, Peter Zimen wrote: > Hello, > im working on last version of postfix and mailscanner 4.30.3 . > > I want to check only for two from all virtual domains on my server. > > Rule: > > To: *@virtualdomain.sk yes > FromOrTo: default no > > NOT WORK. > > In header of mail is this: > > To: pz@virtualdomain.sk > X-Original-To: pz@virtualdomain.SK > Delivered-To: pz@nameofserver.domain.sk > X-Mailscanner-To: pz@virtualdomain.sk, pz@nameofserver.domain.sk > > In maillog: > > May 8 12:08:26 cn02 postfix/local[5456]: 15EE01DC0A5: > to=, orig_to=, > relay=local, delay=2, status=sent (forwarded as 7B8201DC04a) > > Please help. > > __ > > S pozdravom > > Peter Zimen > > AIM/AOL/iChat: ephendi@mac.com > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2361 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/9bf3e693/smime.bin From leen at wirehub.nl Sat May 8 11:42:59 2004 From: leen at wirehub.nl (Leen Besselink) Date: Thu Jan 12 21:25:07 2006 Subject: Mailscanner memory-size increasing In-Reply-To: Message-ID: On Sat, 8 May 2004, Leen Besselink wrote: > Hi, > > First off it'd like to see I think Mailscanner got a lot of things right, > great stuff. > > I've hit a snag so it seems. > > Now that the server was down, I started to keep a closer eye on that one > MailScanner process and I noticed that at one point in time it was 50 MB, > then the logfile said it died of old age, but the new process was also > almost 50 MB. So I'm thinking is it forked by the process that died of old > age ? or it's parent (with only 19 MB of memory usage). well I looked at the code, it's definitly the parent, but I do still see the memory increase over time: procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 1 0 0 18664 21200 17184 61280 0 0 0 297 152 169 62 38 0 just a bit later: 0 0 0 18820 30736 17724 60300 0 0 0 30 102 9 0 0 100 swpd is up. although not the size of MailScanner, so it aint it, then how the hell did I get the memory/swap get exhausted. There is one very simple explanation, I guess: rsync (backup) + the size of the quarantine-directory. I'll blame that for now. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Sat May 8 11:48:09 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:07 2006 Subject: Mailscanner memory-size increasing In-Reply-To: References: Message-ID: <1084013289.30783.107.camel@bach.kevinspicer.co.uk> On Sat, 2004-05-08 at 10:50, Leen Besselink wrote: > That should not be happing I would say. Actually the process size and number of processes seems pretty normal. The parent process is smaller because it is fairly minimal, a lot of the memory intensive stuff is left to the children. The children do fork copies of themselves during processing to handle various timeouts etc. which is why you sometimes see a third process. You didn't mention how much ram and swap you have, which is pretty crucial in discussing this kind of thing. Also do you have any filesystems mounted in tmpfs (such as the MailScanner work directory or /tmp)? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Sat May 8 12:01:02 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:07 2006 Subject: Inoculate scanner gets skipped after a while as if its marked busy In-Reply-To: References: Message-ID: <1084014062.30780.111.camel@bach.kevinspicer.co.uk> On Sat, 2004-05-08 at 09:34, Scott Farrell wrote: > My problem is my inoculate scanning stops working, and is skipped > over. I have 4 virus scanners enabled, and the others keep going. Just to confirm, it works initially then stops? You don't say how busy your server is, nor what batch size you are using. Smaller batch sizes and more children may help, assuming the problem really is caused by a timeout (smaller batches = less files to scan = quicker scans) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevins at BMRB.CO.UK Sat May 8 12:08:33 2004 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:07 2006 Subject: Inoculate scanner gets skipped after a while as if its marked busy In-Reply-To: <1084014062.30780.111.camel@bach.kevinspicer.co.uk> References: <1084014062.30780.111.camel@bach.kevinspicer.co.uk> Message-ID: <1084014513.30779.114.camel@bach.kevinspicer.co.uk> On Sat, 2004-05-08 at 12:01, Kevin Spicer wrote: > On Sat, 2004-05-08 at 09:34, Scott Farrell wrote: > > My problem is my inoculate scanning stops working, and is skipped > > over. I have 4 virus scanners enabled, and the others keep going. > Do you see any log messages saying it timed out (there should be if it is). The lock file is a red herring, MailScanner doesn't work on the presence of absense of the file, it works by getting a lock on it - so the file should always be there. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From leen at wirehub.nl Sat May 8 12:14:21 2004 From: leen at wirehub.nl (Leen Besselink) Date: Thu Jan 12 21:25:07 2006 Subject: Mailscanner memory-size increasing In-Reply-To: <1084013289.30783.107.camel@bach.kevinspicer.co.uk> Message-ID: On Sat, 8 May 2004, Kevin Spicer wrote: > On Sat, 2004-05-08 at 10:50, Leen Besselink wrote: > > That should not be happing I would say. > > Actually the process size and number of processes seems pretty normal. > The parent process is smaller because it is fairly minimal, a lot of the > memory intensive stuff is left to the children. The children do fork > copies of themselves during processing to handle various timeouts etc. > which is why you sometimes see a third process. > That didn't strike me as a big problem, although I was wondering about the situation of a batches, how are they handled, with only one sub-process ? Seems more like it. > You didn't mention how much ram and swap you have, which is pretty total: used: free: shared: buffers: cached: Mem: 196288512 178991104 17297408 0 32878592 56967168 Swap: 748490752 47316992 701173760 > crucial in discussing this kind of thing. Also do you have any > filesystems mounted in tmpfs (such as the MailScanner work directory or > /tmp)? no Well, I hope I was just a bit too hasty. For now I just excluded the quarantine-directory from the daily rsync-backup. rsync can be quiet a memory hog, I'll point at that for now. Although I still wonder what it means if in vmstat swpd is steadily increasing. Lots of numbers seemed to increase over time, I guess it's because I just started up the machine (swpd in vmstat for example) (there is dnscache and slapd, they both increase slowly at startup I'm sure, maybe postfix master-process ?). Let's leave it at that. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sat May 8 12:20:01 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:07 2006 Subject: Mailscanner memory-size increasing In-Reply-To: Message-ID: Hi! > > You didn't mention how much ram and swap you have, which is pretty > > total: used: free: shared: buffers: cached: > Mem: 196288512 178991104 17297408 0 32878592 56967168 > Swap: 748490752 47316992 701173760 Looks to me you ar edoing much more on the box then just mailscanner? Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From SJCJonker at SJC.NL Sat May 8 12:35:32 2004 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:25:07 2006 Subject: Small remark in regards to config file Message-ID: <409CC604.5090208@SJC.nl> Hello all, I just went through the process of reinstalling an mailscanner server from scratch. While installing MailScanner 4.30.3 release 2 from RPM At the option "Silent Viruses" the option HTML-Script is missing in the explanation. Besides that everything went extremly smooth. -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From leen at wirehub.nl Sat May 8 12:38:50 2004 From: leen at wirehub.nl (Leen Besselink) Date: Thu Jan 12 21:25:07 2006 Subject: Mailscanner memory-size increasing In-Reply-To: Message-ID: On Sat, 8 May 2004, Raymond Dijkxhoorn wrote: > Hi! > > > > You didn't mention how much ram and swap you have, which is pretty > > > > total: used: free: shared: buffers: cached: > > Mem: 196288512 178991104 17297408 0 32878592 56967168 > > Swap: 748490752 47316992 701173760 > > Looks to me you ar edoing much more on the box then just mailscanner? It aint terrible interresting: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND 0 6 0.0 0.0 0 0 ? SW 10:23 0:00 [kupdated] 0 5 0.0 0.0 0 0 ? SW 10:23 0:00 [bdflush] 0 4 0.0 0.0 0 0 ? SW 10:23 0:03 [kswapd] 0 3 0.0 0.0 0 0 ? SWN 10:23 0:00 [ksoftirqd_CPU0] 0 1 0.0 0.2 1492 460 ? S 10:23 0:00 init [2] 0 2 0.0 0.0 0 0 ? SW 10:23 0:00 [keventd] 0 32 0.0 0.0 0 0 ? SW 10:23 0:00 [kjournald] 0 108 0.0 0.0 0 0 ? SW 10:23 0:01 [kjournald] 0 215 0.0 0.3 1540 584 ? S 10:23 0:04 /sbin/syslogd 0 218 0.0 0.2 2048 436 ? S 10:23 0:00 /sbin/klogd 100 224 0.0 0.9 18912 1772 ? S 10:23 0:00 [MailScanner] 100 1841 1.1 8.4 51472 16232 ? S 10:57 1:49 \_ [MailScanner] 0 273 0.0 0.6 12404 1340 ? S 10:23 0:00 /usr/local/libexec/slapd -h ldap://0.0.0.0:ldap/ ldapi:///%2var 0 293 0.0 0.6 12404 1340 ? S 10:23 0:00 \_ /usr/local/libexec/slapd -h ldap://0.0.0.0:ldap/ ldapi:///% 0 294 0.0 0.6 12404 1340 ? S 10:23 0:00 \_ /usr/local/libexec/slapd -h ldap://0.0.0.0:ldap/ ldapi: 0 444 0.0 0.6 12404 1340 ? S 10:24 0:00 \_ /usr/local/libexec/slapd -h ldap://0.0.0.0:ldap/ ldapi: 0 449 0.0 0.6 12404 1340 ? S 10:24 0:00 \_ /usr/local/libexec/slapd -h ldap://0.0.0.0:ldap/ ldapi: 0 451 0.0 0.6 12404 1340 ? S 10:24 0:00 \_ /usr/local/libexec/slapd -h ldap://0.0.0.0:ldap/ ldapi: 0 383 0.0 0.5 2824 964 ? S 10:24 0:00 [master] 100 387 0.0 0.5 2852 1084 ? S 10:24 0:01 \_ [qmgr] 100 6166 0.0 0.5 2832 1104 ? S 13:00 0:00 \_ [pickup] 100 7770 0.0 0.8 4620 1684 ? S 13:27 0:00 \_ [trivial-rewrite] 100 7771 0.0 0.6 2868 1220 ? S 13:27 0:00 \_ [smtp] 100 7787 0.0 0.6 2868 1220 ? S 13:29 0:00 \_ [smtp] 100 7788 0.0 0.5 2848 1144 ? S 13:29 0:00 \_ [cleanup] 100 7789 0.0 0.7 3028 1444 ? S 13:29 0:00 \_ [local] 0 499 0.0 0.5 2824 976 ? S 10:24 0:01 [master] 100 507 0.0 0.4 2832 956 ? S 10:24 0:00 \_ [pickup] 100 508 0.0 0.5 2852 1068 ? S 10:24 0:01 \_ [qmgr] 100 4220 0.0 0.8 4624 1580 ? S 12:01 0:00 \_ [trivial-rewrite] 100 7760 0.0 1.0 4988 2028 ? S 13:25 0:00 \_ [smtpd] 100 7764 0.0 0.5 2844 1084 ? S 13:27 0:00 \_ [bounce] 100 7765 0.0 0.8 4616 1656 ? S 13:27 0:00 \_ [flush] 100 7772 0.0 1.0 4864 2000 ? S 13:28 0:00 \_ [smtpd] 100 7773 0.0 0.5 2848 1140 ? S 13:28 0:00 \_ [cleanup] 100 7775 0.0 0.5 2848 1140 ? S 13:28 0:00 \_ [cleanup] 0 511 0.0 0.3 2892 584 ? S 10:24 0:00 /usr/sbin/sshd 0 4956 0.0 0.4 5924 792 ? S 12:32 0:00 \_ /usr/sbin/sshd 1001 4958 0.0 0.5 5924 1020 ? S 12:32 0:03 \_ [sshd] 1001 4959 0.0 0.5 2448 1056 pts/0 S 12:32 0:00 \_ -bash 0 4960 0.0 0.5 2448 1056 pts/0 S 12:32 0:00 \_ -su 0 4964 0.0 0.3 2524 600 pts/0 SN 12:32 0:00 \_ [screen] 0 4965 0.0 0.7 3060 1472 ? SN 12:32 0:02 \_ [screen] 0 4968 0.0 0.5 2448 1052 pts/1 SN 12:32 0:00 \_ /bin/bash 0 4969 0.0 0.2 2048 476 pts/1 SN 12:32 0:00 | \_ tail -f /var/log/syslog 0 6416 0.0 0.6 2448 1288 pts/2 SN 13:11 0:00 \_ /bin/bash 0 6417 0.0 0.2 1536 556 pts/2 SN 13:11 0:00 | \_ vmstat 5 0 7940 0.5 0.6 2448 1284 pts/3 SN 13:33 0:00 \_ /bin/bash 0 7941 0.0 0.7 3376 1408 pts/3 RN 13:33 0:00 \_ ps auxnf 1 514 0.0 0.2 1672 560 ? S 10:24 0:00 [atd] 0 517 0.0 0.3 1752 616 ? S 10:24 0:00 /usr/sbin/cron 0 521 0.0 0.2 1484 404 tty2 S 10:24 0:00 /sbin/getty 38400 tty2 0 522 0.0 0.2 1484 404 tty3 S 10:24 0:00 /sbin/getty 38400 tty3 0 523 0.0 0.2 1484 404 tty4 S 10:24 0:00 /sbin/getty 38400 tty4 0 524 0.0 0.2 1484 404 tty5 S 10:24 0:00 /sbin/getty 38400 tty5 0 525 0.0 0.2 1484 404 tty6 S 10:24 0:00 /sbin/getty 38400 tty6 0 526 0.0 0.4 2440 932 ? S 10:24 0:00 /bin/sh /command/svscanboot 0 528 0.0 0.1 1504 300 ? S 10:24 0:00 \_ svscan /service 0 530 0.0 0.1 1348 256 ? S 10:24 0:00 | \_ supervise dnscache 103 536 0.0 0.5 2776 1128 ? S 10:24 0:05 | | \_ [dnscache] 0 531 0.0 0.1 1348 256 ? S 10:24 0:00 | \_ supervise log 102 535 0.0 0.1 1484 324 ? S 10:24 0:01 | | \_ multilog t ./main 0 532 0.0 0.1 1348 256 ? S 10:24 0:00 | \_ supervise fnord 0 534 0.0 0.2 1552 440 ? S 10:24 0:00 | | \_ tcpsvd -llocalhost 0 80 fnord 0 533 0.0 0.1 1348 256 ? S 10:24 0:00 | \_ supervise log 102 537 0.0 0.1 1356 220 ? S 10:24 0:00 | \_ multilog t ./main 0 529 0.0 0.1 1336 200 ? S 10:24 0:00 \_ readproctitle service errors: ............................. 0 543 0.0 0.2 1484 404 tty1 S 10:24 0:00 /sbin/getty 38400 tty1 0 5951 0.0 0.2 1828 504 ? SN 12:53 0:00 /usr/bin/rsync --no-detach --daemon --config=/etc/rsyncd.conf -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From kevin at KEVINSPICER.CO.UK Fri May 7 23:37:59 2004 From: kevin at KEVINSPICER.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:25:07 2006 Subject: New MailScanner-MRTG release 0.09.00 Message-ID: <1083969479.30785.90.camel@bach.kevinspicer.co.uk> I have just released MailScanner-MRTG 0.09.00 on the sourceforge site: http://mailscannermrtg.sourceforge.net/ Please note that this is an 'unstable' release, provided for testing (and those that like living on the edge). It does contain features that some people may find immediately useful, especially those experiencing problems due to the size of their quarantine. This release adds a performance enhancement to improve the speed of counting quarantine directories. Also new is a protective timeout to stop mailscanner-mrtg running for too long has also been added (although the quarantine count fix should solve this problem). MailScanner-MRTG will no longer attempt to restart MailScanner when MailScanner has ben stopped using its init script. I have also added some descriptions and interpretation hints to the graph pages. There are also an number of other minor tweaks and fixes, see the changelog for full details. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040507/8a7e6160/attachment.bin From steve.swaney at FSL.COM Sat May 8 12:57:04 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:07 2006 Subject: installing razor cuases razor-agent.log to be created in postfix queue In-Reply-To: Message-ID: <20040508115704.19CFA21C277@mail.fsl.com> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Robin M. > Sent: Friday, May 07, 2004 10:54 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: installing razor cuases razor-agent.log to be created in postfix > queue > > I installed razor and restarted MailScanner with postfix. > After checking the logs I saw > > > ming and deferred with a depth of 1 or 2. See the Postfix documentation > for hash_queue_names and hash_queue_depth > May 7 22:52:09 mail MailScanner[18237]: Messages found but no hashed > queue directories. Please enable hashed queues for incoming and deferred > with a depth of 1 or 2. See the Postfix documentation for hash_queue_names > and hash_queue_depth > > > This is because there is a file called > > [root@mail spool]# find /var/spool/postfix -name "razor*" > /var/spool/postfix/deferred/razor-agent.log > > How do I specify to spamassassin where the razor config directory should > be ? > If you did a standard razor install and register as root, there will be a directory, .razor in root's home directory. Look in this directory for the file razor-agent.conf. Edit this file to change" logfile = razor-agent.log To wherever you want razor to log, typically, logfile = /var/log/razor-agent.log You probably also want to change the debuglevel = from 3 to 1 or 0. 3 is very chatty. Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pz at CHRIST-NET.SK Sat May 8 12:59:39 2004 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:25:07 2006 Subject: Spam check rules does not work for To: address with postfix In-Reply-To: References: <91A7CBEB-A0D8-11D8-A6F1-003065E53DCC@christ-net.sk> Message-ID: <2F0790F6-A0E7-11D8-A6F1-003065E53DCC@christ-net.sk> Sorry, sorry, sorry, all is o.k. Use Default Rules With Multiple Recipients MUST be set "no"... __ S pozdravom Peter Zimen AIM/AOL/iChat: ephendi@mac.com On 8.5.2004, at 12:22, Peter Zimen wrote: > From: rule work fine. > > > __ > > S pozdravom > > Peter Zimen > > AIM/AOL/iChat: ephendi@mac.com > > > On 8.5.2004, at 12:15, Peter Zimen wrote: > >> Hello, >> im working on last version of postfix and mailscanner 4.30.3 . >> >> I want to check only for two from all virtual domains on my server. >> >> Rule: >> >> To: *@virtualdomain.sk yes >> FromOrTo: default no >> >> NOT WORK. >> >> In header of mail is this: >> >> To: pz@virtualdomain.sk >> X-Original-To: pz@virtualdomain.SK >> Delivered-To: pz@nameofserver.domain.sk >> X-Mailscanner-To: pz@virtualdomain.sk, pz@nameofserver.domain.sk >> >> In maillog: >> >> May 8 12:08:26 cn02 postfix/local[5456]: 15EE01DC0A5: >> to=, orig_to=, >> relay=local, delay=2, status=sent (forwarded as 7B8201DC04a) >> >> Please help. >> >> __ >> >> S pozdravom >> >> Peter Zimen >> >> AIM/AOL/iChat: ephendi@mac.com >> >> >> -------------------------- MailScanner list ---------------------- >> To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >> Before posting, please see the Most Asked Questions at >> http://www.mailscanner.biz/maq/ and the archives at >> http://www.jiscmail.ac.uk/lists/mailscanner.html > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2361 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/f7b92ce4/smime.bin From robin at PRIMUS.CA Sat May 8 13:22:55 2004 From: robin at PRIMUS.CA (Robin M.) Date: Thu Jan 12 21:25:07 2006 Subject: installing razor cuases razor-agent.log to be created in postfix queue [SOLVED] In-Reply-To: <20040508115704.19CFA21C277@mail.fsl.com> References: <20040508115704.19CFA21C277@mail.fsl.com> Message-ID: On Sat, 8 May 2004, Stephen Swaney wrote: > > I installed razor and restarted MailScanner with postfix. > > After checking the logs I saw > > > > > > ming and deferred with a depth of 1 or 2. See the Postfix documentation > > for hash_queue_names and hash_queue_depth > > May 7 22:52:09 mail MailScanner[18237]: Messages found but no hashed > > queue directories. Please enable hashed queues for incoming and deferred > > with a depth of 1 or 2. See the Postfix documentation for hash_queue_names > > and hash_queue_depth > > > > > > This is because there is a file called > > > > [root@mail spool]# find /var/spool/postfix -name "razor*" > > /var/spool/postfix/deferred/razor-agent.log > > > > How do I specify to spamassassin where the razor config directory should > > be ? > > > > If you did a standard razor install and register as root, there will be a > directory, .razor in root's home directory. Look in this directory for the > file razor-agent.conf. Edit this file to change" > > logfile = razor-agent.log > > To wherever you want razor to log, typically, > > logfile = /var/log/razor-agent.log > > You probably also want to change the debuglevel = from 3 to 1 or 0. 3 is > very chatty. > Hi Steve the problem I had was that the razor conf file was not being read in /root/.razor Frank Louwers had an early post in the thread that explained the problem which was that the config files needed to be in /etc/razor Thanks. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 13:28:00 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: Small remark in regards to config file In-Reply-To: <409CC604.5090208@SJC.nl> References: <409CC604.5090208@SJC.nl> Message-ID: <6.1.0.6.2.20040508132749.03bc3848@imap.ecs.soton.ac.uk> Thanks for spotting that. Fixed for the next release. At 12:35 08/05/2004, you wrote: >Hello all, > >I just went through the process of reinstalling an mailscanner server >from scratch. While installing MailScanner 4.30.3 release 2 from RPM > >At the option "Silent Viruses" the option HTML-Script is missing in the >explanation. > >Besides that everything went extremly smooth. >-- >Met Vriendelijke groet/Yours Sincerely >Stijn Jonker > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 13:14:54 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: Server Configuration for Mail Scanner In-Reply-To: <000501c434cf$fd13e2b0$8d00000a@felfel> References: <000501c434cf$fd13e2b0$8d00000a@felfel> Message-ID: <6.1.0.6.2.20040508131306.03c60728@imap.ecs.soton.ac.uk> At 08:42 08/05/2004, you wrote: >I'm running Mailscanner on Dual XEON 2.4, 2 G RAM >We receive a minimum of 128k message a day >Load on server ranges between 6 and 10 >Is this typical, or I have a problem in my system, and that's why I have >high load on the server/ A high load when running MailScanner is perfectly normal. It works your server very hard! You should only worry if your incoming mail queue starts to get really big. With 128k messages per day, it might well run with an average of 100-200 messages apparently just sitting in the incoming queue, that's normal too. But if it keeps growing, then your server is not keeping up with the traffic. At that point you should start investigating ways of optimising your setup. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 13:16:03 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: Problem found with postfix-2.1.0-0.20040209.18mdk In-Reply-To: References: Message-ID: <6.1.0.6.2.20040508131536.03e968f0@imap.ecs.soton.ac.uk> Can someone add this to the FAQ please? At 09:33 08/05/2004, you wrote: >This comes with postfix-2.1.0-0.20040209.18mdk and I noticed a new problem >causing postfix to hang up on MailScanner startup... > >Each time I started MailScanner, I found the following error >in /var/log/mail/error : > >postfix address already in use > >I then checked /etc/postfix/master.cf to verify that smtp was deactivated >(# inserted on line #smtp inet n - y - - smtpd). >It was... > >I then found that commenting in the same file line >#127.0.0.1:10026 inet n - y - - smtpd > >fixes the problem... -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 13:09:11 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: Outlook Express 6.0 and False Virus Warnings In-Reply-To: <007301c4345d$ec31b520$3e01a8c0@express.loanprocessing.net> References: <007301c4345d$ec31b520$3e01a8c0@express.loanprocessing.net> Message-ID: <6.1.0.6.2.20040508130819.03b2dfe8@imap.ecs.soton.ac.uk> Run the "file" command on the attachment file. It is being rejected by the file type checks, i.e. one of the rules in filetype.rules.conf. Then add an "allow" rule for the output you get from "file". At 19:05 07/05/2004, you wrote: >Hi all, > >I have an employee who is using OE 6.0. Whe she tries to >attach a file to an email and send it, she and I receive the following >information that a virus has been detected: > >The following e-mail messages were found to have viruses in them: > > Sender: kendra@loanprocessing.net >IP Address: 192.168.1.61 > Recipient: mcarlson@bridgecap.com > Subject: Fw: File Number 12234439 HUD-1 for Hoang (Tac) > MessageID: i47H0cLb029178 > Report: MailScanner: No programs allowed (msg-24336-96.txt) > > >However, if you look at msg-24336-96.txt it contains the body of her >email. See below: > > >HUD-1 >----- Original Message ----- >From: "Vivian Sellers" >To: >Sent: Friday, May 07, 2004 9:51 AM >Subject: File Number 12234439 HUD-1 for Hoang (Tac) > > > > <> > > > >We all run Norton Anti-virus on desktops so I'm pretty certain there isn't >any virus in this message body. I pulled it up in VI and it's just plain text. > >We are using MS 4.29.7-1 on FC1. Anybody have an idea what might be >occuring here? No one else in the office is having this problem. > >TIA, > >Mike > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 13:11:58 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: [Slightly OT] New Spam Fighting Technique In-Reply-To: <242663BECAD80B4DAAF2E62788F9691708AAFE83@exhq01.bud.bpa.go v> References: <242663BECAD80B4DAAF2E62788F9691708AAFE83@exhq01.bud.bpa.gov> Message-ID: <6.1.0.6.2.20040508131105.03b04008@imap.ecs.soton.ac.uk> At 21:32 07/05/2004, you wrote: >Interesting. I like it; it's too bad it can't be integrated into MailScanner, MailScanner intentionally does not get involved with the SMTP service. This is an SMTP-level trap, so will have to be done by someone else. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 13:19:37 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: Inoculate scanner gets skipped after a while as if its marked busy In-Reply-To: References: Message-ID: <6.1.0.6.2.20040508131703.03c88c48@imap.ecs.soton.ac.uk> Sounds to me as if the virus updates are hanging, which would lock out the virus scanner. If you don't want to use update_virus_scanners, but are still using inoculate-autoupdate then make sure you are calling it correctly (you have to add the inoculate installation directory on the command line, you can get the correct directory from /etc/MailScanner/virus.scanners.conf). This is the usual cause of these problems. Either that, or is there a chance that inoculate is waiting for keyboard input? At 09:34 08/05/2004, you wrote: >Hi, > >firstly, I cant beleive Julian is stil so commitied. > >I finally upgraded to mailscanner-4.30.3-1 (from my own heavily patched >3.13 where I helped Julian write the original inoculate code). > >Anyway, I love 4.30, the upgrade was pretty straight forward. > >My problem is my inoculate scanning stops working, and is skipped over. I >have 4 virus scanners enabled, and the others keep going. > >I assume at one stage or another the inoculate doesnt return like it >should, and it is marked as Busy. > >The /tmp flag for inoculate shows it is busy. (see lots of details below). > >I do not use the update_virus_scanners, I got rid of it out of cron, but >apparently its not the only code that either locks things in /tmp or calls >update_virus_scanners. Obviously, I am updating signatures myself. > >I have Max Children = 1 in the mailscanner.conf. But I guess that Virus >Scanner Timeout = 300 times out on inoculate at some stage and marks it >busy or something. > >Clearly when I restart it from init.d it all runs OK again for a while. > >I guess what I need is one of these: >- understand why its busy and fix the condition >- get rid of the busy >- more agressively restart mailscanner when the condition occurs / or the >Virus Scanner Timeout times out >- move over to update_virus_scanners if its significantly better. > >cat InoculateBusy.lock >Virus checker locked for scanning by inoculate 3883 > >ps ax|grep 3883 > 3883 ? SN 0:05 /usr/bin/perl -I/usr/lib/MailScanner > /usr/sbin/MailSc > >ps ax|grep Mail > 3882 ? SN 0:00 /usr/bin/perl -I/usr/lib/MailScanner > /usr/sbin/MailSc > 3883 ? SN 0:05 /usr/bin/perl -I/usr/lib/MailScanner > /usr/sbin/MailSc >16461 pts/9 S 0:00 grep Mail -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 13:21:50 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:07 2006 Subject: installing razor cuases razor-agent.log to be created in postfix queue In-Reply-To: <20040508095202.GC2917@openminds.be> References: <20040508095202.GC2917@openminds.be> Message-ID: <6.1.0.6.2.20040508132116.03b03e38@imap.ecs.soton.ac.uk> At 10:52 08/05/2004, you wrote: >On Fri, May 07, 2004 at 10:53:55PM -0400, Robin M. wrote: > > I installed razor and restarted MailScanner with postfix. > > After checking the logs I saw > > > > > > ming and deferred with a depth of 1 or 2. See the Postfix documentation > > for hash_queue_names and hash_queue_depth > > May 7 22:52:09 mail MailScanner[18237]: Messages found but no hashed > > queue directories. Please enable hashed queues for incoming and deferred > > with a depth of 1 or 2. See the Postfix documentation for hash_queue_names > > and hash_queue_depth > > > > > > This is because there is a file called > > > > [root@mail spool]# find /var/spool/postfix -name "razor*" > > /var/spool/postfix/deferred/razor-agent.log > > > > How do I specify to spamassassin where the razor config directory should > > be ? > >put logfile = /dev/null (or logfile = /var/log/razor-agent.log if you >care) in your /etc/razor/razor-agent.conf. In that file there is a loglevel setting (or something similar) which you can just set to 0. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From sub at ICCONSULTING.COM.AU Sat May 8 12:47:59 2004 From: sub at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:25:07 2006 Subject: Inoculate scanner gets skipped after a while as if its marked busy Message-ID: Kevin, Just to confirm, it works initially then stops? Yes, that is correct You don't say how busy your server is, nor what batch size you are using. Smaller batch sizes and more children may help, assuming the problem really is caused by a timeout (smaller batches = less files to scan = quicker scans) not real busy, set 1 to 1 client, batches of 10-30 (I have tried a few settings). Do you see any log messages saying it timed out (there should be if it is). The lock file is a red herring, MailScanner doesn't work on the presence of absense of the file, it works by getting a lock on it - so the file should always be there. grep -i mailscanner maillog|grep "May 8"|grep -i time only returns 1 SpamAsssasin timeout. regards Scott Farrell Phone: 02-9411 3622 Mobile: 0412 927 156 http://www.icconsulting.com.au ic Consulting - helping you with innovation. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/ab6d10a0/attachment.html From sub at ICCONSULTING.COM.AU Sat May 8 12:54:06 2004 From: sub at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:25:07 2006 Subject: Inoculate scanner gets skipped after a while as if its marked busy Message-ID: Sounds to me as if the virus updates are hanging, which would lock out the virus scanner. If you don't want to use update_virus_scanners, but are still using inoculate-autoupdate then make sure you are calling it correctly (you have to add the inoculate installation directory on the command line, you can get the correct directory from /etc/MailScanner/virus.scanners.conf). as far as I know I am not using any of your auto-update code, I have my own. I stop mailscanner when updating for safety. This is the usual cause of these problems. Either that, or is there a chance that inoculate is waiting for keyboard input? I dont think so, as it works - right up until silently it cant even detect eicar, and I so no errors in the log. Is the update scripts the ONLY thing that locks the scanner ? Is there any log entries when it is skipped and not using it ? Can you beleive that since the upgrade I am not getting entries from this list ..... damn more tracing/debugging to do. Scott -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/6115fd26/attachment.html From steve.swaney at FSL.COM Sat May 8 13:55:23 2004 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:25:07 2006 Subject: Julian wins UKUUG Open Source Award for 2004 Message-ID: <20040508125523.4019121C2BB@mail.fsl.com> I have it from a good source that our favorite developer, Mr. Julian Field has won the UKUUG Open Source Award for 2004. This prize is awarded annually for a significant contribution to free and open source software. The UKUUG - the Unix and Open Systems User Group - is a non-profit organization and technical forum for the advocacy of open systems, particularly Unix and Unix-like operating systems, the promotion of free and open-source software, and the advancement of open programming standards and networking protocols. Mr. Field pockets the well deserved ?500 prize, a free pass (worth about $1,700) to the Open Source Convention (conferences.oreillynet.com) to be held 26-30 July in Portland, OR, USA. plus another ?500 to cover his expenses to the convention. Congratulations and well deserved! Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Sat May 8 13:46:04 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:07 2006 Subject: Problem found with postfix-2.1.0-0.20040209.18mdk In-Reply-To: <6.1.0.6.2.20040508131536.03e968f0@imap.ecs.soton.ac.uk> References: <6.1.0.6.2.20040508131536.03e968f0@imap.ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Can someone add this to the FAQ please? Done -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From pete at eatathome.com.au Sat May 8 14:44:45 2004 From: pete at eatathome.com.au (Pete) Date: Thu Jan 12 21:25:07 2006 Subject: Julian wins UKUUG Open Source Award for 2004 In-Reply-To: <20040508125523.4019121C2BB@mail.fsl.com> References: <20040508125523.4019121C2BB@mail.fsl.com> Message-ID: <409CE44D.6070703@eatathome.com.au> WOW! Well done and well earned! Julian do you author any other software that is available to the public, that we may have heard of? Do you have a suite of these type of awards? This just another trophy for the cabinet or is this kinda special, better, unique ? Thanks again and GREAT to see you're 'offically' appreciated. Kind regards Pete Stephen Swaney wrote: >I have it from a good source that our favorite developer, Mr. Julian Field >has won the UKUUG Open Source Award for 2004. > >This prize is awarded annually for a significant contribution to free and >open source software. > >The UKUUG - the Unix and Open Systems User Group - is a non-profit >organization and technical forum for the advocacy of open systems, >particularly Unix and Unix-like operating systems, the promotion of free and >open-source software, and the advancement of open programming standards and >networking protocols. > >Mr. Field pockets the well deserved ?500 prize, a free pass (worth about >$1,700) to the Open Source Convention (conferences.oreillynet.com) to be >held 26-30 July in Portland, OR, USA. plus another ?500 to cover his >expenses to the convention. > >Congratulations and well deserved! > >Steve > >Stephen Swaney >President >Fortress Systems Ltd. >Steve.Swaney@FSL.com > > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mustafa at palnet.com Sat May 8 15:55:04 2004 From: mustafa at palnet.com (Mustafa N. Deeb) Date: Thu Jan 12 21:25:08 2006 Subject: Server Configuration for Mail Scanner In-Reply-To: <6.1.0.6.2.20040508131306.03c60728@imap.ecs.soton.ac.uk> Message-ID: <007601c4350c$726926b0$8d00000a@felfel> Hi Could it be OS related, or Mailscanner? The disk for example is active a lot, I always have 200 to 300 messages in incoming Q , according to mailscanner-mrtg, but if I let's say restarted the mailscanner process , immediately 3000 messages will get queued, and it would mailscanner 3-4 hours processing them .. During that, the load jumps to 15, sendmail stops accepting connection. The important question is , Mail scanner, (with clamav and spamassassin, dcc), is it a Memory eater, CPU or IO? Or who comes first? Cheers ~~~~~~~~~~~~~~~~~~~~~~ Mustafa N. Deeb Technical Director Palnet Communications Ltd. Tel: +970-2-2403434 Fax: +970-2-2403430 www.palsms.com www.paltime.net www.palnet.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Saturday, May 08, 2004 2:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Server Configuration for Mail Scanner At 08:42 08/05/2004, you wrote: >I'm running Mailscanner on Dual XEON 2.4, 2 G RA >We receive a minimum of 128k message a day >Load on server ranges between 6 and 10 >Is this typical, or I have a problem in my system, and that's why I have >high load on the server/ A high load when running MailScanner is perfectly normal. It works your server very hard! You should only worry if your incoming mail queue starts to get really big. With 128k messages per day, it might well run with an average of 100-200 messages apparently just sitting in the incoming queue, that's normal too. But if it keeps growing, then your server is not keeping up with the traffic. At that point you should start investigating ways of optimising your setup. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 15:08:02 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:08 2006 Subject: Julian wins UKUUG Open Source Award for 2004 In-Reply-To: <409CE44D.6070703@eatathome.com.au> References: <20040508125523.4019121C2BB@mail.fsl.com> <409CE44D.6070703@eatathome.com.au> Message-ID: <6.1.0.6.2.20040508150153.0dd07ea0@imap.ecs.soton.ac.uk> At 14:44 08/05/2004, you wrote: >WOW! Well done and well earned! > >Julian do you author any other software that is available to the public, >that we may have heard of? I've written one or two little bits of Samba, but that is about it. People in the UK might remember back in the late Eighties when AutoRoute was first released (it was bought out by Microsoft a few years later). I wrote the Atari ST version of Autoroute. >Do you have a suite of these type of awards? No, it's my first one. I never claim to be a programmer, and Occam is the only language I have ever been taught (it was used on Inmos transputer chips many years ago). My degree is in Information Engineering (basically Electronic Engineering plus systems design) and not Computer Science. I'm a systems admin by trade. Totally self-taught. > This just another trophy for the cabinet or is this kinda special, > better, unique ? > >Thanks again and GREAT to see you're 'offically' appreciated. Thankyou for your kind comments, it is much appreciated. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From jrudd at UCSC.EDU Sat May 8 16:31:19 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:08 2006 Subject: [Slightly OT] New Spam Fighting Technique In-Reply-To: <6.1.0.6.2.20040508131105.03b04008@imap.ecs.soton.ac.uk> References: <242663BECAD80B4DAAF2E62788F9691708AAFE83@exhq01.bud.bpa.gov> <6.1.0.6.2.20040508131105.03b04008@imap.ecs.soton.ac.uk> Message-ID: On May 8, 2004, at 5:11 AM, Julian Field wrote: > At 21:32 07/05/2004, you wrote: >> Interesting. I like it; it's too bad it can't be integrated into >> MailScanner, > > MailScanner intentionally does not get involved with the SMTP service. > This > is an SMTP-level trap, so will have to be done by someone else. I just wanted to expand and explain a little. I'm in complete agreement with Julian that it's not really within MailScanner's domain (as MS isn't an SMTP service). That's why the subject has "OT" in it (and "slightly" is because MS does do to anti-spam stuff, and because it's something I thought the sendmail using part of this list might be interested in playing with, and letting the sendmail and communigate pro users on the list know that coming versions of sendmail and communigate pro will support it directly). I wasn't at all trying to imply that it was something MailScanner should do. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miguelk at konsultex.com.br Sat May 8 18:14:36 2004 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:25:08 2006 Subject: Julian wins UKUUG Open Source Award for 2004 In-Reply-To: <20040508125523.4019121C2BB@mail.fsl.com> References: <20040508125523.4019121C2BB@mail.fsl.com> Message-ID: <20040508170718.M30673@konsultex.com.br> First in order are congratulations to Julian. Steve, is there a reference on ukuug or elsewhere that I could link to from our site that features open source solutions we implement? www.solucoes-livres.com.br is about ERP (SqlLedger), elearning (Ilias) and anti-virus solutions (MailScanner and Clam). Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: Stephen Swaney To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sat, 8 May 2004 08:55:23 -0400 Subject: Julian wins UKUUG Open Source Award for 2004 > I have it from a good source that our favorite developer, Mr. Julian Field > has won the UKUUG Open Source Award for 2004. > > This prize is awarded annually for a significant contribution to free and > open source software. > > The UKUUG - the Unix and Open Systems User Group - is a non-profit > organization and technical forum for the advocacy of open systems, > particularly Unix and Unix-like operating systems, the promotion of free and > open-source software, and the advancement of open programming standards and > networking protocols. > > Mr. Field pockets the well deserved ?500 prize, a free pass (worth about > $1,700) to the Open Source Convention (conferences.oreillynet.com) to be > held 26-30 July in Portland, OR, USA. plus another ?500 to cover his > expenses to the convention. > > Congratulations and well deserved! > > Steve > > Stephen Swaney > President > Fortress Systems Ltd. > Steve.Swaney@FSL.com > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Fortress Systems Ltd. > www.fsl.com > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sat May 8 18:42:13 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:08 2006 Subject: Julian wins UKUUG Open Source Award for 2004 In-Reply-To: <20040508170718.M30673@konsultex.com.br> References: <20040508125523.4019121C2BB@mail.fsl.com> <20040508170718.M30673@konsultex.com.br> Message-ID: <6.1.0.6.2.20040508184138.0dcfcda8@imap.ecs.soton.ac.uk> At 18:14 08/05/2004, you wrote: >First in order are congratulations to Julian. > >Steve, is there a reference on ukuug or elsewhere that I could link to >from our site >that features open source solutions we implement? >www.solucoes-livres.com.br is about >ERP (SqlLedger), elearning (Ilias) and anti-virus solutions (MailScanner >and Clam). Hopefully this will appear next week, once they get their press release written. Will let you know (or Steve will). >Miguel > >-- >Konsultex Informatica (http://www.konsultex.com.br) > >---------- Original Message ----------- >From: Stephen Swaney >To: MAILSCANNER@JISCMAIL.AC.UK >Sent: Sat, 8 May 2004 08:55:23 -0400 >Subject: Julian wins UKUUG Open Source Award for 2004 > > > I have it from a good source that our favorite developer, Mr. Julian Field > > has won the UKUUG Open Source Award for 2004. > > > > This prize is awarded annually for a significant contribution to free and > > open source software. > > > > The UKUUG - the Unix and Open Systems User Group - is a non-profit > > organization and technical forum for the advocacy of open systems, > > particularly Unix and Unix-like operating systems, the promotion of > free and > > open-source software, and the advancement of open programming standards and > > networking protocols. > > > > Mr. Field pockets the well deserved ?500 prize, a free pass (worth about > > $1,700) to the Open Source Convention (conferences.oreillynet.com) to be > > held 26-30 July in Portland, OR, USA. plus another ?500 to cover his > > expenses to the convention. > > > > Congratulations and well deserved! > > > > Steve > > > > Stephen Swaney > > President > > Fortress Systems Ltd. > > Steve.Swaney@FSL.com > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > Fortress Systems Ltd. > > www.fsl.com > > > > -------------------------- MailScanner list ---------------------- > > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > > Before posting, please see the Most Asked Questions at > > http://www.mailscanner.biz/maq/ and the archives at > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > -- > > Esta mensagem foi verificada pelo sistema de antiv?rus e > > acredita-se estar livre de perigo. >------- End of Original Message ------- > > >-- >Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Sat May 8 18:51:08 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:25:08 2006 Subject: Uninstall Mailscanner In-Reply-To: <200405061346.i46DkG66027542@mx.sargam.com> Message-ID: <200405081750.i48HoqAH030412@avwall.bladeware.com> rpm -e mailscanner > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sanjay K. Patel > Sent: Thursday, May 06, 2004 8:43 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Uninstall Mailscanner > > How do I uninstall MailScanner? > > SKP > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Sun May 9 07:41:03 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:25:08 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200405090641.i496f3VR007713@seer.ecs.soton.ac.uk> New Guestbook-Entry from Thomas Huntoon Thank you for a wonderful product. I implemented MailScanner 4.29.7-1 (w/SpamAssassin 2.63 and ClamAV 0.70 (Perl implementation)) on our Ensim 3.5.21-10 (Linux RH 7.3) server about a month ago and I have had ZERO customer calls regarding viruses on our network and encouragement to start filtering out the SPAM. (Currently, I only tag the messages and strip harmful HTML.) Even though there are a few minor setup changes I had to make to my Ensim package to make it all play nice, I have had no glitches since implementing the MailScanner solution.



Thank you all for your dedication to great product.



--Thomas Huntoon

UpHi.net, Mountainair, New Mexico, USA From jrudd at UCSC.EDU Sat May 8 22:28:04 2004 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:25:08 2006 Subject: Julian wins UKUUG Open Source Award for 2004 In-Reply-To: <20040508125523.4019121C2BB@mail.fsl.com> References: <20040508125523.4019121C2BB@mail.fsl.com> Message-ID: <972C369C-A136-11D8-8626-003065F939FE@ucsc.edu> On May 8, 2004, at 5:55 AM, Stephen Swaney wrote: > I have it from a good source that our favorite developer, Mr. Julian > Field > has won the UKUUG Open Source Award for 2004. That's great news! Congratulations to Julian. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gib at TMISNET.COM Sat May 8 23:42:15 2004 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:25:08 2006 Subject: MailScanner stops running Message-ID: <6.0.1.1.2.20040509082234.03ffc4a8@mail.tmisnet.com> Hi All. I encountered a problem today which is very strange. My system has been chugging along for quite a while now, and except for the problem with corrupt bayes database every 2 or 3 days it has ran great. This morning when I check I see there are over 10k messages sitting in /var/spool/mqueue.in. I check the logs and can see that MailScanner isn't running. Because of the huge number of mails cued up I turn off spamassassin in MailScanner.conf and restart MailScanner. Within about 15 minutes it had gone through all the messages. Now for the problem. After getting things working again, I check my logs and find this error message as each child process dies and MailScanner tries to restart.. May 8 04:01:11 MailScanner[33191]: MailScanner child dying of old age May 8 04:01:13 MailScanner[73486]: MailScanner E-Mail Virus Scanner version 4.26.8 starting... May 8 04:01:25 MailScanner[73531]: Could not read directory /var/spool/MailScanner/quarantine May 8 04:01:25 MailScanner[73531]: Error in configuration file line 113, directory /var/spool/MailScanner/quarantine for quarantinedir does not exist (or is not readable) Nothing changed on the sever. No configuration files, quarantine directory, etc.. I'm the only one that makes changes to the system. Anyone have any ideas? Thanks gib Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's "Friendly ISP" -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miguelk at konsultex.com.br Sat May 8 23:50:25 2004 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:25:08 2006 Subject: MailScanner stops running In-Reply-To: <6.0.1.1.2.20040509082234.03ffc4a8@mail.tmisnet.com> References: <6.0.1.1.2.20040509082234.03ffc4a8@mail.tmisnet.com> Message-ID: <20040508224839.M27913@konsultex.com.br> Gib; I assume that the directory is really there, right? Maybe you drive is getting some corruption and that's why MS can't access it. I would try to copy a file to it (keeping permissions in mind) to see what happens. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: "Gib Gilbertson Jr." To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sun, 9 May 2004 08:42:15 +1000 Subject: MailScanner stops running > Hi All. > > I encountered a problem today which is very strange. My system has been > chugging along for quite a while now, and except for the problem with > corrupt bayes database every 2 or 3 days it has ran great. This morning > when I check I see there are over 10k messages sitting in /var/spool/mqueue.in. > > I check the logs and can see that MailScanner isn't running. Because of the > huge number of mails cued up I turn off spamassassin in MailScanner.conf > and restart MailScanner. Within about 15 minutes it had gone through all > the messages. > > Now for the problem. After getting things working again, I check my logs > and find this error message as each child process dies and MailScanner > tries to restart.. > > May 8 04:01:11 MailScanner[33191]: MailScanner child dying of old age > May 8 04:01:13 MailScanner[73486]: MailScanner E-Mail Virus Scanner > version 4.26.8 starting... > May 8 04:01:25 MailScanner[73531]: Could not read directory > /var/spool/MailScanner/quarantine > May 8 04:01:25 MailScanner[73531]: Error in configuration file line 113, > directory /var/spool/MailScanner/quarantine for quarantinedir does not > exist (or is not readable) > > Nothing changed on the sever. No configuration files, quarantine directory, > etc.. I'm the only one that makes changes to the system. > > Anyone have any ideas? > > Thanks > > gib > > Gib Gilbertson Jr. > Tierramiga Info Systems > 619-287-8647 Support > http://www.tmisnet.com > San Diego's "Friendly ISP" > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miguelk at konsultex.com.br Sun May 9 00:30:12 2004 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:25:08 2006 Subject: MailScanner stops running In-Reply-To: <6.0.1.1.2.20040509085824.02bdf538@mail.tmisnet.com> References: <6.0.1.1.2.20040509082234.03ffc4a8@mail.tmisnet.com> <20040508224839.M27913@konsultex.com.br> <6.0.1.1.2.20040509085824.02bdf538@mail.tmisnet.com> Message-ID: <20040508232649.M41235@konsultex.com.br> Gib; Ok, so it does not look like a hardware problem. Did you try to copy a file over to the directory? Another idea would be to temporarily change the conf to point to another quarantine directory, just to see what happens. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: "Gib Gilbertson Jr." To: miguelk@konsultex.com.br Sent: Sun, 09 May 2004 09:15:07 +1000 Subject: Re: MailScanner stops running > Hi. > > At 07:50 PM 5/8/2004 -0300, you wrote: > >Gib; > > > >I assume that the directory is really there, right? Maybe you drive is > >getting some > >corruption and that's why MS can't access it. I would try to copy a file to it > >(keeping permissions in mind) to see what happens. > > > >Miguel > > > >-- > >Konsultex Informatica (http://www.konsultex.com.br) > The /var/spool/MailScanner/quarantine directory is on the same partition as > the 10K queued messages, and the log files that were still recording at the > time the error was generated. > > # df > Filesystem 1K-blocks Used Avail Capacity Mounted on > /dev/ar0s1e 4129310 1633555 2165411 43% /var > > This was the output of df at the time of discovering the failure, so the > disk wasn't full, and we are also running mirroring (raid 1) on that drive > which has /home and /var on it. > > gib > > >---------- Original Message ----------- > >From: "Gib Gilbertson Jr." > >To: MAILSCANNER@JISCMAIL.AC.UK > >Sent: Sun, 9 May 2004 08:42:15 +1000 > >Subject: MailScanner stops running > > > > > Hi All. > > > > > > I encountered a problem today which is very strange. My system has been > > > chugging along for quite a while now, and except for the problem with > > > corrupt bayes database every 2 or 3 days it has ran great. This morning > > > when I check I see there are over 10k messages sitting in > > /var/spool/mqueue.in. > > > > > > I check the logs and can see that MailScanner isn't running. Because of the > > > huge number of mails cued up I turn off spamassassin in MailScanner.conf > > > and restart MailScanner. Within about 15 minutes it had gone through all > > > the messages. > > > > > > Now for the problem. After getting things working again, I check my logs > > > and find this error message as each child process dies and MailScanner > > > tries to restart.. > > > > > > May 8 04:01:11 MailScanner[33191]: MailScanner child dying of old age > > > May 8 04:01:13 MailScanner[73486]: MailScanner E-Mail Virus Scanner > > > version 4.26.8 starting... > > > May 8 04:01:25 MailScanner[73531]: Could not read directory > > > /var/spool/MailScanner/quarantine > > > May 8 04:01:25 MailScanner[73531]: Error in configuration file line 113, > > > directory /var/spool/MailScanner/quarantine for quarantinedir does not > > > exist (or is not readable) > > > > > > Nothing changed on the sever. No configuration files, quarantine directory, > > > etc.. I'm the only one that makes changes to the system. > > > > > > Anyone have any ideas? > > > > > > Thanks > > > > > > gib > > > > > Gib Gilbertson Jr. > Tierramiga Info Systems > 619-287-8647 Support > http://www.tmisnet.com > San Diego's "Friendly ISP" > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From gib at TMISNET.COM Sun May 9 01:02:12 2004 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:25:08 2006 Subject: MailScanner stops running In-Reply-To: <20040508232649.M41235@konsultex.com.br> References: <6.0.1.1.2.20040509082234.03ffc4a8@mail.tmisnet.com> <20040508224839.M27913@konsultex.com.br> <6.0.1.1.2.20040509085824.02bdf538@mail.tmisnet.com> <20040508232649.M41235@konsultex.com.br> Message-ID: <6.0.1.1.2.20040509095754.0401be38@mail.tmisnet.com> HI. At 08:30 PM 5/8/2004 -0300, you wrote: >Gib; > >Ok, so it does not look like a hardware problem. Did you try to copy a >file over to >the directory? > >Another idea would be to temporarily change the conf to point to another >quarantine >directory, just to see what happens. Done and no effect. Everything is working fine now.. Very strange glitch. If there was a drive failure, there wouldn't have even been the logs to read. It's working fine now with spamassassin turned back on and I'll just have to keep an eye on it. Thanks >Miguel > >-- >Konsultex Informatica (http://www.konsultex.com.br) > >---------- Original Message ----------- >From: "Gib Gilbertson Jr." >To: miguelk@konsultex.com.br >Sent: Sun, 09 May 2004 09:15:07 +1000 >Subject: Re: MailScanner stops running > > > Hi. > > > > At 07:50 PM 5/8/2004 -0300, you wrote: > > >Gib; > > > > > >I assume that the directory is really there, right? Maybe you drive is > > >getting some > > >corruption and that's why MS can't access it. I would try to copy a > file to it > > >(keeping permissions in mind) to see what happens. > > > > > >Miguel > > > > > >-- > > >Konsultex Informatica (http://www.konsultex.com.br) > > The /var/spool/MailScanner/quarantine directory is on the same > partition as > > the 10K queued messages, and the log files that were still recording at > the > > time the error was generated. > > > > # df > > Filesystem 1K-blocks Used Avail Capacity Mounted on > > /dev/ar0s1e 4129310 1633555 2165411 43% /var > > > > This was the output of df at the time of discovering the failure, so the > > disk wasn't full, and we are also running mirroring (raid 1) on that drive > > which has /home and /var on it. > > > > gib > > > > >---------- Original Message ----------- > > >From: "Gib Gilbertson Jr." > > >To: MAILSCANNER@JISCMAIL.AC.UK > > >Sent: Sun, 9 May 2004 08:42:15 +1000 > > >Subject: MailScanner stops running > > > > > > > Hi All. > > > > > > > > I encountered a problem today which is very strange. My system has been > > > > chugging along for quite a while now, and except for the problem with > > > > corrupt bayes database every 2 or 3 days it has ran great. This morning > > > > when I check I see there are over 10k messages sitting in > > > /var/spool/mqueue.in. > > > > > > > > I check the logs and can see that MailScanner isn't running. > Because of the > > > > huge number of mails cued up I turn off spamassassin in > MailScanner.conf > > > > and restart MailScanner. Within about 15 minutes it had gone > through all > > > > the messages. > > > > > > > > Now for the problem. After getting things working again, I check my > logs > > > > and find this error message as each child process dies and MailScanner > > > > tries to restart.. > > > > > > > > May 8 04:01:11 MailScanner[33191]: MailScanner child dying of old age > > > > May 8 04:01:13 MailScanner[73486]: MailScanner E-Mail Virus Scanner > > > > version 4.26.8 starting... > > > > May 8 04:01:25 MailScanner[73531]: Could not read directory > > > > /var/spool/MailScanner/quarantine > > > > May 8 04:01:25 MailScanner[73531]: Error in configuration file > line 113, > > > > directory /var/spool/MailScanner/quarantine for quarantinedir does not > > > > exist (or is not readable) > > > > > > > > Nothing changed on the sever. No configuration files, quarantine > directory, > > > > etc.. I'm the only one that makes changes to the system. > > > > > > > > Anyone have any ideas? > > > > > > > > Thanks > > > > > > > > gib > > > > > > Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's "Friendly ISP" -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From miguelk at konsultex.com.br Sun May 9 01:22:35 2004 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:25:08 2006 Subject: MailScanner stops running In-Reply-To: <6.0.1.1.2.20040509095754.0401be38@mail.tmisnet.com> References: <6.0.1.1.2.20040509082234.03ffc4a8@mail.tmisnet.com> <20040508224839.M27913@konsultex.com.br> <6.0.1.1.2.20040509085824.02bdf538@mail.tmisnet.com> <20040508232649.M41235@konsultex.com.br> <6.0.1.1.2.20040509095754.0401be38@mail.tmisnet.com> Message-ID: <20040509002111.M23271@konsultex.com.br> Gib; You must pray to the Gods of Informatics, they are very demanding ;-) Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: "Gib Gilbertson Jr." To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sun, 9 May 2004 10:02:12 +1000 Subject: Re: MailScanner stops running > HI. > > At 08:30 PM 5/8/2004 -0300, you wrote: > >Gib; > > > >Ok, so it does not look like a hardware problem. Did you try to copy a > >file over to > >the directory? > > > >Another idea would be to temporarily change the conf to point to another > >quarantine > >directory, just to see what happens. > > Done and no effect. Everything is working fine now.. Very strange glitch. > If there was a drive failure, there wouldn't have even been the logs to read. > > It's working fine now with spamassassin turned back on and I'll just have > to keep an eye on it. > > Thanks > > >Miguel > > > >-- > >Konsultex Informatica (http://www.konsultex.com.br) > > > >---------- Original Message ----------- > >From: "Gib Gilbertson Jr." > >To: miguelk@konsultex.com.br > >Sent: Sun, 09 May 2004 09:15:07 +1000 > >Subject: Re: MailScanner stops running > > > > > Hi. > > > > > > At 07:50 PM 5/8/2004 -0300, you wrote: > > > >Gib; > > > > > > > >I assume that the directory is really there, right? Maybe you drive is > > > >getting some > > > >corruption and that's why MS can't access it. I would try to copy a > > file to it > > > >(keeping permissions in mind) to see what happens. > > > > > > > >Miguel > > > > > > > >-- > > > >Konsultex Informatica (http://www.konsultex.com.br) > > > The /var/spool/MailScanner/quarantine directory is on the same > > partition as > > > the 10K queued messages, and the log files that were still recording at > > the > > > time the error was generated. > > > > > > # df > > > Filesystem 1K-blocks Used Avail Capacity Mounted on > > > /dev/ar0s1e 4129310 1633555 2165411 43% /var > > > > > > This was the output of df at the time of discovering the failure, so the > > > disk wasn't full, and we are also running mirroring (raid 1) on that drive > > > which has /home and /var on it. > > > > > > gib > > > > > > >---------- Original Message ----------- > > > >From: "Gib Gilbertson Jr." > > > >To: MAILSCANNER@JISCMAIL.AC.UK > > > >Sent: Sun, 9 May 2004 08:42:15 +1000 > > > >Subject: MailScanner stops running > > > > > > > > > Hi All. > > > > > > > > > > I encountered a problem today which is very strange. My system has been > > > > > chugging along for quite a while now, and except for the problem with > > > > > corrupt bayes database every 2 or 3 days it has ran great. This morning > > > > > when I check I see there are over 10k messages sitting in > > > > /var/spool/mqueue.in. > > > > > > > > > > I check the logs and can see that MailScanner isn't running. > > Because of the > > > > > huge number of mails cued up I turn off spamassassin in > > MailScanner.conf > > > > > and restart MailScanner. Within about 15 minutes it had gone > > through all > > > > > the messages. > > > > > > > > > > Now for the problem. After getting things working again, I check my > > logs > > > > > and find this error message as each child process dies and MailScanner > > > > > tries to restart.. > > > > > > > > > > May 8 04:01:11 MailScanner[33191]: MailScanner child dying of old age > > > > > May 8 04:01:13 MailScanner[73486]: MailScanner E-Mail Virus Scanner > > > > > version 4.26.8 starting... > > > > > May 8 04:01:25 MailScanner[73531]: Could not read directory > > > > > /var/spool/MailScanner/quarantine > > > > > May 8 04:01:25 MailScanner[73531]: Error in configuration file > > line 113, > > > > > directory /var/spool/MailScanner/quarantine for quarantinedir does not > > > > > exist (or is not readable) > > > > > > > > > > Nothing changed on the sever. No configuration files, quarantine > > directory, > > > > > etc.. I'm the only one that makes changes to the system. > > > > > > > > > > Anyone have any ideas? > > > > > > > > > > Thanks > > > > > > > > > > gib > > > > > > > > > > Gib Gilbertson Jr. > Tierramiga Info Systems > 619-287-8647 Support > http://www.tmisnet.com > San Diego's "Friendly ISP" > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From alex at nkpanama.com Sun May 9 02:07:15 2004 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:25:08 2006 Subject: Julian wins UKUUG Open Source Award for 2004 In-Reply-To: <20040508125523.4019121C2BB@mail.fsl.com> Message-ID: <001501c43561$f99248b0$2065e0c9@cositputer> Kudos to Julian! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Saturday, May 08, 2004 7:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Julian wins UKUUG Open Source Award for 2004 I have it from a good source that our favorite developer, Mr. Julian Field has won the UKUUG Open Source Award for 2004. This prize is awarded annually for a significant contribution to free and open source software. The UKUUG - the Unix and Open Systems User Group - is a non-profit organization and technical forum for the advocacy of open systems, particularly Unix and Unix-like operating systems, the promotion of free and open-source software, and the advancement of open programming standards and networking protocols. Mr. Field pockets the well deserved ?500 prize, a free pass (worth about $1,700) to the Open Source Convention (conferences.oreillynet.com) to be held 26-30 July in Portland, OR, USA. plus another ?500 to cover his expenses to the convention. Congratulations and well deserved! Steve Stephen Swaney President Fortress Systems Ltd. Steve.Swaney@FSL.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Fortress Systems Ltd. www.fsl.com -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3026 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040508/00f1ac4e/smime.bin From idan at SECURENET.CO.IL Sun May 9 18:52:20 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB31@securenetdc.securenet.co.il> Hi All, This is what I see in the maillog file when I configure the MailScanner.conf file to use spamassassin. "Use SpamAssassin = yes" And all the emails are placed in the /var/spool/mqueue.in May 9 20:39:28 exmail01 MailScanner[2732]: SpamAssassin installation could not be found May 9 20:39:37 exmail01 MailScanner[2733]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:39:38 exmail01 MailScanner[2733]: SpamAssassin installation could not be found May 9 20:39:47 exmail01 MailScanner[2734]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:39:48 exmail01 MailScanner[2734]: SpamAssassin installation could not be found May 9 20:39:57 exmail01 MailScanner[2737]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:39:58 exmail01 MailScanner[2737]: SpamAssassin installation could not be found May 9 20:40:08 exmail01 MailScanner[2740]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:40:08 exmail01 MailScanner[2740]: SpamAssassin installation could not be found May 9 20:40:17 exmail01 MailScanner[2777]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:40:18 exmail01 MailScanner[2777]: SpamAssassin installation could not be found May 9 20:40:27 exmail01 MailScanner[2805]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:40:28 exmail01 MailScanner[2805]: SpamAssassin installation could not be found May 9 20:40:38 exmail01 MailScanner[2807]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:40:38 exmail01 MailScanner[2807]: SpamAssassin installation could not be found May 9 20:40:48 exmail01 MailScanner[2808]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:40:48 exmail01 MailScanner[2808]: SpamAssassin installation could not be found May 9 20:40:58 exmail01 MailScanner[2810]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:40:58 exmail01 MailScanner[2810]: SpamAssassin installation could not be found May 9 20:41:08 exmail01 MailScanner[2813]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:41:08 exmail01 MailScanner[2813]: SpamAssassin installation could not be found May 9 20:41:18 exmail01 MailScanner[2814]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:41:18 exmail01 MailScanner[2814]: SpamAssassin installation could not be found May 9 20:41:28 exmail01 MailScanner[2821]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:41:28 exmail01 MailScanner[2821]: SpamAssassin installation could not be found May 9 20:41:38 exmail01 MailScanner[2822]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:41:38 exmail01 MailScanner[2822]: SpamAssassin installation could not be found May 9 20:41:48 exmail01 MailScanner[2823]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:41:48 exmail01 MailScanner[2823]: SpamAssassin installation could not be found May 9 20:41:58 exmail01 MailScanner[2824]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:41:58 exmail01 MailScanner[2824]: SpamAssassin installation could not be found May 9 20:42:08 exmail01 MailScanner[2825]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:42:08 exmail01 MailScanner[2825]: SpamAssassin installation could not be found May 9 20:42:18 exmail01 MailScanner[2827]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:42:18 exmail01 MailScanner[2827]: SpamAssassin installation could not be found May 9 20:42:28 exmail01 MailScanner[2831]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:42:28 exmail01 MailScanner[2831]: SpamAssassin installation could not be found May 9 20:42:38 exmail01 MailScanner[2833]: MailScanner E-Mail Virus Scanner version 4.30.3 starting... May 9 20:42:38 exmail01 MailScanner[2833]: SpamAssassin installation could not be found And when I configure "Use SpamAssassin = no" it takes just 5 seconds until the spool became empty and the spam email also passed to the mailboxes. What are you suggest me to do ? Thanx -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040509/8e7108f0/attachment.html From peter at UCGBOOK.COM Sun May 9 19:12:09 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB31@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB31@securenetdc.securenet.co.il> Message-ID: <409E7479.9020805@ucgbook.com> Idan Plotnik wrote: > May 9 20:42:38 exmail01 MailScanner[2833]: SpamAssassin installation > could not be found You probably installed SA with binary RPMs and the paths got screwed up, if you searched the archives you would have found numerous posts about it. Uninstall that and install it from source, CPAN or SRPM. It will work. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 19:14:35 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB37@securenetdc.securenet.co.il> Can you tell me where I can download the SRPM version from? Thanks a lot !!! -----Original Message----- From: Peter Bonivart [mailto:peter@UCGBOOK.COM] Sent: Sunday, May 09, 2004 8:12 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Idan Plotnik wrote: > May 9 20:42:38 exmail01 MailScanner[2833]: SpamAssassin installation > could not be found You probably installed SA with binary RPMs and the paths got screwed up, if you searched the archives you would have found numerous posts about it. Uninstall that and install it from source, CPAN or SRPM. It will work. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sun May 9 19:17:40 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB37@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB37@securenetdc.securenet.co.il> Message-ID: <409E75C4.3010005@ucgbook.com> Idan Plotnik wrote: > Can you tell me where I can download the SRPM version from? http://eu.spamassassin.org/released/RPMs/ Download spamassassin-2.63-1.src.rpm. Remember to uninstall your binary RPM first (rpm -e xxx) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 19:26:10 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB38@securenetdc.securenet.co.il> Thanks a lot !!! I am going to install it right now !!! By the way... What is spamassassin-tools-2.63-1.i386.rpm ???? Thanks again Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Peter Bonivart [mailto:peter@UCGBOOK.COM] Sent: Sunday, May 09, 2004 8:18 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Idan Plotnik wrote: > Can you tell me where I can download the SRPM version from? http://eu.spamassassin.org/released/RPMs/ Download spamassassin-2.63-1.src.rpm. Remember to uninstall your binary RPM first (rpm -e xxx) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 19:31:27 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB39@securenetdc.securenet.co.il> Do you know the reason ? I am using root !!!!!!! [root@ex01 root]# rpm -i spamassassin-2.63-1.src.rpm warning: spamassassin-2.63-1.src.rpm: V3 DSA signature: NOKEY, key ID e580b363 warning: user felicity does not exist - using root warning: group fame does not exist - using root warning: user felicity does not exist - using root warning: group fame does not exist - using root -----Original Message----- From: Idan Plotnik Sent: Sunday, May 09, 2004 8:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Peter Bonivart [mailto:peter@UCGBOOK.COM] Sent: Sunday, May 09, 2004 8:18 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Idan Plotnik wrote: > Can you tell me where I can download the SRPM version from? http://eu.spamassassin.org/released/RPMs/ Download spamassassin-2.63-1.src.rpm. Remember to uninstall your binary RPM first (rpm -e xxx) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sun May 9 19:32:22 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB38@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB38@securenetdc.securenet.co.il> Message-ID: <409E7936.8010503@ucgbook.com> Idan Plotnik wrote: > Thanks a lot !!! I am going to install it right now !!! > By the way... What is spamassassin-tools-2.63-1.i386.rpm ???? Documents, tests and other stuff you don't need to run SA. Compare it with the devel RPMs. If you don't know what to do with them, you don't need them. ;-) -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sun May 9 19:35:07 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB39@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB39@securenetdc.securenet.co.il> Message-ID: <409E79DB.4050706@ucgbook.com> Idan Plotnik wrote: > > Do you know the reason ? > I am using root !!!!!!! > > [root@ex01 root]# rpm -i spamassassin-2.63-1.src.rpm > warning: spamassassin-2.63-1.src.rpm: V3 DSA signature: NOKEY, key ID > e580b363 > warning: user felicity does not exist - using root > warning: group fame does not exist - using root > warning: user felicity does not exist - using root > warning: group fame does not exist - using root It just means that he who packaged it used those accounts. Don't worry, it falls back to root automatically. Now I have to watch Sweden win the World Hockey Championship! Sweden 1-0 Canada. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From raymond at PROLOCATION.NET Sun May 9 19:36:15 2004 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB39@securenetdc.securenet.co.il> Message-ID: Hi! > Do you know the reason ? > I am using root !!!!!!! > > [root@ex01 root]# rpm -i spamassassin-2.63-1.src.rpm > warning: spamassassin-2.63-1.src.rpm: V3 DSA signature: NOKEY, key ID > e580b363 > warning: user felicity does not exist - using root > warning: group fame does not exist - using root > warning: user felicity does not exist - using root > warning: group fame does not exist - using root You might be ok with typing: perl -MCPAN -e shell install Mail::SpamAssassin That seems a simpeler solution for you. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 19:38:40 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB3A@securenetdc.securenet.co.il> :))) Before you are going to watch Sweden win the World Hockey, but I cant install it !!!!!!! Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Peter Bonivart [mailto:peter@UCGBOOK.COM] Sent: Sunday, May 09, 2004 8:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Idan Plotnik wrote: > > Do you know the reason ? > I am using root !!!!!!! > > [root@ex01 root]# rpm -i spamassassin-2.63-1.src.rpm > warning: spamassassin-2.63-1.src.rpm: V3 DSA signature: NOKEY, key ID > e580b363 > warning: user felicity does not exist - using root > warning: group fame does not exist - using root > warning: user felicity does not exist - using root > warning: group fame does not exist - using root It just means that he who packaged it used those accounts. Don't worry, it falls back to root automatically. Now I have to watch Sweden win the World Hockey Championship! Sweden 1-0 Canada. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 19:40:45 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB3B@securenetdc.securenet.co.il> Hi ! I don't want to use CPAN, thanks ! I have problem with this too :(( :)) -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: Sunday, May 09, 2004 8:36 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Hi! > Do you know the reason ? > I am using root !!!!!!! > > [root@ex01 root]# rpm -i spamassassin-2.63-1.src.rpm > warning: spamassassin-2.63-1.src.rpm: V3 DSA signature: NOKEY, key ID > e580b363 > warning: user felicity does not exist - using root > warning: group fame does not exist - using root > warning: user felicity does not exist - using root > warning: group fame does not exist - using root You might be ok with typing: perl -MCPAN -e shell install Mail::SpamAssassin That seems a simpeler solution for you. Bye, Raymond. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Sun May 9 19:50:23 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB3B@securenetdc.securenet.co.il> Message-ID: <200405091845.i49IjD6C026984@monitor.blacknight.ie> If you are having issues with rpms and CPAN simply download the source tar.gz : http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install Depending on your version of linux and perl you may need to run: export LANG=en_IE or en_US (or whatever) Before running any of the above commands. If you run into problems RTFM, the archives, FAQ and MAQ Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 20:03:30 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB3C@securenetdc.securenet.co.il> I am problematic :)) [root@ex01 Mail-SpamAssassin-2.63]# perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] spam@ex.com Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.05 1. what is pod2man ? 2. where can I download it ? Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 8:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found If you are having issues with rpms and CPAN simply download the source tar.gz : http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install Depending on your version of linux and perl you may need to run: export LANG=en_IE or en_US (or whatever) Before running any of the above commands. If you run into problems RTFM, the archives, FAQ and MAQ Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at CARLO65.DE Mon May 10 07:54:23 2004 From: mailscanner at CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:25:08 2006 Subject: Message body disappears Message-ID: <1084172063.7488.11.camel@home.carlo65.de> Hi all, in the last days the following error message appears very often in my maillog: May 10 08:33:59 home sendmail[8928]: i4A6WuVh008909: SYSERR(root): readqf: cannot open ./dfi4A6WuVh008909: No such file or directory The message itself has "No message collected" as message body, so message body has disappeared. Anybody else with this problem? System: MailScanner 4.30.3-1 Perl 5.8.3 Sendmail 8.12.10 on SuSE Linux 9.1 Regards, Roland -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Sun May 9 20:10:45 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB3C@securenetdc.securenet.co.il> Message-ID: <200405091905.i49J5Z6C012109@monitor.blacknight.ie> Use postmaster as the email address You can get any required perl modules from the CPAN site. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Idan Plotnik Sent: 09 May 2004 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Maillog - MailScanner[2732]: SpamAssassin installation could not be found I am problematic :)) [root@ex01 Mail-SpamAssassin-2.63]# perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] spam@ex.com Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.05 1. what is pod2man ? 2. where can I download it ? Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 8:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found If you are having issues with rpms and CPAN simply download the source tar.gz : http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install Depending on your version of linux and perl you may need to run: export LANG=en_IE or en_US (or whatever) Before running any of the above commands. If you run into problems RTFM, the archives, FAQ and MAQ Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 20:15:33 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB3D@securenetdc.securenet.co.il> This is not the issue here, the pod2man is missing here, how can I solve this problem ? -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 9:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Use postmaster as the email address You can get any required perl modules from the CPAN site. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Idan Plotnik Sent: 09 May 2004 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Maillog - MailScanner[2732]: SpamAssassin installation could not be found I am problematic :)) [root@ex01 Mail-SpamAssassin-2.63]# perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] spam@ex.com Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.05 1. what is pod2man ? 2. where can I download it ? Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 8:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found If you are having issues with rpms and CPAN simply download the source tar.gz : http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install Depending on your version of linux and perl you may need to run: export LANG=en_IE or en_US (or whatever) Before running any of the above commands. If you run into problems RTFM, the archives, FAQ and MAQ Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 20:29:17 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB3F@securenetdc.securenet.co.il> I found the problem !!!! echo $LANG en_US.UTF-8 export LANG=en_US And everything is working just fine -----Original Message----- From: Idan Plotnik Sent: Sunday, May 09, 2004 9:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found This is not the issue here, the pod2man is missing here, how can I solve this problem ? -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 9:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Use postmaster as the email address You can get any required perl modules from the CPAN site. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Idan Plotnik Sent: 09 May 2004 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Maillog - MailScanner[2732]: SpamAssassin installation could not be found I am problematic :)) [root@ex01 Mail-SpamAssassin-2.63]# perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] spam@ex.com Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.05 1. what is pod2man ? 2. where can I download it ? Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 8:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found If you are having issues with rpms and CPAN simply download the source tar.gz : http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install Depending on your version of linux and perl you may need to run: export LANG=en_IE or en_US (or whatever) Before running any of the above commands. If you run into problems RTFM, the archives, FAQ and MAQ Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dbird at SGHMS.AC.UK Sun May 9 20:28:17 2004 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB3D@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB3D@securenetdc.securenet.co.il> Message-ID: <409E8651.9030501@sghms.ac.uk> Idan Plotnik wrote: >This is not the issue here, the pod2man is missing here, how can I solve >this problem ? > > http://wiki.apache.org/spamassassin/Pod2ManRedHat > > >-----Original Message----- >From: Michele Neylon :: Blacknight Solutions >[mailto:michele@BLACKNIGHTSOLUTIONS.COM] >Sent: Sunday, May 09, 2004 9:11 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation >could not be found > >Use postmaster as the email address >You can get any required perl modules from the CPAN site. > > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >http://www.blacknight.ie/ >Tel. +353 59 9137101 > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Idan Plotnik >Sent: 09 May 2004 20:04 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] Maillog - MailScanner[2732]: SpamAssassin >installation could not be found > >I am problematic :)) > >[root@ex01 Mail-SpamAssassin-2.63]# perl Makefile.PL What email address >or URL should be used in the suspected-spam report text for users who >want more information on your filter installation? >(In particular, ISPs should change this to a local Postmaster contact) >default text: [the administrator of that system] spam@ex.com > >Checking if your kit is complete... >Looks good > >Warning: I could not locate your pod2man program. Please make sure, > your pod2man program is in your PATH before you execute 'make' > >Writing Makefile for Mail::SpamAssassin >Makefile written by ExtUtils::MakeMaker 6.05 > >1. what is pod2man ? >2. where can I download it ? > > >Regards, > >Idan Plotnik >SecureNet Ltd, Israel >E-Mail: idan@securenet.co.il >Office: +972-03-7544626 >Mobile: +972-54-4545515 >We Certify Secured Networks > > >-----Original Message----- >From: Michele Neylon :: Blacknight Solutions >[mailto:michele@BLACKNIGHTSOLUTIONS.COM] >Sent: Sunday, May 09, 2004 8:50 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation >could not be found > >If you are having issues with rpms and CPAN simply download the source >tar.gz : >http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz > >tar -zxvf Mail-SpamAssassin-2.63.tar.gz >cd Mail-SpamAssassin-2.63 >perl Makefile.PL >make >make test >make install > >Depending on your version of linux and perl you may need to run: >export LANG=en_IE or en_US (or whatever) > >Before running any of the above commands. >If you run into problems RTFM, the archives, FAQ and MAQ > >Michele > > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >http://www.blacknight.ie/ >Tel. +353 59 9137101 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Computing Services Homepage: http://www.intranet.sghms.ac.uk/depts/is/cu/ The Computing Services Handbook: http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf Everything is possible....except skiing through a revolving door. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 20:42:36 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB40@securenetdc.securenet.co.il> Fuck fuck fcuk :(((((((( I have doen this !!! And everting was working fine!!!!!! tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install BUT!!!!!!!!!!!! I don't have service !!! What the fuck is going on here ? -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 9:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Use postmaster as the email address You can get any required perl modules from the CPAN site. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Idan Plotnik Sent: 09 May 2004 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Maillog - MailScanner[2732]: SpamAssassin installation could not be found I am problematic :)) [root@ex01 Mail-SpamAssassin-2.63]# perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] spam@ex.com Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.05 1. what is pod2man ? 2. where can I download it ? Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 8:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found If you are having issues with rpms and CPAN simply download the source tar.gz : http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install Depending on your version of linux and perl you may need to run: export LANG=en_IE or en_US (or whatever) Before running any of the above commands. If you run into problems RTFM, the archives, FAQ and MAQ Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 20:56:28 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> Everyone went to sleep ???? :( -----Original Message----- From: Idan Plotnik Sent: Sunday, May 09, 2004 9:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Fuck fuck fcuk :(((((((( I have doen this !!! And everting was working fine!!!!!! tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install BUT!!!!!!!!!!!! I don't have service !!! What the fuck is going on here ? -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 9:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Use postmaster as the email address You can get any required perl modules from the CPAN site. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Idan Plotnik Sent: 09 May 2004 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Maillog - MailScanner[2732]: SpamAssassin installation could not be found I am problematic :)) [root@ex01 Mail-SpamAssassin-2.63]# perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] spam@ex.com Checking if your kit is complete... Looks good Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.05 1. what is pod2man ? 2. where can I download it ? Regards, Idan Plotnik SecureNet Ltd, Israel E-Mail: idan@securenet.co.il Office: +972-03-7544626 Mobile: +972-54-4545515 We Certify Secured Networks -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 8:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found If you are having issues with rpms and CPAN simply download the source tar.gz : http://eu.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install Depending on your version of linux and perl you may need to run: export LANG=en_IE or en_US (or whatever) Before running any of the above commands. If you run into problems RTFM, the archives, FAQ and MAQ Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From peter at UCGBOOK.COM Sun May 9 21:00:58 2004 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> Message-ID: <409E8DFA.9090506@ucgbook.com> Idan Plotnik wrote: > Everyone went to sleep ???? :( Maybe they got offended by your language? At least I did. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 21:03:51 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB42@securenetdc.securenet.co.il> Why ?????????????????? What did I said ??????? Noooo!!!!!!!!!! Tell me what I do wrong ?????? -----Original Message----- From: Peter Bonivart [mailto:peter@UCGBOOK.COM] Sent: Sunday, May 09, 2004 10:01 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Idan Plotnik wrote: > Everyone went to sleep ???? :( Maybe they got offended by your language? At least I did. -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From clive at SERENDIPITA.COM Sun May 9 21:09:01 2004 From: clive at SERENDIPITA.COM (Clive Eisen) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> Message-ID: <409E8FDC.7010504@serendipita.com> Nope - everyone got bored with someone who won't help themselves What do you mean 'I don't have service' Give us error messages or whatever leads you to that belief Oh and stop swearing Idan Plotnik wrote: >Everyone went to sleep ???? :( > >-----Original Message----- >From: Idan Plotnik >Sent: Sunday, May 09, 2004 9:43 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation >could not be found > >Fuck fuck fcuk :(((((((( > >I have doen this !!! And everting was working fine!!!!!! > >tar -zxvf Mail-SpamAssassin-2.63.tar.gz >cd Mail-SpamAssassin-2.63 >perl Makefile.PL >make >make test >make install > >BUT!!!!!!!!!!!! I don't have service !!! What the fuck is going on here >? > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 21:15:00 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB43@securenetdc.securenet.co.il> I make these steps : tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl Makefile.PL make make test make install And after I finished I wrote : "Service spamassassin status" and no such service. I looked in /etc/init.d and in /etc/rc3.d and I didn't see him there. I need to copy him from somewhere ? Manually ? Thanx -----Original Message----- From: Clive Eisen [mailto:clive@SERENDIPITA.COM] Sent: Sunday, May 09, 2004 10:09 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Nope - everyone got bored with someone who won't help themselves What do you mean 'I don't have service' Give us error messages or whatever leads you to that belief Oh and stop swearing Idan Plotnik wrote: >Everyone went to sleep ???? :( > >-----Original Message----- >From: Idan Plotnik >Sent: Sunday, May 09, 2004 9:43 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation >could not be found > >Fuck fuck fcuk :(((((((( > >I have doen this !!! And everting was working fine!!!!!! > >tar -zxvf Mail-SpamAssassin-2.63.tar.gz cd Mail-SpamAssassin-2.63 perl >Makefile.PL make make test make install > >BUT!!!!!!!!!!!! I don't have service !!! What the fuck is going on here >? > > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Sun May 9 21:15:04 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB42@securenetdc.securenet.co.il> Message-ID: <200405092009.i49K9s6C004339@monitor.blacknight.ie> Idan You have already received more than enough guidance to installing spam assassin. If you are still having issues I would recommend that you re-read all the documentation and use Google, as nobody can help you more than they have already. Also, as Peter pointed out, your use of language could be at best described as inappropriate, at worst offensive. I would recommend you read http://www.catb.org/~esr/faqs/smart-questions.html before posting again. Michele Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Sun May 9 21:06:11 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> Message-ID: Idan Plotnik wrote: > Everyone went to sleep ???? :( calm down... we do have a life too. > > -----Original Message----- > From: Idan Plotnik > Sent: Sunday, May 09, 2004 9:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation > could not be found > > Fuck fuck fcuk :(((((((( Please use a decent language. Ban this 4 letter word from your language , at least when posting on a public list. > > I have doen this !!! And everting was working fine!!!!!! > > tar -zxvf Mail-SpamAssassin-2.63.tar.gz > cd Mail-SpamAssassin-2.63 > perl Makefile.PL > make > make test > make install > > BUT!!!!!!!!!!!! I don't have service !!! What the fuck is going on here > ? what did you do to know that you don't have the service? Please read the MAQ before posting. http://www.mailscanner.biz/maq/ > > > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From shrek-m at GMX.DE Sun May 9 21:16:03 2004 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <409E8FDC.7010504@serendipita.com> References: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> <409E8FDC.7010504@serendipita.com> Message-ID: <409E9183.1040205@gmx.de> Clive Eisen wrote: > Nope - everyone got bored with someone who won't help themselves > > What do you mean 'I don't have service' perhaps # rpm -qf `which service` initscripts-7.42.2-1 under redhat / fedora > Give us error messages or whatever leads you to that belief > > Oh and stop swearing and posting every few minutes every little question before searching the list-archives or googling -- shrek-m -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Sun May 9 21:20:41 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB43@securenetdc.securenet.co.il> Message-ID: <200405092015.i49KFU6C009322@monitor.blacknight.ie> Idan RTFM when finished RTFM again And stop posting until you have repeated the above steps often enough to realise that your question is completely irrelevant. You DO NOT need a service for spam assassin. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From idan at SECURENET.CO.IL Sun May 9 21:25:37 2004 From: idan at SECURENET.CO.IL (Idan Plotnik) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Message-ID: <38531FBA30509D418523F41CC6E981D827EB44@securenetdc.securenet.co.il> But when I install the spamassassin with the RPM I had a service. You don't need to be angry!! Thanks a lot for your help. -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] Sent: Sunday, May 09, 2004 10:21 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found Idan RTFM when finished RTFM again And stop posting until you have repeated the above steps often enough to realise that your question is completely irrelevant. You DO NOT need a service for spam assassin. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mike at CAMAROSS.NET Sun May 9 21:28:09 2004 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB41@securenetdc.securenet.co.il> Message-ID: <200405092027.i49KRqAH023848@avwall.bladeware.com> I don't think you have ANY business running a machine exposed to the internet. You have NO idea what you are doing. You're an exploit waiting to happen. You should REALLY practice on a machine on a protected network and read, read, read! > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Idan Plotnik > Sent: Sunday, May 09, 2004 2:56 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Maillog - MailScanner[2732]: SpamAssassin > installation could not be found > > Everyone went to sleep ???? :( > > -----Original Message----- > From: Idan Plotnik > Sent: Sunday, May 09, 2004 9:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Maillog - MailScanner[2732]: SpamAssassin > installation could not be found > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From michele at BLACKNIGHTSOLUTIONS.COM Sun May 9 21:30:49 2004 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB44@securenetdc.securenet.co.il> Message-ID: <200405092025.i49KPd6C018094@monitor.blacknight.ie> Idan Unless you can help yourself do not expect any of us to help you. Go back and read the documentation, FAQ and MAQ. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dbird at SGHMS.AC.UK Sun May 9 21:34:12 2004 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:25:08 2006 Subject: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB44@securenetdc.securenet.co.il> References: <38531FBA30509D418523F41CC6E981D827EB44@securenetdc.securenet.co.il> Message-ID: <409E95C4.6000906@sghms.ac.uk> Idan Plotnik wrote: >But when I install the spamassassin with the RPM I had a service. > > MailScanner doesn't use the "spam assassin service" i.e spamd. It calls SpamAssassin directly so you don't need to worry about it. Just make sure you have it installed correctly from source (read the README and INSTALL files in the SA tar ball on how to test SA) and enable SA in MailScanner.conf. That should be all you need to do, But, I strongly suggest you read the MailScanner FAQ & MAQ before you go any further. >You don't need to be angry!! > > Less swearing will help to stop that happening again. >Thanks a lot for your help. > > Nice try :-) > > >-----Original Message----- >From: Michele Neylon :: Blacknight Solutions >[mailto:michele@BLACKNIGHTSOLUTIONS.COM] >Sent: Sunday, May 09, 2004 10:21 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Maillog - MailScanner[2732]: SpamAssassin installation >could not be found > >Idan > >RTFM when finished RTFM again >And stop posting until you have repeated the above steps often enough to >realise that your question is completely irrelevant. >You DO NOT need a service for spam assassin. > > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >http://www.blacknight.ie/ >Tel. +353 59 9137101 > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html > > > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Computing Services Homepage: http://www.intranet.sghms.ac.uk/depts/is/cu/ The Computing Services Handbook: http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf Everything is possible....except skiing through a revolving door. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Mon May 10 08:37:59 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:08 2006 Subject: Message body disappears Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0020199F8@pascal.priv.bmrb.co.uk> Roland Ehle wrote: > Hi all, > > in the last days the following error message appears very often in my > maillog: > > May 10 08:33:59 home sendmail[8928]: i4A6WuVh008909: SYSERR(root): > readqf: cannot open ./dfi4A6WuVh008909: No such file or directory > > The message itself has "No message collected" as message body, so > message body has disappeared. > > Anybody else with this problem? I saw this once, a very long time ago, it happens because something else removes the queue file before sendmail gets it. When I saw it it was due to sendmail and mailscanner competing to deliver from the incoming queue. This happened (in my case) because the incoming sendmail was accepting ETRN commands - this has since been fixed in the init scripts shipped with MailScanner, but if you are using your own init script you should check that you have disabled ETRN. You could also grep your maillog for ETRN as I think it usually logs when an ETRN command is issued. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 10 08:45:02 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:08 2006 Subject: Final Warning: Re: Maillog - MailScanner[2732]: SpamAssassin installation could not be found In-Reply-To: <38531FBA30509D418523F41CC6E981D827EB40@securenetdc.securen et.co.il> References: <38531FBA30509D418523F41CC6E981D827EB40@securenetdc.securenet.co.il> Message-ID: <6.0.1.1.2.20040510084345.0395cf78@imap.ecs.soton.ac.uk> One more incident of language anything like this and you will be off this list. Do you understand? At 20:42 09/05/2004, you wrote: >Fuck fuck fcuk :(((((((( > >I have doen this !!! And everting was working fine!!!!!! > >tar -zxvf Mail-SpamAssassin-2.63.tar.gz >cd Mail-SpamAssassin-2.63 >perl Makefile.PL >make >make test >make install > >BUT!!!!!!!!!!!! I don't have service !!! What the fuck is going on here >? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at BARENDSE.TO Mon May 10 09:53:33 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:25:08 2006 Subject: omission in languages.conf Message-ID: I think the lines for MCP reports are missing in languages.conf: May 10 10:49:15 ook MailScanner[7609]: Looked up unknown string mcpwhitelisted in language translation file /etc/MailScanner/reports/en/languages.conf -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Q.G.Campbell at NEWCASTLE.AC.UK Mon May 10 11:26:05 2004 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:25:08 2006 Subject: FW: Risks Digest 23.36 - auto-blacklists/whitelists Message-ID: <4165CF7A7F12DE4B96622CCBB905864766D3A8@largo.campus.ncl.ac.uk> This is indirectly relevant to MailScanner. If you are interested in the risks posed by challenge-response anti-spam methods when coupled with auto-blacklisting then the following short RISKS article will be of interest. The message is about the dangers of auto blacklists. It makes the point that, in contrast, auto-whitelisting does not suffer the same problems. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." -----Original Message----- >RISKS-LIST: Risks-Forum Digest Friday 7 May 2004 Volume 23 : Issue 36 >Date: Thu, 06 May 2004 12:49:28 -0700 (PDT) >From: Drew Dean >Subject: Auto-Blacklisting is a bad idea > >I recently received a challenge from someone's challenge-response spam >filter. Alas, I had not sent the original message. Unfortunately, said >challenge-response system warned that it was going to automatically >blacklist my e-mail address if I didn't respond. But I didn't want to >respond, because the original message was either malware (most probably, see >below) or spam. > >Milgram's famous "six degrees of separation" turns out to make >auto-blacklisting a really bad idea: many types of e-mail-based malware >propagate via random choices from the victim's address book. As it's an >awfully small world, there's a good chance that someone knows two people >with common interests, who may not have exchanged e-mail before. (Lots of >people seem to have my old e-mail address in their address books, even though >I've never heard from them, or sent them mail, other than indirectly via a >mailing list (or USENET posting).) > >If auto-blacklisting challenge-responses systems become the norm, there will >be interesting risks related to the combination of forged mail, and >auto-blacklists: what happens if you follow the challenge-response protocol >to avoid being on someone's blacklist (the only obvious option), and said >person (e.g., your research sponsor) receives a highly inappropriate piece >of mail nominally from you? Other denial of service attacks are also >possible: seed your competitors (auto-)blacklists with the e-mail addresses >of your (mutual) funding agency. I'm sure the clever will have even more >ideas about risks here. > >Auto-whitelisting, by contrast, has none of these problems. > >Drew Dean, Computer Science Laboratory, SRI International -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From ugob at CAMO-ROUTE.COM Mon May 10 12:10:15 2004 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:25:08 2006 Subject: omission in languages.conf In-Reply-To: References: Message-ID: Remco Barendse wrote: > I think the lines for MCP reports are missing in languages.conf: > > May 10 10:49:15 ook MailScanner[7609]: Looked up unknown string > mcpwhitelisted in language translation file /etc/MailScanner/reports/en/languages.conf This is usually caused by .rpmnew files in your reports directory. > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at BARENDSE.TO Mon May 10 12:59:26 2004 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:25:08 2006 Subject: omission in languages.conf In-Reply-To: References: Message-ID: I installed from a tarball :) The box is running Gentoo and it was a virgin install of 4.30-1 On Mon, 10 May 2004, Ugo Bellavance wrote: > Remco Barendse wrote: > > I think the lines for MCP reports are missing in languages.conf: > > > > May 10 10:49:15 ook MailScanner[7609]: Looked up unknown string > > mcpwhitelisted in language translation file /etc/MailScanner/reports/en/languages.conf > > This is usually caused by .rpmnew files in your reports directory. > > > > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 10 13:21:48 2004 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:25:08 2006 Subject: NOTIFY-New Guestbook Entry Message-ID: <200405101221.i4ACLmNg019495@seer.ecs.soton.ac.uk> New Guestbook-Entry from Anastacia Reinhart http://www.angeltowns.com/members/fall1illness

People Are Getting Sick around you?

Your employees tell you they\'\'re Sick and not gonna come to Work?

How to deal with Fall-time Sickness , All of this Here From Denis.Beauchemin at USHERBROOKE.CA Mon May 10 14:01:07 2004 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:25:08 2006 Subject: Julian wins UKUUG Open Source Award for 2004 In-Reply-To: <20040508125523.4019121C2BB@mail.fsl.com> References: <20040508125523.4019121C2BB@mail.fsl.com> Message-ID: <409F7D13.4020102@USherbrooke.ca> Bravo! We're so lucky to have you around!!! Denis Stephen Swaney wrote: >I have it from a good source that our favorite developer, Mr. Julian Field >has won the UKUUG Open Source Award for 2004. > >This prize is awarded annually for a significant contribution to free and >open source software. > >The UKUUG - the Unix and Open Systems User Group - is a non-profit >organization and technical forum for the advocacy of open systems, >particularly Unix and Unix-like operating systems, the promotion of free and >open-source software, and the advancement of open programming standards and >networking protocols. > >Mr. Field pockets the well deserved ?500 prize, a free pass (worth about >$1,700) to the Open Source Convention (conferences.oreillynet.com) to be >held 26-30 July in Portland, OR, USA. plus another ?500 to cover his >expenses to the convention. > >Congratulations and well deserved! > >Steve > >Stephen Swaney >President >Fortress Systems Ltd. >Steve.Swaney@FSL.com > > > > > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Mon May 10 14:37:12 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:25:08 2006 Subject: Message body disappears References: <1084172063.7488.11.camel@home.carlo65.de> Message-ID: Yeah mine's been doing that every once and a while recently too. I've got Mail Scanner version: Version 4.30.3-2. I figured it had something to do with either sendmail or mail scanner deleting it before processing it or something I don't know. Anyways, just saying I've had this problem too. -- Nathan Peters ----- Original Message ----- From: "Roland Ehle" To: Sent: Monday, May 10, 2004 1:54 AM Subject: Message body disappears > Hi all, > > in the last days the following error message appears very often in my > maillog: > > May 10 08:33:59 home sendmail[8928]: i4A6WuVh008909: SYSERR(root): > readqf: cannot open ./dfi4A6WuVh008909: No such file or directory > > The message itself has "No message collected" as message body, so > message body has disappeared. > > Anybody else with this problem? > > System: > MailScanner 4.30.3-1 > Perl 5.8.3 > Sendmail 8.12.10 > on SuSE Linux 9.1 > > Regards, > Roland > > -------------------------- MailScanner list ---------------------- > To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk > Before posting, please see the Most Asked Questions at > http://www.mailscanner.biz/maq/ and the archives at > http://www.jiscmail.ac.uk/lists/mailscanner.html > -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Mon May 10 14:51:18 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:09 2006 Subject: Message body disappears Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D2E@pascal.priv.bmrb.co.uk> NateDog wrote: > Yeah mine's been doing that every once and a while recently too. > I've got Mail Scanner version: Version 4.30.3-2. I figured it had > something to do with either sendmail or mail scanner deleting it > before processing it or something I don't know. Anyways, just saying > I've had this problem too. On a hunch... could you try running the following commands and post the output... sendmail -bt -d0.10 < /dev/null | head grep "Lock Type" /etc/MailScanner/MailScanner.conf BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Mon May 10 15:02:05 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:25:09 2006 Subject: Message body disappears References: <5C0296D26910694BB9A9BBFC577E7AB001649D2E@pascal.priv.bmrb.co.uk> Message-ID: > On a hunch... could you try running the following commands and post the output... > sendmail -bt -d0.10 < /dev/null | head Version 8.12.10 Compiled with: DNSMAP EGD LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV HASWAITPID IDENTPROTO IP_SRCROUTE NEEDSGETIPNODE > grep "Lock Type" /etc/MailScanner/MailScanner.conf #Lock Type = flock Hmmm. Wait a sec. Does that mean it's commented out? And what exactly is that command for sendmail telling us? Thanks for your help. -- Nathan Peters ----- Original Message ----- From: "Spicer, Kevin" To: Sent: Monday, May 10, 2004 8:51 AM Subject: Re: Message body disappears NateDog wrote: > Yeah mine's been doing that every once and a while recently too. > I've got Mail Scanner version: Version 4.30.3-2. I figured it had > something to do with either sendmail or mail scanner deleting it > before processing it or something I don't know. Anyways, just saying > I've had this problem too. On a hunch... could you try running the following commands and post the output... sendmail -bt -d0.10 < /dev/null | head grep "Lock Type" /etc/MailScanner/MailScanner.conf BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Mon May 10 15:09:18 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:09 2006 Subject: Message body disappears Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D2F@pascal.priv.bmrb.co.uk> NateDog wrote: >> On a hunch... could you try running the following commands > and post the > output... >> sendmail -bt -d0.10 < /dev/null | head > > Version 8.12.10 > Compiled with: DNSMAP EGD LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER > MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX > NEWDB NIS > NISPLUS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS > USERDB USE_LDAP_INIT > OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD > HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE > HASRANDOM HASRRESVPORT HASSETREGID HASSETREUID > HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV > HASSTRERROR HASUNAME HASUNSETENV HASWAITPID > IDENTPROTO IP_SRCROUTE NEEDSGETIPNODE > >> grep "Lock Type" /etc/MailScanner/MailScanner.conf > > #Lock Type = flock > > > Hmmm. Wait a sec. Does that mean it's commented out? And what > exactly is that command for sendmail telling us? It should be commented out. What I was looking for in the sendmail line was HASFLOCK (probably worth double checking that its not there by # sendmail -bt -d0.10 < /dev/null | grep HASFLOCK Assuming HASFLOCK isn't there then your sendmail hasn't been compiled to support flock locking. If that is the case then you should set Lock Type = posix in MailScanner.conf (note that line should not be commented!) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lists at TRCINTL.COM Mon May 10 15:00:39 2004 From: lists at TRCINTL.COM (Kyle Harris) Date: Thu Jan 12 21:25:09 2006 Subject: BitDefender not logging "Updated" Message-ID: I have noticed that on one of my MailScanner machines (v 4.30.3) running BitDefender, I never get an entry in the log file stating "BitDefender updated" as I do with other virus scanners (or at least ClamAV and eTrust). At first I thought it just wasn't updating, but after having a look at the signature files for BitDefender, it appears that it is updating. It's just not writing a line in the log file stating it was updated? I do, however get the line that says the auto-updater "Found bitdefender installed" and the line that says "Running autoupdate for bitdefender". Any ideas? - Kyle H. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From mailscanner at ecs.soton.ac.uk Mon May 10 15:11:10 2004 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:25:09 2006 Subject: BitDefender not logging "Updated" In-Reply-To: References: Message-ID: <6.1.0.6.2.20040510151047.078ad970@imap.ecs.soton.ac.uk> At 15:00 10/05/2004, you wrote: >I have noticed that on one of my MailScanner machines (v 4.30.3) running >BitDefender, I never get an entry in the log file stating "BitDefender >updated" as I do with other virus scanners (or at least ClamAV and >eTrust). At first I thought it just wasn't updating, but after having a >look at the signature files for BitDefender, it appears that it is >updating. It's just not writing a line in the log file stating it was >updated? > >I do, however get the line that says the auto-updater "Found bitdefender >installed" and the line that says "Running autoupdate for bitdefender". > >Any ideas? Check you don't have a bitdefender-autoupdate.rpmnew sitting there. If you have, rename it over the top of the old one. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Mon May 10 15:20:47 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:25:09 2006 Subject: Message body disappears References: <5C0296D26910694BB9A9BBFC577E7AB001649D2F@pascal.priv.bmrb.co.uk> Message-ID: > sendmail -bt -d0.10 < /dev/null | grep HASFLOCK > If that is the case then you should set Lock Type = posix I thought posix was seperate from sendmail....like a different mail server or something? Anyways I'm gonna try that and see what happens. Thanks again. -- Nathan Peters That command comes back empty so it's not compiled with it or whatever correct? ----- Original Message ----- From: "Spicer, Kevin" To: Sent: Monday, May 10, 2004 9:09 AM Subject: Re: Message body disappears NateDog wrote: >> On a hunch... could you try running the following commands > and post the > output... >> sendmail -bt -d0.10 < /dev/null | head > > Version 8.12.10 > Compiled with: DNSMAP EGD LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER > MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX > NEWDB NIS > NISPLUS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS > USERDB USE_LDAP_INIT > OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD > HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE > HASRANDOM HASRRESVPORT HASSETREGID HASSETREUID > HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV > HASSTRERROR HASUNAME HASUNSETENV HASWAITPID > IDENTPROTO IP_SRCROUTE NEEDSGETIPNODE > >> grep "Lock Type" /etc/MailScanner/MailScanner.conf > > #Lock Type = flock > > > Hmmm. Wait a sec. Does that mean it's commented out? And what > exactly is that command for sendmail telling us? It should be commented out. What I was looking for in the sendmail line was HASFLOCK (probably worth double checking that its not there by # sendmail -bt -d0.10 < /dev/null | grep HASFLOCK Assuming HASFLOCK isn't there then your sendmail hasn't been compiled to support flock locking. If that is the case then you should set Lock Type = posix in MailScanner.conf (note that line should not be commented!) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From dh at UPTIME.AT Mon May 10 15:23:17 2004 From: dh at UPTIME.AT (=?UTF-8?B?RGF2aWQgSMO2aG4=?=) Date: Thu Jan 12 21:25:09 2006 Subject: Bitfender, some statements? Message-ID: <409F9055.60000@uptime.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello. I am pondering adding Bitfender as a third virus catcher, along with Sophos and ClamAV to slowly phase out sophos use. Any good/bad news on Bitfender? Your experiences? - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAn5BVPMoaMn4kKR4RA7YNAJ9wUPgBq9QylWZtP2D/rOrQ5eVojQCgkrq3 zYtW+TmYnseUQ5ZjvdPV15U= =Pztb -----END PGP SIGNATURE----- -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Mon May 10 15:29:50 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:25:09 2006 Subject: Message body disappears References: <5C0296D26910694BB9A9BBFC577E7AB001649D2F@pascal.priv.bmrb.co.uk> Message-ID: Now I'm getting this: MailScanner[10195]: Using locktype = posix MailScanner[10197]: Creating hardcoded struct_flock subroutine for linux (Linux-type) That alright? -- Nathan Peters ----- Original Message ----- From: "Spicer, Kevin" To: Sent: Monday, May 10, 2004 9:09 AM Subject: Re: Message body disappears NateDog wrote: >> On a hunch... could you try running the following commands > and post the > output... >> sendmail -bt -d0.10 < /dev/null | head > > Version 8.12.10 > Compiled with: DNSMAP EGD LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER > MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX > NEWDB NIS > NISPLUS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS > USERDB USE_LDAP_INIT > OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD > HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE > HASRANDOM HASRRESVPORT HASSETREGID HASSETREUID > HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV > HASSTRERROR HASUNAME HASUNSETENV HASWAITPID > IDENTPROTO IP_SRCROUTE NEEDSGETIPNODE > >> grep "Lock Type" /etc/MailScanner/MailScanner.conf > > #Lock Type = flock > > > Hmmm. Wait a sec. Does that mean it's commented out? And what > exactly is that command for sendmail telling us? It should be commented out. What I was looking for in the sendmail line was HASFLOCK (probably worth double checking that its not there by # sendmail -bt -d0.10 < /dev/null | grep HASFLOCK Assuming HASFLOCK isn't there then your sendmail hasn't been compiled to support flock locking. If that is the case then you should set Lock Type = posix in MailScanner.conf (note that line should not be commented!) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From Kevin.Spicer at BMRB.CO.UK Mon May 10 15:48:38 2004 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:25:09 2006 Subject: Message body disappears Message-ID: <5C0296D26910694BB9A9BBFC577E7AB001649D30@pascal.priv.bmrb.co.uk> NateDog wrote: > Now I'm getting this: > > MailScanner[10195]: Using locktype = posix > MailScanner[10197]: Creating hardcoded struct_flock subroutine for > linux (Linux-type) > > That alright? As I haven't done this for a long time I can't remember - but it looks like its probably okay. The thing to watch is that mail is getting processed and delivered okay. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From lists at TRCINTL.COM Mon May 10 15:35:17 2004 From: lists at TRCINTL.COM (Kyle Harris) Date: Thu Jan 12 21:25:09 2006 Subject: BitDefender not logging "Updated" Message-ID: On Mon, 10 May 2004 15:11:10 +0100, Julian Field wrote: >At 15:00 10/05/2004, you wrote: >>I have noticed that on one of my MailScanner machines (v 4.30.3) running >>BitDefender, I never get an entry in the log file stating "BitDefender >>updated" as I do with other virus scanners (or at least ClamAV and >>eTrust). At first I thought it just wasn't updating, but after having a >>look at the signature files for BitDefender, it appears that it is >>updating. It's just not writing a line in the log file stating it was >>updated? >> >>I do, however get the line that says the auto-updater "Found bitdefender >>installed" and the line that says "Running autoupdate for bitdefender". >> >>Any ideas? > >Check you don't have a bitdefender-autoupdate.rpmnew sitting there. If you >have, rename it over the top of the old one. >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Nope, no such puppy found! - Kyle H. > >-------------------------- MailScanner list ---------------------- >To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk >Before posting, please see the Most Asked Questions at >http://www.mailscanner.biz/maq/ and the archives at >http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From natedog550 at HOTMAIL.COM Mon May 10 15:54:17 2004 From: natedog550 at HOTMAIL.COM (NateDog) Date: Thu Jan 12 21:25:09 2006 Subject: Message body disappears References: <5C0296D26910694BB9A9BBFC577E7AB001649D30@pascal.priv.bmrb.co.uk> Message-ID: Yep mail is being delivered just fine! Thanks for your help Kevin! -- Nathan Peters ----- Original Message ----- From: "Spicer, Kevin" To: Sent: Monday, May 10, 2004 9:48 AM Subject: Re: Message body disappears NateDog wrote: > Now I'm getting this: > > MailScanner[10195]: Using locktype = posix > MailScanner[10197]: Creating hardcoded struct_flock subroutine for > linux (Linux-type) > > That alright? As I haven't done this for a long time I can't remember - but it looks like its probably okay. The thing to watch is that mail is getting processed and delivered okay. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From martin_foster at pacific.net.au Mon May 10 16:08:53 2004 From: martin_foster at pacific.net.au (Martin Foster) Date: Thu Jan 12 21:25:09 2006 Subject: MailScanner 4.30.3, bug with LDAP RuleSet processing? Message-ID: <1084201733.27508.32.camel@inshallah.pacific.net.au> Hello List, This is probably a bug, but could also be an issue with my LDAP schema for MailScanner. As no schema was published for MailScanner, I constructed a schema based on the information found in MailScanner/Config.pm. This shema is attached for cross-referencing, along with .ldif's to use the schema, and a basic MailScanner.conf used for testing. Before patching, behaviour with an LDAP ruleset was unpredictable. A bit of debugging showed that only the last entry was being loaded into Store1Rule(), compared to all rules as seen with a filename based ruleset. More digging showed the following issue, where the construction of the foreach loop only allows it to hit the last seen entry: ----------------------------------------------------------------------- --- MailScanner/Config.pm.orig Tue May 11 00:40:12 2004 +++ MailScanner/Config.pm Tue May 11 00:42:23 2004 @@ -1910,7 +1910,7 @@ } $RuleScalars{$keyword} = []; # Delete any old inherited rulesets - foreach $rulenum ($#ruleset) { + foreach $rulenum (0..$#ruleset) { #($error, $default) = Store1Rule($ruleset[$rulenum], $rulesfilename, ($error, $default) = Store1Rule($ruleset[$rulenum], $keyword, $rulenum, $rulesettype, ----------------------------------------------------------------------- So, it _looks_ like a bug, and applying this patch does make LDAP rules behave properly, but there could be some greater architectural thing that I'm missing here w.r.t. LDAP configuration. The bug would appear to be present in all stable versions between 4.25.14 and 4.30.3. Comments from the list? [ Also cc'ed to mailscanner@ecs.soton.ac.uk ] -- Martin Foster Phone: +61 3 9674 7659 Systems Engineer P A C I F I C Fax: +61 3 9698 4959 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1608 4325 http://www.pacific.net.au/ NASDAQ: PCNTF -------------- next part -------------- A non-text attachment was scrubbed... Name: Config.pm.diff Type: text/x-patch Size: 491 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040511/cf4347c8/Config.pm.bin -------------- next part -------------- # OID arcs for MailScanner ########################################################################### # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ########################################################################### # These OID's are very experimental, and are most probably different to # the OID's used by mailscanner.info and fsl.com. # # Since the official schema has not been released, this file was created to # test MailScanner configuration via LDAP. # # (C) 2004, Pacific Internet, Australia. # author: Martin Foster, martin_foster@pacific.net.au # Inspired by schema.sendmail.v2, as released by Sendmail.org # # Note that: # (1) the enterprise number is faked. Will consider placing it under # 10725 (Pacific Internet, Singapore) if the official schema is not # to be released from fsl.com (17968) or other appropriate entity. # (2) the attributes were selected by reading the Mailscanner Config.pm # Tested with verwion 4.30.3, and untested with earlier or later # versions of MailScanner. # (3) other than (1), this probably violates other aspects of RFC 2252 # (4) comments welcome # enterprise: 1.3.6.1.4.1 # fake-ldap: enterprise.30000.1 # mailscannerconf-at: fake.1.1 # mailscannerconf-oc: fake.1.2 # # fake-ldap: enterprise.30000.1 # mailscannerrule-at: fake.2.1 # mailscannerrule-oc: fake.2.2 # # fake-ldap: enterprise.30000.1 # mailscannerfile-at: fake.3.1 # mailscannerfile-oc: fake.3.2 ########################################################################### # # [conf] MailScanner configuration attributes and objectClass # ########################################################################### # attribute mailScannerSite attributetype ( 1.3.6.1.4.1.30000.1.1.1.1 NAME 'mailScannerSite' DESC 'site name associated with a set of MailScanner systems' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # attribute ConfSerialNumber # note: seems to be stored in a string attributetype ( 1.3.6.1.4.1.30000.1.1.1.2 NAME 'ConfSerialNumber' DESC 'mailscanner configuration serial number' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) ## attribute Description #attributetype ( 1.3.6.1.4.1.30000.1.1.1.3 # NAME 'Description' # DESC 'mailscanner configuration description' # EQUALITY caseIgnoreIA5Match # SUBSTR caseIgnoreIA5SubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # attribute mailScannerConfBranch # note: hardwired to 'main' in 4.30.3 attributetype ( 1.3.6.1.4.1.30000.1.1.1.4 NAME 'mailScannerConfBranch' DESC 'mailscanner configuration branch name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # attribute mschildren # note: hardwired to 'main' in 4.30.3 attributetype ( 1.3.6.1.4.1.30000.1.1.1.5 NAME 'mschildren' DESC 'mailscanner max number of children' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) #objectClass mailscannerconfmain # requires # objectClass # allows # mailScannerSite # Description objectclass ( 1.3.6.1.4.1.30000.1.1.2.1 NAME 'mailscannerconfmain' SUP top STRUCTURAL DESC 'MailScanner configuration, FAKE ENTERPRISE NUMBER' MAY ( mailScannerSite $ ConfSerialNumber $ mailScannerConfBranch $ mschildren $ Description ) ) ########################################################################### # # [rule] MailScanner rule attributes and objectClass # ########################################################################### # attribute mailscannerRuleSetName attributetype ( 1.3.6.1.4.1.30000.1.2.1.1 NAME 'mailscannerRuleSetName' DESC 'mailscanner ruleset name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE ) # attribute mailScannerRuleSetNum attributetype ( 1.3.6.1.4.1.30000.1.2.1.2 NAME 'mailScannerRuleSetNum' DESC 'ruleset number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # attribute mailScannerRuleSetDirection (To|From|FromOrTo) attributetype ( 1.3.6.1.4.1.30000.1.2.1.3 NAME 'mailScannerRuleSetDirection' DESC 'ruleset direction' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} ) # attribute mailScannerRuleSetMatch attributetype ( 1.3.6.1.4.1.30000.1.2.1.4 NAME 'mailScannerRuleSetMatch' DESC 'ruleset match regex' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # attribute mailScannerRuleSetResult attributetype ( 1.3.6.1.4.1.30000.1.2.1.5 NAME 'mailScannerRuleSetResult' DESC 'ruleset match result' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) #objectClass mailscannerRuleSetObject # requires # objectClass # allows # mailScannerSite # mailScannerRuleSetName # mailScannerRuleSetNum # mailScannerRuleSetDirection # mailScannerRuleSetMatch # mailScannerRuleSetResult # Description objectclass ( 1.3.6.1.4.1.30000.1.2.2.1 NAME 'mailscannerRuleSetObject' SUP top STRUCTURAL DESC 'MailScanner ruleset, FAKE ENTERPRISE NUMBER' MAY ( mailScannerSite $ mailscannerRuleSetName $ mailScannerRuleSetNum $ mailScannerRuleSetDirection $ mailScannerRuleSetMatch $ mailScannerRuleSetResult $ Description ) ) ########################################################################### # # [file] MailScanner file ruleset attributes and objectClass # ########################################################################### # attribute mailscannerFileRuleName attributetype ( 1.3.6.1.4.1.30000.1.3.1.1 NAME 'mailscannerFileRuleName' DESC 'file rule name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE ) # attribute mailScannerFileRuleNum attributetype ( 1.3.6.1.4.1.30000.1.3.1.2 NAME 'mailScannerFileRuleNum' DESC 'file rule number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # attribute mailScannerFileRuleAction (To|From|FromOrTo) attributetype ( 1.3.6.1.4.1.30000.1.3.1.3 NAME 'mailScannerFileRuleAction' DESC 'file rule Action' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} ) # attribute mailScannerFileRuleMatch attributetype ( 1.3.6.1.4.1.30000.1.3.1.4 NAME 'mailScannerFileRuleMatch' DESC 'file rule match regex' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # attribute mailScannerFileRuleLog attributetype ( 1.3.6.1.4.1.30000.1.3.1.5 NAME 'mailScannerFileRuleLog' DESC 'file rule match logging' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # attribute mailScannerFileRuleReport attributetype ( 1.3.6.1.4.1.30000.1.3.1.6 NAME 'mailScannerFileRuleReport' DESC 'file rule match reporting' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) #objectClass mailscannerfileruleObject # requires # objectClass # allows # mailScannerSite # mailScannerRuleSetName # Description objectclass ( 1.3.6.1.4.1.30000.1.3.2.1 NAME 'mailscannerfileruleObject' SUP top STRUCTURAL DESC 'MailScanner file ruleset, FAKE ENTERPRISE NUMBER' MAY ( mailScannerSite $ mailscannerFileRuleName $ mailScannerFileRuleNum $ mailScannerFileRuleAction $ mailScannerFileRuleMatch $ mailScannerFileRuleLog $ mailScannerFileRuleReport $ Description ) ) -------------- next part -------------- # mailscanner virusscan rules entry # note: mailScannerRuleSetName is the lower case, no spaces, version of a MailScanner.conf entry # in this case, 'Virus Scanning' dn: mailScannerRuleSetName=virusscan,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: virusscan dn: mailScannerRuleSetNum=1,mailScannerRuleSetName=virusscan,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: virusscan mailScannerRuleSetNum: 1 mailScannerRuleSetDirection: To mailScannerRuleSetMatch: testuser mailScannerRuleSetResult: no dn: mailScannerRuleSetNum=2,mailScannerRuleSetName=virusscan,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: virusscan mailScannerRuleSetNum: 2 mailScannerRuleSetDirection: To mailScannerRuleSetMatch: testuser mailScannerRuleSetResult: no dn: mailScannerRuleSetNum=3,mailScannerRuleSetName=virusscan,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: virusscan mailScannerRuleSetNum: 3 mailScannerRuleSetDirection: FromOrTo mailScannerRuleSetMatch: default mailScannerRuleSetResult: yes -------------- next part -------------- # mailscanner usespamassassin rules entry # note: mailScannerRuleSetName is the lower case, no spaces, version of a MailScanner.conf entry # in this case, 'Virus Scanning' dn: mailScannerRuleSetName=usespamassassin,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: usespamassassin -------------- next part -------------- # mailscanner usespamassassin rules entry # note: mailScannerRuleSetName is the lower case, no spaces, version of a MailScanner.conf entry # in this case, 'Use SpamAssassin' dn: mailScannerRuleSetNum=1,mailScannerRuleSetName=usespamassassin,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: usespamassassin mailScannerRuleSetNum: 1 mailScannerRuleSetDirection: To mailScannerRuleSetMatch: /testuser/ mailScannerRuleSetResult: no dn: mailScannerRuleSetNum=2,mailScannerRuleSetName=usespamassassin,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: usespamassassin mailScannerRuleSetNum: 2 mailScannerRuleSetDirection: To mailScannerRuleSetMatch: /testdude/ mailScannerRuleSetResult: yes dn: mailScannerRuleSetNum=3,mailScannerRuleSetName=usespamassassin,ou=mailscanner,ou=services,dc=ldaptest,dc=pacific,dc=net,dc=au objectClass: mailscannerRuleSetObject mailScannerRuleSetName: usespamassassin mailScannerRuleSetNum: 3 mailScannerRuleSetDirection: FromOrTo mailScannerRuleSetMatch: default mailScannerRuleSetResult: yes -------------- next part -------------- # Main configuration file for the MailScanner E-Mail Virus Scanner # # It's good practice to check through configuration files to make sure # they fit with your system and your needs, whatever you expect them to # contain. # # Note: If your directories are symlinked (soft-linked) in any way, # please put their *real* location in here, not a path that # includes any links. You may get some very strange error # messages from some of the virus scanners if you don't. # # Note for Version 4.00 and above: # A lot of the settings can take a ruleset as well as just simple # values. These rulesets are files containing rules which are applied # to the current message to calculate the value of the configuration # option. The rules are checked in the order they appear in the ruleset. # # Note for Version 4.03 and above: # As well as rulesets, you can now include your own functions in # here. Look at the directory containing Config.pm and you will find # CustomConfig.pm. In here, you can add your own "value" function and # an Initvalue function to set up any global state you need such as # database connections. Then for a setting below, you can put: # Configuration Option = &ValueFunction # where "ValueFunction" is the name of the function you have # written in CustomConfig.pm. # # # Definition of variables which are substituted into definitions below # # Set the directory containing all the reports in the required language %report-dir% = /etc/MailScanner/reports/en # Configuration directory containing this file %etc-dir% = /etc/MailScanner # Rulesets directory containing your ".rules" files %rules-dir% = /etc/MailScanner/rules # Enter a short identifying name for your organisation below, this is # used to make the X-MailScanner headers unique for your organisation. # Multiple servers within one site should use an identical value here # to avoid adding multiple redundant headers where mail has passed # through several servers within your organisation. # RULE: It must not contain any spaces! # Note: Some Symantec scanners complain (incorrectly) about "." # ***** characters appearing in the names of headers. # # Note: This change has to be reflected in the 'bayes_ignore_header' # options in /etc/MailScanner/spam.assassin.prefs.conf, %org-name% = mailstore1-test # # System settings # --------------- # # How many MailScanner processes do you want to run at a time? # There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic. # If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure. # If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB. # # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 1 # User to run as (not normally used for sendmail) # If you want to change the ownership or permissions of the quarantine or # temporary files created by MailScanner, please see the "Incoming Work" # settings later in this file. #Run As User = mail #Run As User = postfix Run As User = root # Group to run as (not normally used for sendmail) #Run As Group = mail #Run As Group = postfix Run As Group = smmsp # How often (in seconds) should each process check the incoming mail # queue for new messages? If you have a quiet mail server, you might # want to increase this value so it causes less load on your server, at # the cost of slightly increasing the time taken for an average message # to be processed. Queue Scan Interval = 5 # Set location of incoming mail queue # # This can be any one of # 1. A directory name # Example: /var/spool/exim4_incoming/input # 2. A wildcard giving directory names # Example: /var/spool/mqueue.in/* # 3. The name of a file containing a list of directory names, # which can in turn contain wildcards. # Example: /etc/MailScanner/mqueue.in.list.conf # Incoming Queue Dir = /var/spool/mqueue.in # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/mqueue.out # Set where to unpack incoming messages before scanning them # This can completely safely use tmpfs or a ramdisk, which will # give you a significant performance improvement. # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset. Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id number so you can stop MailScanner PID file = /var/run/MailScanner/MailScanner.pid # To avoid resource leaks, re-start periodically Restart Every = 14400 # Set whether to use postfix, sendmail, exim or zmailer. # If you are using postfix, then see the "SpamAssassin User State Dir" # setting near the end of this file MTA = sendmail # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. Sendmail = /usr/lib/sendmail # Sendmail2 is provided for Exim users. # It is the command used to attempt delivery of outgoing cleaned/disinfected # messages. # This is not usually required for sendmail. # This can also be the filename of a ruleset. #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim4_outgoing.conf #For sendmail users: Sendmail2 = /usr/lib/sendmail #Sendmail2 = /usr/sbin/exim -C /etc/exim/exim4_outgoing.conf #Sendmail2 = /usr/lib/sendmail # # Incoming Work Dir Settings # -------------------------- # # You should not normally need to touch these settings at all, # unless you are using ClamAV and need to be able to use the # external archive unpackers instead of ClamAV's built-in ones. # If you want to create the temporary working files so they are owned # by a user other than the "Run As User" setting at the top of this file, # you can change that here. # Note: If the "Run As User" is not "root" then you cannot change the # user but may still be able to change the group, if the # "Run As User" is a member of both of the groups "Run As Group" # and "Incoming Work Group". Incoming Work User = Incoming Work Group = # If you want processes running under the same *group* as MailScanner to # be able to read the working files (and list what is in the # directories, of course), set to 0640. If you want *all* other users to # be able to read them, set to 0644. For a detailed description, if # you're not already familiar with it, refer to `man 2 chmod`. # Typical use: external helper programs of virus scanners (notably ClamAV), # like unpackers. # Use with care, you may well open security holes. Incoming Work Permissions = 0600 # # Quarantine and Archive Settings # ------------------------------- # # If, for example, you are using a web interface so that users can manage # their quarantined files, you might want to change the ownership and # permissions of the quarantined so that they can be read and/or deleted # by the web server. # Don't touch this unless you know what you are doing! # If you want to create the quarantine/archive so the files are owned # by a user other than the "Run As User" setting at the top of this file, # you can change that here. # Note: If the "Run As User" is not "root" then you cannot change the # user but may still be able to change the group, if the # "Run As User" is a member of both of the groups "Run As Group" # and "Quarantine Group". Quarantine User = Quarantine Group = # If you want processes running under the same *group* as MailScanner to # be able to read the quarantined files (and list what is in the # directories, of course), set to 0640. If you want *all* other users to # be able to read them, set to 0644. For a detailed description, if # you're not already familiar with it, refer to `man 2 chmod`. # Typical use: let the webserver have access to the files so users can # download them if they really want to. # Use with care, you may well open security holes. Quarantine Permissions = 0600 # # Processing Incoming Mail # ------------------------ # # In every batch of virus-scanning, limit the maximum # a) number of unscanned messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of unscanned messages to deliver # d) total size of potentially infected messages to unpack and scan Max Unscanned Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 # If more messages are found in the queue than this, then switch to an # "accelerated" mode of processing messages. This will cause it to stop # scanning messages in strict date order, but in the order it finds them # in the queue. If your queue is bigger than this size a lot of the time, # then some messages could be greatly delayed. So treat this option as # "in emergency only". Max Normal Queue Size = 800 # The maximum number of attachments allowed in a message before it is # considered to be an error. Some email systems, if bouncing a message # between 2 addresses repeatedly, add information about each bounce as # an attachment, creating a message with thousands of attachments in just # a few minutes. This can slow down or even stop MailScanner as it uses # all available memory to unpack these thousands of attachments. # This can also be the filename of a ruleset. Maximum Attachments Per Message = 200 # Expand TNEF attachments using an external program (or a Perl module)? # This should be "yes" unless the scanner you are using (Sophos, McAfee) has # the facility built-in. However, if you set it to "no", then the filenames # within the TNEF attachment will not be checked against the filename rules. Expand TNEF = yes # Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway? # Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this. # We are working on a replacement for the TNEF decoder. # This can also be the filename of a ruleset. Deliver Unparsable TNEF = no # Where the MS-TNEF expander is installed. # This is EITHER the full command (including maxsize option) that runs # the external TNEF expander binary, # OR the keyword "internal" which will make MailScanner use the Perl # module that does the same job. # They are both provided as I am unsure which one is faster and which # one is capable of expanding more file formats (there are plenty!). # # The --maxsize option limits the maximum size that any expanded attachment # may be. It helps protect against Denial Of Service attacks in TNEF files. #TNEF Expander = internal # This can also be the filename of a ruleset. TNEF Expander = /usr/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. # (in seconds) TNEF Timeout = 120 # Where the "file" command is installed. # This is used for checking the content type of files, regardless of their # filename. # To disable Filetype checking, set this value to blank. File Command = #/usr/bin/file # The maximum length of time the "file" command is allowed to run for 1 # batch of messages (in seconds) File Timeout = 20 # The maximum size, in bytes, of any message including the headers. # If this is set to zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # dialup users so their email applications don't time out downloading huge # messages. Maximum Message Size = 0 # The maximum size, in bytes, of any attachment in a message. # If this is set to zero, effectively no attachments are allowed. # If this is set less than zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # large mailing lists so they don't get deluged by large attachments. Maximum Attachment Size = -1 # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. Maximum Archive Depth = 2 # Find zip archives by filename or by file contents? # Finding them by content is a far more reliable way of finding them, but # it does mean that you cannot tell your users to avoid zip file checking # by renaming the file from ".zip" to "_zip" and tricks like that. # Only set this to no (i.e. check by filename only) if you don't want to # reliably check the contents of zip files. Note this does not affect # virus checking, but it will affect all the other checks done on the contents # of the zip file. # This can also be the filename of a ruleset. Find Archives By Content = yes # # Virus Scanning and Vulnerability Testing # ---------------------------------------- # # Do you want to scan email for viruses? # A few people don't have a virus scanner licence and so want to disable # all the virus scanning. # NOTE: This switch actually switches on/off all processing of the email # messages. If you just want to switch off actual virus scanning, # then set "Virus Scanners = none" instead. # # If you want to be able to switch scanning on/off for different users or # different domains, set this to the filename of a ruleset. # This can also be the filename of a ruleset. Virus Scanning = customize.RuleSet #Virus Scanning = %rules-dir%/virusscan.rules #Virus Scanning = yes # Which Virus Scanning package to use: # sophos from www.sophos.com, or # sophossavi (also from www.sophos.com, using the SAVI perl module), or # mcafee from www.mcafee.com, or # command from www.command.co.uk, or # bitdefender from www.bitdefender.com, or # drweb from www.dials.ru/english/dsav_toolkit/drwebunix.htm, or # kaspersky-4.5 from www.kaspersky.com, or # kaspersky from www.kaspersky.com, or # kavdaemonclient from www.kaspersky.com, or # etrust from http://www3.ca.com/Solutions/Product.asp?ID=156, or # inoculate from www.cai.com/products/inoculateit.htm, or # inoculan from ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z, or # nod32 from www.nod32.com, or # nod32-1.99 from www.nod32.com, or # f-secure from www.f-secure.com, or # f-prot from www.f-prot.com, or # panda from www.pandasoftware.com, or # rav from www.ravantivirus.com, or # antivir from www.antivir.de, or # clamav from www.clamav.net, or # clamavmodule (also from www.clamav.net using the ClamAV perl module), or # trend from www.trendmicro.com, or # norman from www.norman.de, or # css from www.symantec.com, or # avg from www.grisoft.com, or # none (no virus scanning at all) # # Note for McAfee users: do not use any symlinks with McAfee at all. It is # very strange but may not detect all viruses when # started from a symlink or scanning a directory path # including symlinks. # # Note: If you want to use multiple virus scanners, then this should be a # space-separated list of virus scanners. For example: # Virus Scanners = sophos f-prot mcafee # # Note: Make sure that you check that the base installation directory in the # 3rd column of virus.scanners.conf matches the location you have # installed each of your virus scanners. The supplied # virus.scanners.conf file assumes the default installation locations # recommended by each of the virus scanner installation guides. # Virus Scanners = clamav # The maximum length of time the commercial virus scanner is allowed to run # for 1 batch of messages (in seconds). Virus Scanner Timeout = 300 # Should I attempt to disinfect infected attachments and then deliver # the clean ones. "Disinfection" involves removing viruses from files # (such as removing macro viruses from documents). "Cleaning" is the # replacement of infected attachments with "VirusWarning.txt" text # attachments. # Less than 1% of viruses in the wild can be successfully disinfected, # as macro viruses are now a rare occurrence. So the default has been # changed to "no" as it gives a significant performance improvement. # # This can also be the filename of a ruleset. Deliver Disinfected Files = no # Strings listed here will be searched for in the output of the virus scanners. # It is used to list which viruses should be handled differently from other # viruses. If a virus name is given here, then # 1) The sender will not be warned that he sent it # 2) No attempt at true disinfection will take place # (but it will still be "cleaned" by removing the nasty attachments # from the message) # 3) The recipient will not receive the message, # unless the "Still Deliver Silent Viruses" option is set # Other words that can be put in this list are the 5 special keywords # HTML-IFrame : inserting this will stop senders being warned about # HTML Iframe tags, when they are not allowed. # HTML-Codebase : inserting this will stop senders being warned about # HTML Object Codebase/Data tags, when they are not allowed. # HTML-Form : inserting this will stop senders being warned about # HTML Form tags, when they are not allowed. # Zip-Password : inserting this will stop senders being warned about # password-protected zip files, when they are not allowed. # This keyword is not needed if you include All-Viruses. # All-Viruses : inserting this will stop senders being warned about # any virus, while still allowing you to warn senders # about HTML-based attacks. This includes Zip-Password # so you don't need to include both. # # The default of "All-Viruses" means that no senders of viruses will be # notified (as the sender address is always forged these days anyway), # but anyone who sends a message that is blocked for other reasons will # still be notified. # # This can also be the filename of a ruleset. Silent Viruses = HTML-IFrame All-Viruses # Still deliver (after cleaning) messages that contained viruses listed # in the above option ("Silent Viruses") to the recipient? # Setting this to "yes" is good when you are testing everything, and # because it shows management that MailScanner is protecting them, # but it is bad because they have to filter/delete all the incoming virus # warnings. # # Note: Once you have deployed this into "production" use, you should set # Note: this option to "no" so you don't bombard thousands of people with # Note: useless messages they don't want! # # This can also be the filename of a ruleset. Still Deliver Silent Viruses = yes # Strings listed here will be searched for in the output of the virus scanners. # It works to achieve the opposite effect of the "Silent Viruses" listed above. # If a string here is found in the output of the virus scanners, then the # message will be treated as if it were not infected with a "Silent Virus". # If a message is detected as both a silent virus and a non-forging virus, # then the ___non-forging status will override the silent status.___ # In simple terms, you should list virus names (or parts of them) that you # know do *not* forge the From address. # A good example of this is a document macro virus or a Joke program. # Another word that can be put in this list is the special keyword # Zip-Password : inserting this will cause senders to be warned about # password-protected zip files, when they are not allowed. # This will over-ride the All-Viruses setting in the list # of "Silent Viruses" above. # Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ # Should encrypted messages be blocked? # This is useful if you are wary about your users sending encrypted # messages to your competition. # This can be a ruleset so you can block encrypted message to certain domains. Block Encrypted Messages = no # Should unencrypted messages be blocked? # This could be used to ensure all your users send messages outside your # company encrypted to avoid snooping of mail to your business partners. # This can be a ruleset so you can just check mail to certain users/domains. Block Unencrypted Messages = no # Should archives which contain any password-protected files be allowed? # Leaving this set to "no" is a good way of protecting against all the # protected zip files used by viruses at the moment. # This can also be the filename of a ruleset. Allow Password-Protected Archives = no # # Options specific to Sophos Anti-Virus # ------------------------------------- # # Anything on the next line that appears in brackets at the end of a line # of output from Sophos will cause the error/infection to be ignored. # Use of this option is dangerous, and should only be used if you are having # trouble with lots of corrupt PDF files, for example. # If you need to specify more than 1 string to find in the error message, # then put each string in quotes and separate them with a comma. # For example: #Allowed Sophos Error Messages = "corrupt", "format not supported" Allowed Sophos Error Messages = # The directory (or a link to it) containing all the Sophos *.ide files. # This is only used by the "sophossavi" virus scanner, and is irrelevant # for all other scanners. Sophos IDE Dir = /usr/local/Sophos/ide # The directory (or a link to it) containing all the Sophos *.so libraries. # This is only used by the "sophossavi" virus scanner, and is irrelevant # for all other scanners. Sophos Lib Dir = /usr/local/Sophos/lib # SophosSAVI only: monitor each of these files for changes in size to # detect when a Sophos update has happened. The date of the Sophos Lib Dir # is also monitored. # This is only used by the "sophossavi" virus scanner, not the "sophos" # scanner setting. Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip # # Options specific to ClamAV Anti-Virus # ------------------------------------- # # ClamAVModule only: monitor each of these files for changes in size to # detect when a ClamAV update has happened. # This is only used by the "clamavmodule" virus scanner, not the "clamav" # scanner setting. Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd # # Removing/Logging dangerous or potentially offensive content # ----------------------------------------------------------- # # Do you want to allow partial messages, which only contain a fraction of # the attachments, not the whole thing? There is absolutely no way to # scan these "partial messages" properly for viruses, as MailScanner never # sees all of the attachment at the same time. Enabling this option can # allow viruses through. You have been warned. # This can also be the filename of a ruleset so you can, for example, allow # them in outgoing mail but not in incoming mail. Allow Partial Messages = no # Do you want to allow messages whose body is stored somewhere else on the # internet, which is downloaded separately by the user's email package? # There is no way to guarantee that the file fetched by the user's email # package is free from viruses, as MailScanner never sees it. # This feature is dangerous as it can allow viruses to be fetched from # other Internet sites by a user's email package. The user would just # think it was a normal email attachment and would have been scanned by # MailScanner. # It is only currently supported by Netscape 6 anyway, and the only people # who it are the IETF. So I would strongly advise leaving this switched off. # This can also be the filename of a ruleset. Allow External Message Bodies = no # Do you want to allow